Create an Account
username: password:
 
  MemeStreams Logo

RE: Wired News: Cisco Security Hole a Whopper
search
Home Agent Weblogs Social Network Post Help About

noteworthy
Picture of noteworthy
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

noteworthy's topics
Arts
  Literature
   Fiction
   Non-Fiction
  Movies
   Documentary
   Drama
   Film Noir
   Sci-Fi/Fantasy Films
   War
  Music
  TV
   TV Documentary
Business
  Tech Industry
  Telecom Industry
  Management
Games
Health and Wellness
Home and Garden
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
  Israeli/Palestinian
Recreation
  Cars and Trucks
  Travel
   Asian Travel
Local Information
  Food
  SF Bay Area Events
Science
  History
  Math
  Nano Tech
  Physics
  Space
Society
  Economics
  Education
  Futurism
  International Relations
  History
  Politics and Law
   Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Philosophy
Sports
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   Human Computer Interaction
   Knowledge Management
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
RE: Wired News: Cisco Security Hole a Whopper
Topic: Computer Security 7:56 am EDT, Jul 28, 2005

Rattle wrote:
Wired just posted the best article so far.. Here are some of the highlights:

The Wired News article seems hastily reported and not fact-checked.

Zetter refers to "Internet Security Solutions". A single visit to www.iss.net would have indicated otherwise. This is basic.

Zetter also refers to IOS as "infrastructure operating system". A visit to cisco.com would show that IOS actually stands for Internetworking Operating System.

The "subtle" attacks postulated in the article, such as "reading email" on a router, would dramatically reduce the forwarding capacity of the router. Besides, a router is not responsible for end-to-end data integrity and confidentiality. If your email traffic is properly protected by an application-layer or network-layer tunnel, none of these "subtle" attacks are applicable.

Of course, the present fact of the matter is that a lot of Internet email passes through the core in the clear. But this situation is not Cisco's fault, and their direct responsibility for an implementation flaw in IOS is distorted when it is conflated with the collective inaction of the majority who neglect to implement end-to-end security for mission critical applications.

The SecurityFocus article has less of this hype, but the editor still missed an error at the end of the article, where "Rather then" should be "Rather than". The SearchSecurity article makes the same error. It must be contagious.

I don't know where ComputerWire got the idea that IOS is "supposedly unhackable." Several of their quotes are missing words. (The CRN article is more specific; it reports that IOS was "perceived as impervious to remote execution of arbitrary code from stack and heap overflows." The ComputerWire editors must have decided that description was too complicated for their readers.)

There are also discrepancies in the reporting regarding the size of the presentation. One report calls it a 10-page presentation while another says it was 30 pages long. Perhaps it was 30 slides, printed in 3-up handout mode with room for notes?

RE: Wired News: Cisco Security Hole a Whopper

Thread [11]


  
 
Powered By Industrial Memetics		RSS2.0