The video *might* be available on the Washington Post later today.
"Michael Lynn's "The Holy Grail: Cisco Shellcode and Remote Execution"
presentation blew the doors off of Caesar's Palace Today with a full
shell code exec capabilities for nearly ANY Cisco vulnerability. If
your organization hasn't updated any Cisco IOS-based devices lately,
the devices may be under someone else's control.
The story from Michael Lynn proceed like this: He discovered clues
that there was an issue being exploited when reading translated
Chinese hacker sites that alluded to the issue. It was likely
discovered after the theft of the Cisco Source code in May 2004
which was itself part of a larger series of intrusions. Upon further
research leading to the development of working proo-of-concept code,
he and his former employer ISS notified Cisco. Cisco patched the
issue silently in April but never issued an advisory as to the
seriousness of the issue. Cisco has since pulled all older, vulnerable
versions of IOS from it's web site. After discovering that ISS was
allow Lynn to present on the issue, Cisco CEO John Chambers attempted
to censor the issue. When ISS stood it's ground, John Chambers
requested that the US Government intervene as a matter of national
security to no apparent avail.
The popular press is starting to pick up on the issue now and I hear
rumour that Michael's presentation MIGHT be made available in video
via the Washington Post web site tomorrow."