Scott's Weblog The weblog of an IT pro specializing in cloud computing, virtualization, and networking, all with an open source view

Hackers at Defcon race to expose Cisco Internet flaw

A recent article from Computerworld, Hackers at Defcon race to expose Cisco Internet flaw, states: “Computer hackers at this weekend’s Defcon 13 hacker event worked to expose a flaw publicized last week that could allow an attacker to take control of Cisco Systems Inc. routers.”

This is exactly the kind of thing that I suspected would rise out of the whole Cisco-ISS-Black Hat snafu. Particularly perturbing is the comment made by one attendee, who stated “…we’re doing this…because someone said you can’t.”

I’m very much in favor of full disclosure, as I feel it brings a measure of accountability to the vendors that might otherwise not be present. But there is a limit. Full disclosure needs to be handled responsibly and in context, taking into account the bigger picture (so to speak). I think Larry Seltzer’s recent article at eWeek, Where Does Truth Lie in Lynn/Cisco Case?, said it best when he said, “…flaws in Cisco’s IOS needed to be disclosed at some point, but when and where was not [Lynn’s] to say.”

Metadata and Navigation

Be social and share this post!