Re: Boing Boing: Michael Lynn's controversial Cisco security presentat ion
On Fri, 2005-07-29 at 19:06, Daniel Golding wrote: > I hope the leadership at Cisco reflects on this incident and will utilize > different tactics the next time this happens. Similarly, I hope the > cybersecurity folks in our governments realize that, while a strong > relationship with vendors is essential, they must recognize that vendors > have different goals than they do. Perhaps more importantly, ISS should try to get it's act together and realise they let a highly skilled and motivated researcher go over political issues that should have never influenced a true security driven company in their decision making. How on earth are you gonna try to maintain the image of an independent security company after a clear case of politics and behind-the-scenes shennenigans like these...? Erik -- --- Erik Haagsman Network Architect We Dare BV tel: +31.10.7507008 fax: +31.10.7507005 http://www.we-dare.nl
Re: Boing Boing: Michael Lynn's controversial Cisco security presentat ion
On 7/29/05 12:56 PM, "John C. A. Bambenek" <[EMAIL PROTECTED]> wrote: > > Remind me why I bother with information security when industry and the > government seems to want to ensure things can be pwn3d as easily as > possible... > If the "digital pearl harbor" does come to pass, this won't be remembered as a shining hour for Cisco, ISS, Homeland Security (which is also in the mix), or the FBI. I hope the leadership at Cisco reflects on this incident and will utilize different tactics the next time this happens. Similarly, I hope the cybersecurity folks in our governments realize that, while a strong relationship with vendors is essential, they must recognize that vendors have different goals than they do. The FBI raiding Lynn's house over a commercial dispute is too reminiscent of Cryptonomicon for me. - Dan
Re: Boing Boing: Michael Lynn's controversial Cisco security presentat ion
Remind me why I bother with information security when industry and the government seems to want to ensure things can be pwn3d as easily as possible... On 7/29/05, Fergie (Paul Ferguson) <[EMAIL PROTECTED]> wrote: > > > Now the FBI is investigating Lynn for criminal wrongdoing? > > Kim Zetter writes in Wired News this morning that: > > [snip] > > The FBI is investigating a computer security researcher for criminal conduct > after he revealed that critical systems supporting the internet and many > networks have a serious software flaw that could allow someone to crash or > take control of the routers. > > [and] > > The FBI declined to discuss the case. > > [snip] > > http://www.wired.com/news/politics/0,1283,68356,00.html > > - ferg > > > > > > > > Over on Boing Boing: > > > > [snip] > > > > Here's a PDF that purports to be Michael Lynn's presentation > > on Cisco's critical vulnerabilities ("The Holy Grail: Cisco > > IOS Shellcode And Exploitation Techniques"), delivered at > > last week's Black Hat conference. Lynn's employer, ISS, > > wouldn't let him deliver the talk (they'd been leant on by > > Cisco), so Lynn quit his job, walked onstage and delivered it > > anyway. (See yesterday's post and Scheneier's take for more). > > 1.9MB PDF Link > > > > [snip] > > > > http://www.boingboing.net/2005/07/29/michael_lynns_contro.html > > > > Thanks, j
RE: Boing Boing: Michael Lynn's controversial Cisco security presentat ion
Now the FBI is investigating Lynn for criminal wrongdoing? Kim Zetter writes in Wired News this morning that: [snip] The FBI is investigating a computer security researcher for criminal conduct after he revealed that critical systems supporting the internet and many networks have a serious software flaw that could allow someone to crash or take control of the routers. [and] The FBI declined to discuss the case. [snip] http://www.wired.com/news/politics/0,1283,68356,00.html - ferg > > Over on Boing Boing: > > [snip] > > Here's a PDF that purports to be Michael Lynn's presentation > on Cisco's critical vulnerabilities ("The Holy Grail: Cisco > IOS Shellcode And Exploitation Techniques"), delivered at > last week's Black Hat conference. Lynn's employer, ISS, > wouldn't let him deliver the talk (they'd been leant on by > Cisco), so Lynn quit his job, walked onstage and delivered it > anyway. (See yesterday's post and Scheneier's take for more). > 1.9MB PDF Link > > [snip] > > http://www.boingboing.net/2005/07/29/michael_lynns_contro.html >