North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
- From: J. Oquendo
- Date: Tue Aug 09 09:59:05 2005
Among the developments last week: Cisco continually revised its
security bulletin, adding details as to how versions of unpatched IOS
software could be undermined by a "specifically crafted IPv6 packet."
Sources at Cisco say testing will continue indefinitely and could
include findings related to more than simply IPv6-related exploits.
Ironic the marketing and disinformation coming out of Cisco Systems
in relation to not disclosing what really occurred and labeling the
vulnerability as "IPv6 based.... but" after they initially stated
it as "IPv6 only!"
The researcher who touched off the uproar, Michael Lynn, says he is
now the subject of inquiries by FBI agents, and he continues to defend
the propriety of his actions.
Since when did the FBI decide to play "Corporation Superherosaviour"
so blatantly. Mr. Lynn's disclosure while a double edged sword can
possibly save the industry from a catastrophe, and while yes it can
also cause one, I believe he did the right thing.
Experts and users say the hole in IOS appears not to be an immediate
concern based on what is public knowledge at the moment, since patches
are available. But what concerns some is that Lynn's exploit
techniques take router hacking to a new level, which eventually could
have security implications for Cisco customers.
This same attitude from vendors is what causes those releasing POC
(proof of concept) code to release information on how things break.
I recall posting here a while back information on how it would be
possible to break neighbors in BGP by causing flaps. I did not post
the information with the intent on anyone using that information to
cause damage nor was it malicious. I did it under the impression
someone in the industry would take a look at it and see what I saw
and come up with a solution. To date however... It's been more or
less the same: "You're an ass for doing that..."
While Lynn has settled one lawsuit with Cisco and ISS, agreeing not to
disclose anything he knows about the exploit, his problems don't seem
to be over. The FBI is investigating him and interviewing friends and
roommates, he says.
Spin spin sugar... Looking at this current situation I'm wondering
when did it become a federal offense to break a non disclosure
agreement. I can look at this two possible ways now... Are the feds
looking at Mr. Lynn because they have something vested in the IOS
of Cisco (Carnivore, Magic Lantern), or are they going after him
under the guise of "National (in)Security". If it's national
(in)security, then why not go after Cisco for allowing this problem
to go unresolved when they knew of it months in advance.
Anyhow, sorry for the rants... The article is pseudo-worth the read
if you can filter out marketing and crapaganda.
GPG Key ID 0x97B43D89
To conquer the enemy without resorting to war is the most
desirable. The highest form of generalship is to conquer
the enemy by strategy." - Sun Tzu