  SteveI know your IP address
join:2001-03-10
Tustin, CA |
Yah, that'll workThe RIAA has managed to do this with pirated music, right? | |
|
 |  KeepOnRockinMusic Lover Forever
Premium Member
join:2002-11-08
Beaverton, OR |
Re: Yah, that'll workROFL. It looks like Lynn has Cisco quaking in their boots. Instead of addressing Lynn's discovery and correcting the vulnerability, Cisco is trying to bury the problem in a mountain of legal paperwork and lawyers. Didn't that tactic work for the MPAA?  | |
|
| | | |
Re: Yah, that'll worksaid by KeepOnRockin:ROFL. It looks like Lynn has Cisco quaking in their boots. Instead of addressing Lynn's discovery and correcting the vulnerability, Cisco is trying to bury the problem in a mountain of legal paperwork and lawyers. Didn't that tactic work for the MPAA? Yeah must have File trading has become as extinct as a large suv. In the words of the immortal all knowing Cosmo Kramer - "The Cat(Meoowwwww) is out of the bag" | |
|
| |  nixenRockin' the Boxen
Premium Member
join:2002-10-04
Alexandria, VA |
to KeepOnRockin
said by KeepOnRockin:ROFL. It looks like Lynn has Cisco quaking in their boots. Instead of addressing Lynn's discovery and correcting the vulnerability, Cisco is trying to bury the problem in a mountain of legal paperwork and lawyers. Didn't that tactic work for the MPAA? Yeah. Worked real well for Diebold, too. -tom | |
|
|  Toymaster
Premium Member
join:2001-12-27
Flint, MI |
to Steve
Got my copy already.... :O | |
|
| |  n2jtx
join:2001-01-13
Glen Head, NY |
n2jtx
Member
2005-Aug-2 8:52 pm
Re: Yah, that'll work | |
|
| |
|  packetscan
Premium Member
join:2004-10-19
Bridgeport, CT |
to Steve
All to hide a vulnerability they don't want to fix? haven't fixed? not enough man power?
Hire some more people and get your shit secure..
Companies need to stop putting up with this bullshit. While cisco is twiddling their thumbs Joe blow from 1/2 way around the world just compromised your entire network.
And Cisco wonders where there market share is going... | |
|
| pandora
Premium Member
join:2001-06-01
Outland |
to Steve
This reminds me of the old "duck and cover" nonsense the government had for CD. Instead of fixing anything, they want to pretend there isn't a problem. Sheesh. Patch IOS Cisco! | |
|
 David
Premium Member
join:2002-05-30
Granite City, IL |
David
Premium Member
2005-Aug-2 7:02 pm
yep cisco...make him a mortyar (sp?) that's it, make him like the Mitnick character, help him secure his dreams. | |
|
| |
is it on BitTorrent yet?I'm don't host BitTorrent, but if the presentation (in what ever format: pdf, powerpoint, jpg) were loaded into a BitTorrent site, and people started looking for it there, can you imagine how rich ($) the law firm would get sending out notices to the BitTorrent hosts all around the world. I doubt ISS has deep enough pockets for that but Cisco would.  | |
|
| Toymaster
Premium Member
join:2001-12-27
Flint, MI |
Re: is it on BitTorrent yet?Sorry, but is it not funny how things backfire...they tired to silence him and yet all this publicity is just drawing more attention to Cicso and ISS. Wonder if they will actually fix the DAMN problem. Prohibition did not work, trying to stop P2P did not work. Open source...well, we are still working on that. How, come there is not a whistle blower hot line for this...almost everyone as some time of connection to the internet. just my one cent :P | |
|
 FFH5
Premium Member
join:2002-03-03
Tavistock NJ |
FFH5
Premium Member
2005-Aug-2 7:08 pm
Closing barn door after the horses boltedCisco will have a real problem stopping the spread of the info. They can try all they want but once it is out there it can't be pulled back. All they can do now is punish Lynn and fix the problem and try and get clients to implement it as fast as possible. | |
|
|  phxmarkWhat Country Are We Living In?
