>>>> Zsombor Papp 7/18/03 8:40:09 AM >>> >Perhaps you slightly misunderstood my "attitude" and are jumping to >conclusions so that you can put a convenient label on me.
>From my vantage point this does seem to be a misunderstanding among those involved. I don't think people were trying to label you, per say, they just sensed that you were 'copping an attitude' when it sounds like you weren't. My vote is that we chalk it up to misunderstanding, knowing that postings and emails often don't do a great job of conveying intent or emotion. Regarding your change of address, I'd prefer that you stick with the Cisco address. There are a few participants that work for Cisco and we all understand that they participate for personal reasons, not as official representatives of Cisco. Besides, the last thing we need is more Yahoo users. ;-) Regards, John > >I am not saying that Cisco should keep security problems a secret, rather >that dissemination of information about sensitive issues posing a security >threat to many should be carefully considered and coordinated. > >If you have access to the applicable bug reports, you will see that it was >exactly the PSIRT team who carefully edited/removed all enclosures to make >sure that the information necessary to reproduce the attack is not easily >extracted. All the protocol names were replaced by XXX, for example. >Personally, I was impressed by the thorough job they did. The only hints I >could find were the code diffs. > >Now, does this mean that Cisco wants to hide the problems? Not at all. As >you say, Cisco has always been good at publishing security flaws. The >Security Advisory in question is still being updated, too. So I think Cisco >has deserved some patience and the right to decide when to publish what >information. > >Having said that, I am not writing to this mailing list as a representative >of Cisco. What I say is my personal opinion (and believe it or not, it is >not influenced by the fact that I work for Cisco -- only what I do *not* >say is influenced by that fact). I am using my Cisco email because it is >convenient. I have hoped that people on this list are mature enough to >realize this, but perhaps I was wrong. I will switch to Yahoo now. > >> Perhaps we should send your response to this to John >>Chambers and see what he will say. > >Will you also tell your daddy/bigger brother about me? :) > >Thanks, > >Zsombor > >At 11:43 AM 7/18/2003 +0000, Peter Benac wrote: >>I am glad you are not representative of the current Cisco Culture. >> >>Your attitude in this matter really is not acceptable and I would hope that >>Cisco's attitude would be better. >> >>Any exploit hypothetical or not quickly spreads acrossed the internet faster >>then Bill Gates can find another security flaw in Windows. >> >>My Solaris Servers that face the internet are under constant bombardment >>from would be windows script kiddies. It doesm't matter to them whether I >>have a Solaris System or a Windows System. They want to be real hackers and >>will try anything that is posted. This applies to other systems as well. >>Cisco has the major market share and therefore is the primary target. >> >>Cisco is not Microsoft, and never has been. They have always put their flaws >>right in peoples faces. The infamous SNMP bug was published and fixed long >>before CERT published it. Cisco has a PSIRT team whose soul function in life >>is security risk accessment. >> >>I have never known Cisco to call a potential Security threat >>"Entertainment". Perhaps we should send your response to this to John >>Chambers and see what he will say. >> >>I still remember his e-mail address since I too am an ex-cisco employee. >> >>Regards, >>Pete >>---- >>Peter P. Benac, CCNA >>Emacolet Networking Services, Inc >>Providing Systems and Network Consulting, Training, Web Hosting Services >>Phone: 919-847-1740 or 866-701-2345 >>Web: http://www.emacolet.com >>Need quick reliable Systems or Network Management advice visit >>http://www.nmsusers.org >> >>To have principles... >> First have courage.. With principles comes integrity!!! >> >> >> >>I sincerly hope that Cisco is not becoming Microsoft. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72576&t=72463 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
