Create an Account
username: password:
 
  MemeStreams Logo

Mike Lynn's Glorious Escapades
search
Home Agent Weblogs Social Network Post Help About

dc0de
Picture of dc0de
dc0de's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

dc0de's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
  War on Terrorism
Recreation
Local Information
Science
Society
  Politics and Law
   Surveillance
  Media
   Blogging
  Security
Sports
Technology
  Biotechnology
  Computers
   Computer Networking
   Computing Platforms
    Linux
    Microsoft Windows
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Mike Lynn's Glorious Escapades
Topic: Technology 9:46 pm EDT, Jul 28, 2005

As many of you know, Mike Lynn has been vaulted into the spotlight by exposing a known vulnerability in the Cisco IOS router code. This vulnerability enables a nefarious person to gain priviledged access to the router, and provides full control of all traffic that the router sees.

Needless to say, this is bad.

Mike had worked with ISS and Cisco to publish the findings... and Cisco wimped at the end of the day. I won't go into details, as there enough sites with their take on the issue, however, I truly hope that the public sees Cisco and ISS's actions for what they are.

Both of these corporations have asked Mike to perform unethical and immoral actions to prevent this well known issue from being made ?more? public.

The actions of these large organizations are truly that of money mongering, as it has been suggested that ISS actually wanted to obtain the exploit code to provide to it's auditing teams, so they could MAKE MORE MONEY!!!... does it get any more UNETHICAL?

Cisco tried to downplay the vulnerability, stating

In Response To Mike Lynn's Presentation at Black Hat

* Cisco respects and encourages the work of independent research scientists; however, we follow an industry established disclosure process for communicating to our customers and partners.

* It is important to note that the information presented at the Black Hat Conference yesterday was not a disclosure of a new vulnerability or a flaw with Cisco IOS software. The research presented explores possible ways to expand exploitations of known security vulnerabilities impacting routers.

* As per Cisco's best practices guidelines, we recommend customers upgrade their software to the latest available versions.

* Customers should contact their account managers and sales engineers with questions and request for more information.

one word - BULLSHIT.

If those cowards at Cisco were even half-true with their statements, they would own up to the fact that their shit is flawed, and that they WERE notified of the flaw, and didn't do their own due-diligence to identify the depth and scope of the flaw.

So, instead of being honest, forthright and admitting their mistakes, they are targeting a friend, who with the best of intentions, raised the awareness of the issue to the world at BlackHat, due to the fact that Cisco sat on their hands when they should have been fixing their code.

Now, one has to ask themselves the following questions;

1. Why would Cisco put out such a blatant statement, and then focus on discrediting someone in the Information Security Field that has produced valuable products and solutions his entire career?

2. Why would Cisco NOT fix the flaws found in their code properly?

3. Why didn't Cisco alert all of it's users of the REAL threat of the flaw?

4. Why has ISS brought the FBI into the investigation?

5. Why did ISS try to keep the exploit code for their own auditors, and want to keep that information from Cisco?

6. Does Cisco and ISS think that we are all that stupid to agree with their public press and statements? We know Mike, personally, we know what motivates him, and he DID NOT DO THIS FOR PROFIT. Can Cisco and ISS say the same?

Well, I could rant for hours... but personally, I use Foundry Routers and Switches, and I won't ever own an ISS product. So I just hope that those of you who read this, convince those who make the decsions to dump Cisco and ISS... before they cover up another one of these flaws, that costs YOU money...

That's my 2ยข, YMMV.

dc0de.

Thread [1]


  
 
Powered By Industrial Memetics		RSS2.0