? The Flickr Snowball Effect |
| Is Amazon Finally About to Offer a Digital Music Service? ?
August 03, 2005
Black Hats redux
I've been able to track down some additional info concerning this Cisco/Black Hat dustup. My posting of last Friday elicited a bunch of comments. Almost all negative. My reference to security expert Michael Lynn being fired by his employer, Internet Security Systems, appears to be wrong. I must have garbled info I grabbed off of Web news reports. My apologies. I changed the reference in the original posting to say he apparently quit.
I have been in touch with Cisco, and they said the other facts I recounted in the blog posting were correct. Of course, some of my critics have taken me to task for taking Cisco's side, so word that Cisco confirms my take on the incident would only confirm their suspicions. In fact, while not beholden to the company, I do agree with Cisco that it is dangerous to expose details of vulnerabilities in crucial Internet technology to a public that includes many malicious hackers. Here's Cisco's side of the story.
I'm still hoping to speak to Michael Lynn. I have feelers out.
TrackBack URL for this entry:
I just read that Ciscos website was breached. Their portal password security was compromised and millions are scramblig for help from what I read. It looks like they have problems.
Posted by: Jim at August 3, 2005 05:27 PM
yes, it is important that companies are informed about exploits in their software/hardware but the problem is that in this case Cisco did not act appropriately on this information. Take a look at any of the news stories and you will find that that was the case -- back in April Cisco was informed. So if a company does not act appropriately should users and customers accept this inaction? No way. I don't know what your view is on security, but I'd rather know something is wrong than to be in the dark about it. Plus, if you have seen the presentation you might realize that it actually makes it extremely difficult to exploit the vulnerability.
Sometimes it is ok to admit to be wrong ...
Posted by: Carsten at August 3, 2005 09:37 PM