[E-voting] So much for firewalls,etc.

Nick Hilliard nick at netability.ie
Tue Aug 2 08:44:49 IST 2005


> This article also shows how badly the powers that be want to prevent 
> people from knowing what really is going on. 

Let's not get too conspiratorial here.  Large companies aren't all in 
cahoots to keep the unsuspecting public in the dark just for the sake of 
it.  Mostly when stifling orders are sought, it's because the company in 
question is more concerned about the effect of their customer's 
perception and on their stock price than anything else (and it often 
affects stock price).

In this case, Cisco appears to have believed that the greater good would 
be served if the methodology used to exploit this particular 
vulnerability was not made public.  While no-one's going to deny that 
for a short period, cisco routers may go under the black hat spotlight 
and that this will lead to problems for those organisations who are 
irresponsible or incompetent in regard of their security management, 
history suggests that full disclosure will ultimately lead to better 
security overall.

Secondly, no-one has ever believed that Cisco routers were impervious to 
hacking.  The issue at stake in this talk was a particular class of bug 
which IOS goes to some effort to make itself immune to, and which Cisco 
wanted to keep out of the public imagination, as their routers make up a 
substantial portion of the internet core.

 > that the relevant companies sought to keep the vulnerability under
 > wraps even though they knew about it.

No, Cisco doesn't keep vulnerabilities under wraps; please see:

http://www.cisco.com/en/US/products/products_security_advisories_listing.html

There are lots of examples there and Cisco isn't silly enough to deny 
that their products don't have problems from time to time.  The 
vulnerability in question is the latest ipv6 one.

Nick



More information about the E-voting mailing list