On Fri, 29 Jul 2005, Jason Coombs wrote:
Frank Knobbe wrote:
What he has done is not say "Here's a bug that I can exploit". He has
said "This IOS is capable of exploitation beyond current belief". And it
will be for the foreseeable future.
Precisely. And Lynn pointed out that Cisco routers use general purpose
CPUs -- therefore Cisco's own engineers chose purposefully to build a
vulnerable device.
Cisco is responsible for this entire mess. Had they engineered a secure
product around a CPU that was not general purpose, none of this would be
Jason, I both like and respect you, but you are wrong here. You just flat
out don't know what you're talking about.
This has nothing to do with the choice of "a general purpose CPU", it is a
result of a specific architecture within the CPU chosen. There is a real
difference here.
You're talking like this was a negligent choice made in total disregard of
known facts by Cisco, and that just isn't so. And deep down, you *know*
that's true too (although it removes your premise and robs you of some
wonderful /rants). Sure, Cisco chose a poor architecture, and we know
that today. That doesn't mean that this was understood in the setting
under which the decisions were made. This goes back a loooonnnnngggggg
way. The fact is, IOS is pretty well put together, and considering it's
running on an obviously deficient platform and has withstood all comers up
to now is pretty amazing.
They fucked up. They'll have to fix it then. But thats not the same as
the gross negligence they're being accused of.
<FullDisclosure> I am not a Cisco fan, and Jason can attest to that.
Also, I own no stock or have any other interest in Cisco.</FullDisclosure>
--
Yours,
J.A. Terranson
sysadmin@mfn.org
0xBD4A95BF
"A stock broker is someone who handles your money until its all gone."
Diana Hubbard (of Scientology fame)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
