lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <42EA758F.4000504@science.org> Date: Fri Jul 29 19:28:59 2005 From: jasonc at science.org (Jason Coombs) Subject: Cisco IOS Shellcode Presentation Frank Knobbe wrote: > What he has done is not say "Here's a bug that I can exploit". He has > said "This IOS is capable of exploitation beyond current belief". And it > will be for the foreseeable future. Precisely. And Lynn pointed out that Cisco routers use general purpose CPUs -- therefore Cisco's own engineers chose purposefully to build a vulnerable device. Cisco is responsible for this entire mess. Had they engineered a secure product around a CPU that was not general purpose, none of this would be happening now. No company that intentionally engineers a computing device around a general purpose programmable CPU should have the ability to press charges against security researchers who disclose security flaws in those devices. Cisco is wrong to conclude that they can engineer a defective product and then allow the criminal prosecution of a person who simply asks the pointed question "Why did Cisco do this? It renders their product permanently defective, and here's the proof." Somebody needs to explain this clearly to the FBI. Cisco should be criminally prosecuted for telling lies to their customers and for abuse of process. Regards, Jason Coombs jasonc@...ence.org
Powered by blists - more mailing lists