[Dshield] The Holy Grail

Scott Melnick smelnick at water.com
Mon Aug 1 19:01:45 GMT 2005


Yes in some ways. But the there were major points brought out at DefCon
about this which got really stirred up. It was by far the best
presentation I have ever seen. 


For those of you who did not attend Defcon or Raven Alders last minute
"modified" speech due to Mike Lynns situation, she brought up some great
points. The speech was great and stirred many emotions in the room. 

1. The current exploit was patched in April. However, Cicso did not
disclose the bug. They told everyone including the ISP's to upgrade
immediately. Why? Oh just trust us. Many people did not upgrade because
they didn't see the urgency. You can't just hand out patches and say
"Trust Me". 

2. While this one particular exploit was fixed, the main basis of the
danger is still in IOS for future exploits. Basically it is how Cisco
IOS runs and handles router crashes etc... At least that is what I
gathered. This is what Cisco does not want us to know. It brings a new
level of attack on Cisco products world wide, including a major
percentage of the internet backbone itself.


One of the things also brought up by the community is, that first of
all, Mike Lynn obtained this security flaw from a Chinese web page when
he had it translated into English. It is rumored that this developed
from earlier code leaks from Cisco. It was already out there and
exposed! He just researched it from the information he already obtained.
How can you violate disclosure on something that is already out there?

I'll also post a few quotes from Raven. I pulled them from
http://news.zdnet.com/2100-1009_22-5812044.html

"Alder then blasted Cisco for going after Lynn. 

" "Cisco, you are really screwing up," she said, followed by a round of
applause. "Suing researchers is not going to make you secure. Alienating
the security community is not going to encourage people to come to you
and report problems and work with you." "


Scott Melnick
Security Engineer

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Paul Marsh
Sent: Friday, July 29, 2005 12:05 PM
To: General DShield Discussion List
Subject: [Dshield] The Holy Grail


Michael Lynn's presentation "The Holy Grail" is all over the net.  I'm
not a Cisco guy so excuse me for asking a stupid question.  Does the
presentation actually have enough details in it for the script kiddies
and other nasty humans?

Thanx, Paul


The information in this transmittal (including attachments, if any) is
privileged and confidential and is intended only for the recipient(s)
listed above. Any review, use, disclosure, distribution or copying of
this transmittal is prohibited except by or on behalf of the intended
recipient. If you have received this transmittal in error, please notify
me immediately by reply email and destroy all copies of the transmittal.
Thank you.


_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list