, 2007-10-10
The world of computer security can often be a strange and compelling one. Many outsiders, or those with little knowledge of computers, just don’t understand the whole uproar over various issues, such as whether Microsoft Vista is more secure then Linux or Mac. It’s all moot as far as the general population is concerned. But, for those of us who work in the industry, it is just more grist for the mill.
Expand all |
Post comment
Of hackers and ego
2007-10-16
Anonymous (1 replies)
Anonymous (1 replies)
What he was revealing was research (and very good research it was) into IOS shellcode - how to go from overflowing a buffer on a router, to actually getting your code run.
The reason Cisco didn't like this, is that they had always claimed that there was no way of running shellcode on IOS - that any buffer overflow was limited to DoS. Their vulnerability notifications reflected this. With Lynn's work in the open, they were going to have to admit that IOS was actually vulnerable to remote compromise through many of the vulnerabilities that come out.
At least, that's the idea - for an example of how Cisco continues to try to play us for fools, see Cisco's recent FUD postings to bugtraq on IRM PLC's demonstration of IOS shellcode techniques.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/454/34734#34734