RE: Cisco IOS Exploit Cover Up

The video *might* be available on the Washington Post later today.


  "Michael Lynn's "The Holy Grail: Cisco Shellcode and Remote Execution"
  presentation blew the doors off of Caesar's Palace Today with a full
  shell code exec capabilities for nearly ANY Cisco vulnerability. If
  your organization hasn't updated any Cisco IOS-based devices lately,
  the devices may be under someone else's control.

  The story from Michael Lynn proceed like this: He discovered clues
  that there was an issue being exploited when reading translated
  Chinese hacker sites that alluded to the issue. It was likely
  discovered after the theft of the Cisco Source code in May 2004
  which was itself part of a larger series of intrusions. Upon further
  research leading to the development of working proo-of-concept code,
  he and his former employer ISS notified Cisco. Cisco patched the
  issue silently in April but never issued an advisory as to the
  seriousness of the issue. Cisco has since pulled all older, vulnerable
  versions of IOS from it's web site. After discovering that ISS was
  allow Lynn to present on the issue, Cisco CEO John Chambers attempted
  to censor the issue. When ISS stood it's ground, John Chambers
  requested that the US Government intervene as a matter of national
  security to no apparent avail.

  The popular press is starting to pick up on the issue now and I hear
  rumour that Michael's presentation MIGHT be made available in video
  via the Washington Post web site tomorrow."