Thread: A MUST READ!!!
View Single Post
  #4 (permalink)  
Old 07-29-2005, 03:11 PM
Walter Roberson
Guest
  
Posts: n/a
Default Re: A MUST READ!!!
In article <bnrGe.54191$mC.13260@tornado.tampabay.rr.com>,
Imhotep <Imhotep@nospam.com> wrote:
:Todd H. wrote:

:>> http://www.securityfocus.com/n

:...the kicker is they are saying that software flaws fall under IP. That is
:crewed up as software flaws are unintentional....

No, Cisco is saying that information about the internal layout of
IOS is Trade Secret. The researcher's talk would have had to
describe essential features about the internal layout of IOS
in order to indicate how, given -any- buffer overflow, one could
consistantly take meaningful control of the device.

The internal layout of an operating system is valid IP.

Cisco wasn't objecting to the researcher publicising that
a single buffer overflow attack had been found: Cisco was objecting
that the researcher (who had access to NDA information) broke
NDA in revealing the internal organization of IOS to show how
classes of attacks would work against IOS.
--
The rule of thumb for speed is:

1. If it doesn't work then speed doesn't matter. -- Christian Bau

Reply With Quote