Much has already been said about Michael Lynn’s presentation at Black Hat regarding exploitation of Cisco routers. ( Read about the injunction). What hasn’t been talked about is what to do now.
Michael Lynn revealed no new vulnerabilities but only shot down the deception peddled by Cisco that their devices can’t be taken over. Lynn’s presentation essentially shows a Cisco rootkit that will take over a router. ISS, his former employer, told him not to give the presentation so he resigned instead. In response, ISS and Cisco enjoined him permanently from discussing anything else about the matter and that he has to destroy all data he may have about Cisco vulnerabilities. Further, the FBI has begun a criminal investigation on the matter. The defense of ISS and Cisco is that he didn’t follow the methods of responsible disclosure, which apparently means that one week after every router on the Internet has gotten owned people can then say they knew about this a year ago.
Cisco and ISS have demonstrated with this incident that their first and foremost concern is saving face even when they have to bury huge security threats that are probably already known. Why would anyone trust ISS to consult on the state of their information security when they’ve demonstrated that they are willing to cover up for a vendor instead of giving solid unbiased advice? Why would anyone trust Cisco devices when instead of acknowledging flaws they seek to silence those who would disclose them? Through this incident, ISS and Cisco have a lot of egg on their faces but that’s not enough. People should stop buying their services until they display a commitment to security instead of a commitment to silencing security researchers that show vendors aren’t doing their jobs.
BNN Link
=================================================
For home fire safety, it has been strictly advised that there should be no rubber flooring. Particularly the garage flooring should be as fire-safe as possible. Fires usually begin from fireplaces left burning. That is why an electric fireplace is considered safer. Even a pellet stove can start a fire. Following fireplace tiles tips could be the first step in this context.
=================================================
Related Posts:
Credit Card Theft, National IDs, and Strong AuthenticationTaggedAboutWelcome to Part-Time PunditRead this : The Dummification of Politics
July 30th, 2005
Posted by
John Bambenek |
Information Security |
no comments
I’m tired of idiocy and blogging hasn’t been fun the past few days, so I’m going to go do something else for a bit.
Related Posts:
No related posts
July 19th, 2005
Posted by
John Bambenek |
Blogging |
4 comments
Gay Teenager Stirs a Storm
I’ve seen this story develop and didn’t really pay attention much. It would surprise me if it were less that a kosher camp in Tennesse or it was simply another jihad from the left. From some reason I checked the NYT story above, and as usual, it isn’t the point of the story but a detail which is the most interesting. In this case:
Although Zach wrote only a handful of entries about the Refuge program, all posted before he arrived there in the Memphis suburbs on June 6, his words have been forwarded on the Internet over and over, inspiring online debates, news articles, sidewalk protests and an investigation into Love in Action by the Tennessee Department of Children’s Services in response to a child abuse allegation. The investigation was dropped when the allegation proved unfounded, a spokeswoman for the agency said. (emphasis mine)
This whole thing blew up over the comments of a kid who HASN’T EVEN BEEN THERE with everyone drawing conclusions about what is going on. DCFS made an investigation (and found nothing) based on the testimony of someone NOT EVEN THERE. Now, I’m not going to pretend that the parents of this camp are all lily white here, but it is obvious this whole scandal was started based on comments of someone not even there, albeit who was upset at what was going on.
This sounds more like an ideological-based attack by the media and certain groups than anything merited by what’s going on. It seems the attack is more because people have a problem with teaching someone not to be gay than any serious claim of abuse.
Related Posts:
First Convictions in Voter Fraud ScandalOn Dealing Seriously With Journalistic FraudNYTimes Has New “Exclusive” Details on Plame CaseThe War on Drugs Meets SudafedHurricane Katrina: Cat 5 Protection 25 Years Away
July 17th, 2005
Posted by
John Bambenek |
Religion |
8 comments
Top Cheney Aide Among Sources in CIA Story
On Sunday, Cooper also said there may have been other sources for that information. He declined to elaborate.
What are Matt Cooper and Judith Miller hiding? Rove waived confidentiality… allegedly so did Libby. Who are the other sources they are trying to protect?
Karl Rove waived confidentiality and testified in front of the Grand Jury without hiding behind the 5th Amendment. The waiver was signed in 2003. Judith Miller went to jail because she was protecting someone, and that is not Rove.
Today, Cooper indicated there may be other sourced but he won’t talk abuot that. The question is, who are those sourced and why is the press stonewalling.
Related Posts:
Where There’s Smoke: What is the ACLU Hiding?“We Don’t Need To Tell You Our Agenda”Which is it, was Outing Plame a Big Deal or Not?The Miers StrategyThe Two-Tiered Legal System
July 17th, 2005
Posted by
John Bambenek |
National |
one comment
