[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri Jul 29 19:28:59 2005
From: jasonc at science.org (Jason Coombs)
Subject: Cisco IOS Shellcode Presentation
Frank Knobbe wrote:
> What he has done is not say "Here's a bug that I can exploit". He has
> said "This IOS is capable of exploitation beyond current belief". And it
> will be for the foreseeable future.
Precisely. And Lynn pointed out that Cisco routers use general purpose
CPUs -- therefore Cisco's own engineers chose purposefully to build a
vulnerable device.
Cisco is responsible for this entire mess. Had they engineered a secure
product around a CPU that was not general purpose, none of this would be
happening now.
No company that intentionally engineers a computing device around a
general purpose programmable CPU should have the ability to press
charges against security researchers who disclose security flaws in
those devices.
Cisco is wrong to conclude that they can engineer a defective product
and then allow the criminal prosecution of a person who simply asks the
pointed question "Why did Cisco do this? It renders their product
permanently defective, and here's the proof."
Somebody needs to explain this clearly to the FBI.
Cisco should be criminally prosecuted for telling lies to their
customers and for abuse of process.
Regards,
Jason Coombs
jasonc@...ence.org
Powered by blists - more mailing lists