Michael Lynn found and published details of how Cisco's security vulnerabilities. Cisco responded with all of the typical threats, attacks of the guy's employer, and legal sabre rattling that you'd expect of any modern corporate giant. In a paranoid hissyfit worthy of Salieri, they've topped it all off by resorting to old fashioned thuggish censorship.
Sombody shot some damning video of Cisco sheep/employees literally ripping out the text of his presentation from the BlackHat conference books.
Here's a Wired interview with Lynn to give you his perspective on the Fatal Cisco Flaw.
WN: Then what happened?
Lynn: So on January 27th, ISS comes out with their response to this vulnerability -- the advice to their customers based on my analysis.... I stayed up all night basically (to research it).
I realized in looking at this (that the program) is actually way worse than Cisco said.... So (our guy) calls up ... Cisco and says, "OK, we aren't 100 percent sure that we found the same bug that you're talking about, but it's important we find out because the one we found has much, much greater impact. You said there's (the possibility) of a denial-of-service attack. But the one we found is fully exploitable."
Cisco said, "You guys are lying. It is impossible to execute shell code on Cisco IOS."
Note to Cisco: Never call a security researcher a liar, unless you're damned sure of it.
Sombody shot some damning video of Cisco sheep/employees literally ripping out the text of his presentation from the BlackHat conference books.
Here's a Wired interview with Lynn to give you his perspective on the Fatal Cisco Flaw.
WN: Then what happened?
Lynn: So on January 27th, ISS comes out with their response to this vulnerability -- the advice to their customers based on my analysis.... I stayed up all night basically (to research it).
I realized in looking at this (that the program) is actually way worse than Cisco said.... So (our guy) calls up ... Cisco and says, "OK, we aren't 100 percent sure that we found the same bug that you're talking about, but it's important we find out because the one we found has much, much greater impact. You said there's (the possibility) of a denial-of-service attack. But the one we found is fully exploitable."
Cisco said, "You guys are lying. It is impossible to execute shell code on Cisco IOS."
Note to Cisco: Never call a security researcher a liar, unless you're damned sure of it.
