[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] RE: Getting a clue at Cisco
- To: byte_jump <bytejump@xxxxxxxxx>
- Subject: Re: [Full-disclosure] RE: Getting a clue at Cisco
- From: Sam Evans <wintrmte@xxxxxxxxx>
- Date: Mon, 1 Aug 2005 13:52:16 -0600
Just curious -- if the April patch fixed the vulnerability discussed, then
that would mean (according to Cisco) that the vulnerability affected IPV6
and not IPV4, correct?
On 8/1/05, byte_jump <bytejump@xxxxxxxxx> wrote:
>
> In my opinion, probably the grossest error made by Cisco in all of
> this was silently patching their IOS back in April. Anyone who's ever
> used Cisco's software knows that you can never run the latest release,
> unless you want things to break, and break badly. As a result, how
> many organizations were at the latest, patched IOS release as of
> BlackHat? Not many, I'd wager. If, however, Cisco had come clean and
> told everyone that there is a serious problem in their IOS and
> exploitation is being actively researched by Chinese hacker groups,
> you'd see a lot more uptake of that April IOS release. Instead, Cisco
> hangs their customers out to dry.
>
> Shameful, just shameful.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/