Re: Cisco cover up

From: James Baldwin (no email)
Date: Wed Jul 27 2005 - 16:56:01 EDT

  • Next message: Olsen, Jason: "RE: Cisco cover up"

    On Jul 27, 2005, at 4:48 PM, J. Oquendo wrote:

    > On Wed, 27 Jul 2005, Dan Hollis wrote:
    >> This is looking like a complete PR disaster for cisco. They would
    >> have
    >> been better off allowing the talk to take place, and actually
    >> fixing the
    >> holes rather than wasting money on a small army of razorblade-
    >> equipped
    >> censors.
    > Complete PR disaster? Maybe they're still working on the fix and
    > didn't
    > want those on the blackhat scene to have a glimpse of how they
    > intended on
    > fixing things. I wonder if this has exploit_foo_bar has anything to do
    > with their code being stolen earlier this year was it, or late last
    > year.
    > Maybe for the geeks in you, it may be a PR disaster, but I doubt their
    > stock price will come down much. Oddly I wonder if those in gov are
    > watching closely to those who are running around shorting Cisco
    > stock. Or
    > should that be: "sh0rt1ng c1sc0 st0ck!@$"

    Cisco had initially approved this talk. My understanding is that this
    has been fixed and no current IOS images were vulnerable to the
    techniques he was describing. ISS, Lynn, and Cisco had been working
    together for months on this issue before the talk.

    This had _nothing_ to do with the source code that was stolen. I have
    dealt with Lynn professionally on many occasions and he has shown
    himself to have more than a fair share of integrity. It is uncalled
    for to take to disparate events and place them together in a way
    which smudges the name of a respected researcher.

  • Next message: Olsen, Jason: "RE: Cisco cover up"

    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs

    Powered By FreeBSD   Powered By FreeBSD