Saturday, July 30, 2005

Major Vendor Harasses Security Researcher

Colleague Bruce Schneier, highlights the fact in today's busine$$ focused world though decisions about information security disclosure must be made every day...

Cisco Harasses Security Researcher..."

I've written about full disclosure, and how disclosing security vulnerabilities is our best mechanism for improving security -- especially in a free-market system. (That essay is also worth reading for a general discussion of the security trade-offs.) I've also written about how security companies treat vulnerabilities as public-relations problems first and technical problems second. This week at BlackHat, security researcher Michael Lynn and Cisco demonstrated both points.

For those which want to know more about this critical exposure...Cisco--IPv6 Crafted Packet Vulnerability. Cisco devices running Internetwork Operating System (IOS) "that have been explicitly configured to process IPv6 traffic" are susceptible to a denial of service (DoS) and potentially the arbitrary execution of code (Buffer Overflow).
The Cisco Advisory can be found here.


Post a Comment

<< Home