|
Redmond, Thanks for Nothing... by Rattle at 10:18 pm EDT, Aug 11, 2005 |
These hackers did not have this target before; if Lynn hadn't presented his findings, many, or most of them would likely not even know about it. (All indications are that it will be an exceptionally difficult flaw to exploit, and took Lynn years of research to find. On the other hand, a large group of hackers working in concert could substantially reduce that time). But now that Lynn's blown the lid off of it, every hacker from Boise to Shanghai knows about it. That's simply not smart.
It does not surprise me that the independent voice of the Microsoft IT community doesn't get the reality of Lynn's disclosure. If the theme of this all is broken security culture, this a yelp from the center of the black hole. If Mike had discovered a new vulnerability in BIND that Vixie already had a patch out for, no one would be making the arguments this guy is. The whole point is that Mike exposed a type of attack that people had not been considering a present threat. Of course all the hackers are working on it. That's the type of eternal vigilance we practice in our craft. We now see a space in which problems can and will occur, we must know the extent of it, and fully engage the problem. Anything else is the wrong approach. |
|
RE: Redmond, Thanks for Nothing... by Dagmar at 12:19 am EDT, Aug 13, 2005 |
My comment on their little daydream post... (Posted right to the website) Shame on you for posting an article like this in your capacity as Editor without (apparently) doing a lick of research beforehand! While it may well be true that had Lynn not come forward, many of those hackers would still have no clue that such a stunt was even possible, it's entirely useless to warble on about the danger the people trying to replicate Lynn's work represent without taking into account their motivation. You appear to be heaping the blame for this exclusively at Lynn's feet, which is hogwash. Lynn based his work in part from research that had been published quite some time before, and no one really followed up on it when it was originally published--they had no motivation. This time, however, the heavy-handed treatment Lynn recieved at the hands of the lawyers of both Cisco and ISS has given thousands of people the motivation necessary for them to do more than say "Hey, that's pretty slick" and go back to worrying about their own problems. They're extremely incensed because one of the things that makes a hacker mad is telling them they're not allowed to know something that could make their little corner of the Internet work better. Normal system administrators might go through their day half asleep knowing they can call a support line if something goes terribly wrong, but most "hackers" still view the Internet as an arms race--be secure or be pwned. You then go on to say that it took Lynn "years" to develop this exploit. That's entirely incorrect and there's more than one source available that would have told you the real figure... It took Lynn around six months to uncover this problem--not even one full year. You draw some crazy analogy between Lynn's announcement and some incident in a piece of fiction, well let me sort that out properly for you. Lynn hasn't been making anyone a target--he's been telling everyone that the metal bucket on their head can't be counted on to stop bullets so they should keep their fool heads DOWN. In your next to last paragraph you lament the lack of information you have on the matter, and the reality is that a little websearching would have answered every one of your questions! |
|
Redmond, Thanks for Nothing... by skullaria at 12:37 am EDT, Aug 12, 2005 |
I have reason to believe that at least one person already has this exploit, and it isn't just Mike Lynn. :) Anyway, I have about as much faith in this guy's opinion as I do that this chick's boobs are real. |
|
RE: Redmond, Thanks for Nothing... by Rattle at 9:28 pm EDT, Aug 12, 2005 |
skullaria wrote: I have reason to believe that at least one person already has this exploit, and it isn't just Mike Lynn. :)
Care to divulge any details? Any information about the exploit being present in the wild is of interest. I hope its not in the hands of someone stupid. If so, it would be really nice if they did what stupid people tend to do, and brag about it. |
|
Redmond | News: Opinion: Thanks, Mike Lynn -- Thanks for Nothing by Neoteric at 5:35 pm EDT, Aug 11, 2005 |
Mike Lynn is being hailed in some quarters as a hero, but I don't buy it. I'm sure his heart was in the right place when he discussed a serious vulnerability in Cisco routers at the recent Black Hat USA conference, and his courage in quitting his job, rather than be censored by Cisco and his own employer, is admirable. But that still doesn't make what he did right. My main concern is that now, hackers are working overtime to figure out how to break into these routers and wreak their havoc. Here's what Brian Krebs, the Washington Post's excellent computer security reporter, said in a blog from the conference:
And Keith Ward is a douche-rocket. |
|
|