[E-voting] So much for firewalls,etc.
nick at netability.ie
Tue Aug 2 08:44:49 IST 2005
> This article also shows how badly the powers that be want to prevent
> people from knowing what really is going on.
Let's not get too conspiratorial here. Large companies aren't all in
cahoots to keep the unsuspecting public in the dark just for the sake of
it. Mostly when stifling orders are sought, it's because the company in
question is more concerned about the effect of their customer's
perception and on their stock price than anything else (and it often
affects stock price).
In this case, Cisco appears to have believed that the greater good would
be served if the methodology used to exploit this particular
vulnerability was not made public. While no-one's going to deny that
for a short period, cisco routers may go under the black hat spotlight
and that this will lead to problems for those organisations who are
irresponsible or incompetent in regard of their security management,
history suggests that full disclosure will ultimately lead to better
Secondly, no-one has ever believed that Cisco routers were impervious to
hacking. The issue at stake in this talk was a particular class of bug
which IOS goes to some effort to make itself immune to, and which Cisco
wanted to keep out of the public imagination, as their routers make up a
substantial portion of the internet core.
> that the relevant companies sought to keep the vulnerability under
> wraps even though they knew about it.
No, Cisco doesn't keep vulnerabilities under wraps; please see:
There are lots of examples there and Cisco isn't silly enough to deny
that their products don't have problems from time to time. The
vulnerability in question is the latest ipv6 one.
More information about the E-voting