Announcement

Collapse
No announcement yet.

Cisco Security Hole a Whopper

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco Security Hole a Whopper

    A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit.

    Michael Lynn, a former research analyst with Internet Security Solutions, quit his job at ISS Tuesday morning before disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here.


  • #2
    ...wow! this goes a long way in explaining why we just now completed upgrading all of our switches(2900 and 2950s')

    cc

    Comment


    • #3
      Here we have a guy who gives a "news conference" on something we knew about over a year ago. Cisco fixed their IOS holes a long time ago.

      The first IOS theft (05/2004) could have been a disaster, but Cisco rewrote nearly everything in an amazingly short period of time and made changes that not only protected them from the IOS sourcecode theft, but improved the performance of their products markedly (especially their Layer 2 switches).

      The latest theft of IOS Sourcecode is not what Mr. Lynn would lead you believe; It is a PIECE of development sourcecode stolen from a development partner. To put this in perspective, it's like stealing from a deck of cards. King of Diamonds? Big deal, because you don't have the other 51 cards.

      Here's the synopsis of the "Flaw" he was talking about at BH:

      According to Cisco's advisory, older versions of IOS are flawed in the way they process IPv6 packets, Cisco said in its advisory. A specially crafted data packet could let a miscreant gain control over the router, but an attack is possible only from a local network segment and only on systems configured for IPv6.
      Please note this issue has been fixed in the latest IOS.

      The real issue here is that he has violated his NDAs and quite possibly is in possession of stolen intellectual property. He's going to need a lot more than a good resume' to get himself out of that predicament. His resume' is not worth using as toilet paper because of how he went about doing what he did. I hope he likes flipping burgers.
      Last edited by MultimediaMan; 30 July 2005, 05:17.
      Hey, Donny! We got us a German who wants to die for his country... Oblige him. - Lt. Aldo Raine

      Comment

      Working...
      X