Cisco IOS Flaw Saga Continues
#150 A lot has happened since the last posting on this topic.
Further to my previous entry regarding the posting of the Cisco IOS vulnerability on several web sites after researcher Michael Lynn was gagged, more legal action was initiated on Friday 29th through cease and desist orders on the websites in question. Richard Forno, a security specialist and author, said in an e-mail that he received a cease-and-desist letter from lawyers representing Internet Security Systems. He subsequently pulled the presentation from his Infowarrior.org Web site and replaced it with a fax he said came from the law firm of Piper Rudnick Gray Cary, counsel for ISS. The slides are still available for public download on other Web sites, including Cryptome.org. The presentation was also distributed on the popular Full Disclosure security mailing list on Friday.
Also on Friday, Cisco released a security advisory about the flaw, to much criticism and debate of "too little to late" by the security community who are questioning why the vulnerability is only coming out in the open now and the tactics used by Cisco to silence the researcher and suppress the information.
The incident spilled over into the DefCon event where the hacking community has rallied behind Lynn and sharply critisised Cisco and Corporate America. Also at Defcon, a nightmare scenario for Cisco has begun to unfold as hackers and researchers team up and vow to exploit the vulnerability exposed by Lynn.
Finally the mainstream news gets hold of the story with BBC reporting a story "Cisco struggles to plug net leak" , CNN reporting "Hackers take a crack at Cisco Flaw" and Reuters reporting "Hackers race to expose Cisco internet flaw"
Further to my previous entry regarding the posting of the Cisco IOS vulnerability on several web sites after researcher Michael Lynn was gagged, more legal action was initiated on Friday 29th through cease and desist orders on the websites in question. Richard Forno, a security specialist and author, said in an e-mail that he received a cease-and-desist letter from lawyers representing Internet Security Systems. He subsequently pulled the presentation from his Infowarrior.org Web site and replaced it with a fax he said came from the law firm of Piper Rudnick Gray Cary, counsel for ISS. The slides are still available for public download on other Web sites, including Cryptome.org. The presentation was also distributed on the popular Full Disclosure security mailing list on Friday.
Also on Friday, Cisco released a security advisory about the flaw, to much criticism and debate of "too little to late" by the security community who are questioning why the vulnerability is only coming out in the open now and the tactics used by Cisco to silence the researcher and suppress the information.
The incident spilled over into the DefCon event where the hacking community has rallied behind Lynn and sharply critisised Cisco and Corporate America. Also at Defcon, a nightmare scenario for Cisco has begun to unfold as hackers and researchers team up and vow to exploit the vulnerability exposed by Lynn.
Finally the mainstream news gets hold of the story with BBC reporting a story "Cisco struggles to plug net leak" , CNN reporting "Hackers take a crack at Cisco Flaw" and Reuters reporting "Hackers race to expose Cisco internet flaw"
posted by Dwaine at 8/01/2005
0 Comments:
Post a Comment
<< Home