Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Cisco: There is no fixed software for this issue.

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Cisco: There is no fixed software for this issue.
Date: Mon, 7 Feb 2005 07:30:44 -0600 (CST) 
Forwarded from: security curmudgeon <jericho@attrition.org>

http://www.attrition.org/security/rant/cisco01.html

Cisco: There is no fixed software for this issue.
Fri Feb 4 01:55:02 EST 2005
Jericho

I think it is time to give up on Cisco.

Most professionals in the security industry have long since given up
on vendors such as Microsoft and resigned ourselves to the fact that
they don't understand security, and that for all the marketing and PR
these companies never will.  Year after year, we see stupid and
trivial security bugs pop up in their software. Often times these are
the same vulnerabilities reborn with a new product, or the same class
of vulnerabilities creeping back into the code due to poor programming
practices. In other cases, vulnerabilities are found and supposedly
patched by vendors. Days or weeks later, it is discovered that the
patch does not fully mitigate the original problem and can be bypassed
and the software is still vulnerable.

Yesterday, Cisco Systems, Inc. posted a new security advisory
announcing a vulnerability in one of their product lines. This is not
new for Cisco by any means as they have releaesed 155 security
advisories dating back to June 1, 1995. Why is this one different? The
proverbial straw that broke the camel's back perhaps. The issue is not
that just another vulnerability affects their products, nor it is the
amount of issues Cisco has posted over the years. While depressing to
anyone responsible for the security of one of their devices, it is
mostly manageable. Cisco has been fairly good about addressing
problems in the past, providing patches and solid workarounds and
eventually selling new versions of their software that aren't
affected. Until now.

There are two issues with the latest advisory covering a vulnerability
in Cisco IP/VC Products. Either issue unto themselves should have
Cisco customers up in arms demanding better products and better
service. As long as companies continue to buy and support
irresponsible and unethical vendors, they will continue to deliver
over-priced insecure software.

[..]



_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Cisco: There is no fixed software for this issue., InfoSec News <=
Previous by Date:  [Full-Disclosure] Webroot Software Resigns from COAST, Paul Laudanski
Next by Date:  [ISN] J-CARD numbers leaked on Internet, InfoSec News
Previous by Thread:  [Full-Disclosure] Webroot Software Resigns from COAST, Paul Laudanski
Next by Thread:  [ISN] J-CARD numbers leaked on Internet, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]