| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Aug 15 01:22:14 2005 From: sil at infiltrated.net (J. Oquendo) Subject: (no subject) On Sun, 14 Aug 2005, n3td3v wrote: > I think its pathetic the way everyone has handled the whole affair. I > don't blame Cisco for anything. To see these self proclaimed hackers > goto Blackhat and Defcon is a complete joke. You don't blame Cisco for knowing for years they'd been shipping cruddy products and keeping a "don't ask won't tell" policy when it comes to their products? Silly you. > Then we had the self procalimed hackers saying they would target Cisco > products and make a 0-day disclosure to give Cisco Systems Inc a black > eye for pulling their planned coordinated speech with this dude > M.Lynn. What a joke the security community is being right now. Whom stated this. The purpose of Lynn's presentation which can be seen at: www.infiltrated.net/cisco/holygrail.pdf was to provide those in the industry a glimpse at a huge problem in the making. A huge problem Cisco had not been disclosing. > Its a classic case of jumping on the bandwagaon. Before the summer > most hadn't given Cisco any thought, but suddenly their public enemy > number one. They are public enemy number one right now. I would say 75% plus of the networks online right now are running Cisco products. For Cisco to take a lackadaisical attitude in fixing their problems is irresponsible. > I suggest that the majority of those attending these conferences are > indeed script kiddies, not hackers. Indeed. You should have followed suit and replaced that line with "3y3 sUgGeST,..." sInCeReLy n3td3v!@ Seriously though, for anyone in the industry who's been in "the game" for some time, many know that this entire industry has gone from "fixing holes for fun and fame", to "fsck that hole and just get the profits". Far too many in the field have "sold out" and forgotten what security was, due to too many "mega corps" (Symantec, Cisco, NAI, etc) dishing out money and skirting responsibilities. When it comes to Cisco, kudos to Lynn and others who speak out about vulnerabilities. Especially in the case of Lynn who disclosed this to Cisco way beforehand. Heck it was disclosed in a previous briefing, why the lenghty time to produce patches... Cisco's attitude seemed to be that of Microsoft's old attitude: "The vulnerability is theoretical" until it bit them in the ass. As for the feds bullying Mr. Lynn under the guise of "National Security" why not dish out fines to Cisco for everyday they have not released a fix for it. Did Team Cisco lobby that many in congress to make people turn a blind eye. Kudos to Mr. Lynn, and kudos to others who disclose (appropriately) security holes when vendors solely want to appease investors. (Hey Team Oracle and Larry Ellis... Hope someone over there is reading this too...) =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x97B43D89 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89 To conquer the enemy without resorting to war is the most desirable. The highest form of generalship is to conquer the enemy by strategy." - Sun Tzu
Powered by blists - more mailing lists