join:2000-12-27
Glendale, AZ |
Re: Closing barn door after the horses boltedsaid by FFH5:Cisco will have a real problem stopping the spread of the info. They can try all they want but once it is out there it can't be pulled back. All they can do now is punish Lynn and fix the problem and try and get clients to implement it as fast as possible. I have my copy. Wasn't hard to find. | |
|
| | | |
Meomio
Anon
2005-Aug-4 2:42 am
Re: Closing barn door after the horses boltedWasn't hard to find. as hard as clicking on a link in the news at the top of this page | |
|
|  DaDogsSemper Vigilantis
Premium Member
join:2004-02-28
Deltaville, VA
1 edit |
to FFH5
said by FFH5:Cisco will have a real problem stopping the spread of the info. They can try all they want but once it is out there it can't be pulled back. All they can do now is punish Lynn and fix the problem and try and get clients to implement it as fast as possible. Lynn will not be punished. Mark it down, take it to the bank. Even NSA thinks he did us a favor. The only agency STUPID enough to think he didn't at this point is the FBI. Just my two. | |
|
| | | |
Re: Closing barn door after the horses boltedsaid by DaDogs:said by FFH5:Cisco will have a real problem stopping the spread of the info. They can try all they want but once it is out there it can't be pulled back. All they can do now is punish Lynn and fix the problem and try and get clients to implement it as fast as possible. Lynn will not be punished. Mark it down, take it to the bank. Even NSA thinks he did us a favor. The only agency STUPID enough to think he didn't at this point is the FBI. Just my two. I think that there are other agencies who feel this was a dumb move, but take note they are not the very bright ones. How much you wanna bet this spurs a law of some stupid kind proposed by moron who has no idea about the internet at all. | |
|
| | | DaDogsSemper Vigilantis
Premium Member
join:2004-02-28
Deltaville, VA |
DaDogs
Premium Member
2005-Aug-2 9:24 pm
Re: Closing barn door after the horses boltedsaid by BosstonesOwn:I think that there are other agencies who feel this was a dumb move, but take note they are not the very bright ones. Well, probably true, sadly probably true. Still ... The smart money is on the smart agencies. The spooks went to the extra effort to tell him that he did good. That will play well for him with Cisco and ISS because the "Black" budget is big enough to hold their attention. said by BosstonesOwn:How much you wanna bet this spurs a law of some stupid kind proposed by moron who has no idea about the internet at all. No doubt. Let us hope that it does not pass. | |
|
| | | | | |
Re: Closing barn door after the horses boltedCome to think of it this is why being a good person and reporting security flaws to companies is a bad thing. When it's not fixed they come and hunt you down when you want to talk about it. Typical BS | |
|
| |
cisco presentation on torrentermm yes its on some big torrent sites  | |
|
| | |
Re: cisco presentation on torrentkaching
..kaching!
....kaching!!
The partners at the law firm must be smiling, but the billing clerk is groaning at the overtime. | |
|
| |
Has the FBI Caught Bin Laughing Yet?Just wondering. | |
|
| | |
Re: Has the FBI Caught Bin Laughing Yet?Maybe they should send Cisco's lawyers after Bin-boy. | |
|
| |
A permanent restraining order in one day?Cisco must have greased some serious judicial palms to obtain not a TRO, but a permanent restraining order within a day. | |
|
|  elderrainIm from Cuba MANG
Premium Member
join:2004-07-08
Massena, NY |
Re: A permanent restraining order in one day?here the video of the them crooks hiding there ass » www.billflu.com/vid/cisco.mov | |
|
| |  sporkmedrop the crantini and move it, sister
MVM
join:2000-07-01
Morristown, NJ |
Re: A permanent restraining order in one day?Just to clarify, click this one, it's pretty neat. It's video footage of people digging through the conference materials and ripping out the pages with Lynn's presentation. | |
|
| DaDogsSemper Vigilantis
Premium Member
join:2004-02-28
Deltaville, VA |
to russotto
Aw, hell, clearly they had help from people who actually DO know what could happen and how serious the vulnerability is actually (cough N cough S cough A).
