Earlier this month Michael Lynn and x-employee in ISS (Internet Security System) gave a speech in the Black Hat forum about some security breaches he has found in Cisco IOS that may get them to their knees. He also explained how this can lead to Arbitrary Code Execution in the Cisco products that may in some stage let hackers to make various exploits and worms that can infect the Cisco routers, switches, etc.
The problem here is not that the Cisco products are that vulnerable and insecure as Michael Lynn said, but it is how Cisco reacted to that speech and decided to sue him and the Black Hat organizers. It is really shameful that a company that has a significant share in security products market reacts that way instead of trying to fix their own security weakness or at least announce that they are going to fix them.
No comments:
Post a Comment