A MUST READ!!!

#1 (**permalink**) 07-28-2005, 05:35 AM

http://www.securityfocus.com/news/11259

-Im

#2 (**permalink**) 07-28-2005, 01:55 PM

Imhotep <Imhotep@nospam.com> writes:
> http://www.securityfocus.com/news/11259

Wild.

But if the guy learned or invented these attack techniques while bound
under a non-disclosure agreement, he should and likely will go down in
flames in the legal action.

--
Todd H.
http://www.toddh.net/

#3 (**permalink**) 07-29-2005, 02:50 PM

Todd H. wrote:

>
>
> Re: A MUST READ!!!
> From:
> Todd H. <comphelp@toddh.net>
> Date:
> Thursday 28 July 2005 09:55:48 am
> Groups:
> comp.security.misc
> References: 1
>
> Imhotep <Imhotep@nospam.com> writes:
>> http://www.securityfocus.com/n

....the kicker is they are saying that software flaws fall under IP. That is
crewed up as software flaws are unintentional....

-Imhotep

#4 (**permalink**) 07-29-2005, 03:11 PM

In article <bnrGe.54191$mC.13260@tornado.tampabay.rr.com>,
Imhotep <Imhotep@nospam.com> wrote:
:Todd H. wrote:

:>> http://www.securityfocus.com/n

:...the kicker is they are saying that software flaws fall under IP. That is
:crewed up as software flaws are unintentional....

No, Cisco is saying that information about the internal layout of
IOS is Trade Secret. The researcher's talk would have had to
describe essential features about the internal layout of IOS
in order to indicate how, given -any- buffer overflow, one could
consistantly take meaningful control of the device.

The internal layout of an operating system is valid IP.

Cisco wasn't objecting to the researcher publicising that
a single buffer overflow attack had been found: Cisco was objecting
that the researcher (who had access to NDA information) broke
NDA in revealing the internal organization of IOS to show how
classes of attacks would work against IOS.
--
The rule of thumb for speed is:

1. If it doesn't work then speed doesn't matter. -- Christian Bau

#5 (**permalink**) 07-30-2005, 02:20 AM

Alright, let's be 100% honest. Cisco WAS telling not to release info because
they were scared that their marketshare would suffer...They are acting like
Microsoft...what a shame I used to really like Cisco....

Walter Roberson wrote:

> In article <bnrGe.54191$mC.13260@tornado.tampabay.rr.com>,
> Imhotep <Imhotep@nospam.com> wrote:
> :Todd H. wrote:
>
> :>> http://www.securityfocus.com/n
>
> :...the kicker is they are saying that software flaws fall under IP. That
> :is crewed up as software flaws are unintentional....
>
> No, Cisco is saying that information about the internal layout of
> IOS is Trade Secret. The researcher's talk would have had to
> describe essential features about the internal layout of IOS
> in order to indicate how, given -any- buffer overflow, one could
> consistantly take meaningful control of the device.
>
> The internal layout of an operating system is valid IP.
>
> Cisco wasn't objecting to the researcher publicising that
> a single buffer overflow attack had been found: Cisco was objecting
> that the researcher (who had access to NDA information) broke
> NDA in revealing the internal organization of IOS to show how
> classes of attacks would work against IOS.