Ayup, Cisco clearly knew how bad the vulnerability was all along or this flap would have NEVER have gotten so ridiculous. There is more to this vulnerability than anyone is letting on and I think the references to "the coming storm" in Lynn's intervied with WN, might be prophetic.
We shall see... | |
|
 HarddriveProud American and Infidel since 1968.
Premium Member
join:2000-09-20
Fort Worth, TX
3 edits |
Go ahead. We've fixed it. No, wait....STOP!» www.boingboing.net/2005/ ··· er_.html"Things to note: Lynn and ISS contacted Cisco about this vulnerability in April and it was fixed. Vulnerable versions are no longer available from Cisco. Cisco and ISS both initially support Lynn's presentation at Black Hat. Cisco had, initially, committed to sending a representative to corroborate Lynn's findings. Lynn had been planning to give this presentation since then, which was months in advance, with the consent of both ISS and Cisco. "On Monday before the conference Cisco and ISS decided to pull the presentation with vague reasons given. This prompted the actions by Lynn on Wednesday, resignation and release. "It is important to note and propagate that Lynn did go through the correct channels for release: he contacted the vendor, the vendor issued a fix. At this point, normally, public release would be allowed and expected." attachment deleted... go here for links to Mike Lynn's presentation---> »www.boingboing.net/2005/ ··· ati.html | |
|
|  RARPSL
join:1999-12-08
Suffern, NY |
RARPSL
Member
2005-Aug-2 10:49 pm
Re: Go ahead. We've fixed it. No, wait....STOP!said by Harddrive:» www.boingboing.net/2005/ ··· er_.html"On Monday before the conference Cisco and ISS decided to pull the presentation with vague reasons given. This prompted the actions by Lynn on Wednesday, resignation and release. In addition he ORIGINALLY wanted to resign from ISS in April but was talked into not doing so by ISS who gave him the rights to his research and permission to distribute it as he wanted. It was only when they then reneged on this permission at the last moment that he actually formally resigned as noted above. | |
|
 Doctor FourMy other vehicle is a TARDIS
Premium Member
join:2000-09-05
Dallas, TX
1 edit |
Cisco is about to find out the hard way...That the Internet treats censorship as damage and routes
around it. I downloaded the original Black Hat presentation
by Lynn from a Boing-Boing mirror, and have put it in my
p2p shared folders. So that anyone on either WinMX
(currently online right now) or Gnutella can download it.
The harder they try to quash this one, the more places it
is going to show up.
Edit: I see no one's Slashdotted this story yet. I'm
sure it will show up by tomorrow on there, though. | |
|
| B04
Premium Member
join:2000-10-28 |
B04
Premium Member
2005-Aug-2 10:07 pm
Re: Cisco is about to find out the hard way...said by Doctor Four:Re: Cisco is about to find out the hard way... That the Internet treats censorship as damage and routes around it. Just a nod to the exquisite irony at work here. Approximately 60% of the Internet is Cisco routers. -- B | |
|
 calvoiper
join:2003-03-31
Belvedere Tiburon, CA |
Streisant effectCisco is now experiencing what has been called the "Streisand Effect", after Barbara Streisand sued the California Coastal Project for including her house in its online gallery of photographs documenting development along the entire coast of California.
The Coastal Project changed its main page to a full size photo of Ba-Ba's house, and the resulting publicity vaulted the website to record hit levels.
