Part-Time Pundit

Columns and Commentary by John Bambenek

It’s Time to Ditch Cisco and ISS

Much has already been said about Michael Lynn’s presentation at Black Hat regarding exploitation of Cisco routers. ( Read about the injunction). What hasn’t been talked about is what to do now.

Michael Lynn revealed no new vulnerabilities but only shot down the deception peddled by Cisco that their devices can’t be taken over. Lynn’s presentation essentially shows a Cisco rootkit that will take over a router. ISS, his former employer, told him not to give the presentation so he resigned instead. In response, ISS and Cisco enjoined him permanently from discussing anything else about the matter and that he has to destroy all data he may have about Cisco vulnerabilities. Further, the FBI has begun a criminal investigation on the matter. The defense of ISS and Cisco is that he didn’t follow the methods of responsible disclosure, which apparently means that one week after every router on the Internet has gotten owned people can then say they knew about this a year ago.

Cisco and ISS have demonstrated with this incident that their first and foremost concern is saving face even when they have to bury huge security threats that are probably already known. Why would anyone trust ISS to consult on the state of their information security when they’ve demonstrated that they are willing to cover up for a vendor instead of giving solid unbiased advice? Why would anyone trust Cisco devices when instead of acknowledging flaws they seek to silence those who would disclose them? Through this incident, ISS and Cisco have a lot of egg on their faces but that’s not enough. People should stop buying their services until they display a commitment to security instead of a commitment to silencing security researchers that show vendors aren’t doing their jobs.

BNN Link

=================================================
For home fire safety, it has been strictly advised that there should be no rubber flooring. Particularly the garage flooring should be as fire-safe as possible. Fires usually begin from fireplaces left burning. That is why an electric fireplace is considered safer. Even a pellet stove can start a fire. Following fireplace tiles tips could be the first step in this context.
=================================================

Related Posts:
  • Credit Card Theft, National IDs, and Strong Authentication
  • Tagged
  • About
  • Welcome to Part-Time Pundit
  • Read this : The Dummification of Politics

    • July 30th, 2005 Posted by John Bambenek | Information Security | no comments