, 2005-08-03
Blackhat is one of my favorite places to do some casual online banking over an insecure WiFi connection. Where's the risk, right? All joking aside, Blackhat is in fact a great place to do some deep thought on the current state of the security industry.
Expand all |
Post comment
1. If it was IP (my belief), why did Cisco even acknowledge & offer some support? Based on the slide I've seen, he was clearly looking at code (& asking questions about it) that people are not supposed to be looking at. I am guessing that Cisco & ISS had some sort of working agreement on this. If so, we know why ISS had their lawyers on it then, as a CYA.
2. If this is IP, why are people annoyed that Cisco is protecting it? By all rights, shouldn't Cisco have had a chance to address the problem first?
Ask yourself this question: If you had a 3rd party doing research on IP that you owned, would you want them showing some of your IP to the world and illustrating how something could exploit it? This is not the Oracle debacle, where Cisco has had almost 2 years to fix this. We are talking about an integral part of the IOS and I am guessing that there would have to be a major overhaul done to correct this. A couple of months time is not sufficient to correct and test this.
Just my opinion, and we know what those are like, right?
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/345/32217#32217