Enjoy it, Cisco.
calvoiper | |
|
| | |
Re: Streisant effecthaha yeah, love that website!
but really guys.. cisco fixed this months ago and its only an ipv6 flaw. cisco made the decision to try and keep it under wraps. who knows? was it a bunch of router buffs or VPs making the decision? probably VPs and lawyers.. what can you do? it surely doesnt reflect cisco as a whole.
i dont work for cisco but this is sad and disappointing. the verisign dns issue, on the other hand, was bleeping annoying. | |
|
| | calvoiper
join:2003-03-31
Belvedere Tiburon, CA |
Re: Streisant effectWhatever Cisco does legally, regardless of who "sanctioned" it, reflects on Cisco. Claiming that a decision by "VPs and lawyers" isn't really a Cisco decision is naive, to say the least.
calvoiper | |
|
 deadi
Premium Member
join:2001-08-26
Perry, OH |
deadi
Premium Member
2005-Aug-2 8:42 pm
What now?I bet they are kicking themselves for not having some kind of live update available. With the large quantity of Cisco routers out there, how does one go about updating the....um ....internet? | |
|
|
•••••• |
DaDogsSemper Vigilantis
Premium Member
join:2004-02-28
Deltaville, VA
4 edits |
DaDogs
Premium Member
2005-Aug-2 8:46 pm
Our Friends at the 3 Letter Agencies Like Him :)Our friends at the three letter agencies seem to like the kid just fine (interview excerpt from wired news):
Wired News: You met with the feds after your talk, and someone gave you a challenge coin (a special coin created for members of the military to commemorate challenging missions)?
Lynn: Yes, they did, actually. And I didn't know what it was, so I didn't thank him properly.... This was a really funny story. (Right after my talk, this) guy walks up with a very, very impressive badge ... and says, "I need to speak with you. Now."
WN: What agency was it?
Lynn: Air Force (Office of Special Investigations). NSA, is what I'm told, but he wouldn't show me his credentials. There were a lot of flashy badges around from lots of three-letter agencies. So they take me to a maintenance area and I'm surrounded by people ... and one of them says (to another guy), "You've got the van ready?" I'm going, "Oh my god." And they go, "Just kidding!... Oh, man, you rock! We can't thank you enough." And I'm just sitting there, like still pale white. They all shook my hand.
I get the feeling that they were in the audience because they were told that there was a good chance that I was about to do something that would cause a serious problem. And when they realized that I was actually there to pretty much clue them in on ... the storm that's coming ... they just couldn't say enough nice things about me.... Also, US-CERT (Computer Emergency Response Team) asked me if I would come up to D.C. in a week or two and help them formulate the nation's strategy for cybersecurity.
He will walk on this one.
Cisco looks like doggie poo... | |
|
1 recommendation |
What right does cisco have to request a takedown?I don't see any court order in that takedown notice, just some fear tactics from a lawyer. Unless there is a bench warrant certifying the information was illegally taken from cisco (which of course is in question), why should anyone bother to respond to said notice? The lawyers can huff and puff all they want.
(I especially like the 'copyright notice' on the letter they sent. Just by saying 'reposting is prohibited' is by definition not legally enforceable. If you send me any sort of document, especially legal, I have EVERY RIGHT to post it for the world, unless I have signed an NDA not to repost said letter, which I obviously haven't).
So, to sum it up,
#1: it's too late.
#2: who cares..the people who can write exploit code will get it anyway
#3: Cisco is looking like a bunch of morons
#4: People are loosing even more respect for the laws of this country, and the lawyers (though, that's hard to imagine). | |
|
| nixenRockin' the Boxen
Premium Member
join:2002-10-04
Alexandria, VA |
nixen
Premium Member
2005-Aug-2 9:45 pm
Re: What right does cisco have to request a takedosaid by G_Poobah:why should anyone bother to respond to said notice? Cisco has more money available to make my life miserable than I have time or money to fight it? said by G_Poobah:The lawyers can huff and puff all they want. Lawyers huffing and puffing in your direction can make your life a PITA and expensive. Is it right™? Is it fair? No. But then the only people that ever said life was fair were either trying to sell you something or were telling tales. -tom | |
|
 Brianv5Low Level Functionary
Premium Member
join:2001-01-20
Keyser, WV |
Brianv5
Premium Member
2005-Aug-2 9:20 pm
So I shouldn't be hosting it?Guess I should take down my hosted copy huh? | |
|
DaDogsSemper Vigilantis
Premium Member
join:2004-02-28
Deltaville, VA |
DaDogs
Premium Member
2005-Aug-2 9:28 pm
Who Will Cisco Fire Over This Fiasco?Clearly some moron convinced upper management that court orders, injunctions, and general assininity was the path to solving this problem.
