Create an Account
username: password:
  MemeStreams Logo

MemeStreams Discussion


This page contains all of the posts and discussion on MemeStreams referencing the following web page: Cisco's poetic comeuppance begins. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Cisco's poetic comeuppance begins
by Dagmar at 10:37 pm EDT, Aug 1, 2005

SecurityFocus has some coverage about what the other hackers who are not Mike Lynn are doing about the Cisco campaign to keep people in the dark. They're trying to figure out what Mike Lynn figured out, if for no other reason than to spite Cisco.

Let's hope this ends well. Lynn is a level-headed guy who knew the seriousness of what he'd discovered. The issue demanded attention, but attention of a responsible sort (which is why Lynn didn't just publish a proof-of-concept exploit some months ago, and why you're still able to read this right now). Cisco has drawn *huge* amounts of attention to a problem they haven't addressed yet, and given people plenty of incentive to do something rash just to prove a point. Part of the problem is summed up in the quoted text below, and it's going to hurt Cisco like their lawyers would never have thought possible.

"By serving takedown notices in response to such situations, a company demonstrates clearly that it is more concerned with preserving its commercial interest in intellectual property than fostering community awareness and knowledge pertaining to critical Internet security issues," Forno said an e-mail statement.

Of course, what their lawyers are probably banking on is being able to say "It wasn't *us* that did it." after the Internet burns to the ground, but I strongly suspect that if lawyers weren't so interested in myopically "protecting the interests of shareholders" to the exclusion of what makes sense for keeping the Internet as a whole safe. Had Cisco's lawyers not decided to intervene so heavy-handedly, this would have probably blown over, gotten patched, and become just another milestone event in security research--and basically Cisco would have come out of it smelling like roses. Stockholders don't care whether or not an incident or two occurs, and only slightly less than do the equipment purchasers who are the people Cisco should be truly concerned about. The way things stand now, there's thousands of hackers out there who are extremely incensed and motivated to do something to demonstrate their displeasure with the situation.

Here's to hoping that won't involve a Blaster-like event.

Powered By Industrial Memetics