Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco Patches 'Black Hat' IOS Flaw

Posted by Zonk on from the spraypainted-white dept.

thursnick writes "eWeek is reporting that Cisco has finally issued a comprehensive fix for a critical IOS vulnerability that set off a firestorm of controversy at the Black Hat Briefings earlier this year. The patches come more than three months after former ISS researcher Michael Lynn quit his job to present the first-ever example of exploit shellcode in Cisco IOS (Internetwork Operating System), a presentation that landed him in legal hot water. Cisco's advisory effectively confirmed Lynn's summer warning that the flaw could be exploited by remote attackers to execute arbitrary commands or cause a denial-of-service on compromised routers."

2 of 66 comments (clear)

  1. Why not earlier? by ParrotAtSlashdot · · Score: 2, Insightful

    Why on earth did Cisco not release this earlier? It would save people alot of trouble.

    --
    ParrotAtSlashdot
  2. Re:What ever happened... by Wellspring · · Score: 3, Insightful

    I'm glad. I love it when the right thing (for him) is also the Right Thing (ethically).

    The coverup is almost always worse than the crime in these kinds of things. Companies that aren't up-front and honest (trying to protect their reputation) end up trashing their reps. Cisco just created an anecdote for the next time a customer or regulator wants to take a deep, careful look at their security. We can't just take their word for it, and if I were buying routers right now, I'd be much more inclined to look at Juniper than Cisco, even though previously I wouldn't have even considered them.

    It's not magic pixie dust, but making the effort to bring hard-core ethics onstaff is important to me.