Clearly the moron's idea failed to produce the desired effect, indeed it magnified the error by two (or more) orders of magnitude.
Clearly the moron needs to be looking for a job and the fools who followed his advice need to be preparing their resignations for the board.
This is going to get ugly. | |
|
| |
| |  damonlab
Premium Member
join:2001-05-02
Detroit, MI |
damonlab
Premium Member
2005-Aug-2 9:55 pm
Re: Who Will Cisco Fire Over This Fiasco?This is the real deal. The people that will be coming out with this stuff are real security bad@sses, not unlike the people from @stake. | |
|
 jester121
Premium Member
join:2003-08-09
Lake Zurich, IL |
..."Getting something off the internet is like getting pee out of a swimming pool."
Joe Rogan
Newsradio
ca. 1997 | |
|
| phxmarkWhat Country Are We Living In?
join:2000-12-27
Glendale, AZ |
Re: ...said by jester121:"Getting something off the internet is like getting pee out of a swimming pool." Joe Rogan Newsradioca. 1997 You either have to drain it or shock it heavily and then it can't be used for awhile.:D | |
|
| |
You know what my beef is?All the mainstream public sees is Cisco this and Cisco that.
"Cisco has more money available to make my life miserable than I have time or money to fight it?"
This is the F'ing problem. I went to NetworkWorld today and 5 of their top 6 six were about Cisco and none of them were on this topic. Why would the entire world (okay 60%) put their eggs in the same basket?
Cisco has just as many problems (and nobody has had one like this) as every other big company in the technology industry. But, for some reason everybody touts them as being more secure. They are not.
Go over to the security forum, people recommend Cisco over every other brand constantly. Shoot, there is probably somebody recommending Cisco gear as I type this.
Why?
Signed,
Confused in Orange | |
|
|
••••• |
| |
WhistleBlower ProtectionIf Mike Lynn and his attorney have any smarts about them, they would file for immediate protection under the Whistle Blower act.
That would definitely put a crimp on Cicso and ISS to hold him in jeopardy. | |
|
| |
joeblow56
Anon
2005-Aug-2 11:06 pm
Who should pay?John Chambers.
For presiding over a mess.
Put him in with moussaoui.
"Number One means never having to say you are sorry" | |
|
| |
what will Dvorak's (PCMag) spin on this be?I've always liked Dvorak and how he can create an conspiracy out of nothing, makes one read his column, but he's tame compared to certain TV and radio personalities (no insult intended, John, if you are reading this).
Anyhow, I wonder if Dvorak's conspiracy theory is that all of this was planned! months ago!! Here's my impression of how John Dvorak would create a conspiracy:
1) Lynn attempting to resign, staying on at ISS,
2) Cisco balking at the last moment,
3) Lynn resigning and making the presentation,
4) the presentation makes its way onto the internet with free publicity,
5) FBI and lawyers making appropriate growling noises,
6) industry pundits writes stories,
7) gullable folks like me get impressed/scared,
8a) network folks wake up to the fact that all CISCO routers need immediate attention.
8b) also mgmt folks, such as CIO's, CTO's, VP of IT's, (the ones with the budgetary $, who can change priorities) will be reading this story.
In other words, steps 1-7 are leading up to 8, which is something that needs to be done, and it's being done with free publicity, ie CISCO thought it would be cheaper for their pocket book than any other route to get the word/buzz out to the network folks AND TO THEIR BOSSES. | |
|
|  caesarv
join:1999-08-02
Santa Rosa, CA |
Re: what will Dvorak's (PCMag) spin on this be? | |
|
|
|
