Cisco's Newest Hole

4:00 PM -- A malicious rootkit for the Cisco Systems Inc. (Nasdaq: CSCO) Internetwork Operating System (IOS) is getting revealed at the EuSecWest conference tomorrow in London.

It's caused quite a flurry on the North American Network Operators' Group (NANOG) mailing list. There's a debate to be had here over whether it's better to first reveal malware issues to the public, or to Cisco. But the NANOG debate takes a follow-the-money turn. Certainly this talk is good publicity for EuSecWest -- which wouldn't have gotten a mention on Light Reading otherwise -- and for Core Security Technologies, the Boston firm whose researcher is presenting the talk.

So there's an argument to be had over motivations. Is this talk being held now because it's the right thing to do? Or because it's a better business decision?

I don't have an answer to that. My job makes me wary of any entity that's seeking out publicity, but then again, I tend to side with the Michael Lynn school of thought that says vulnerabilities need to get to the public sphere quickly. (As does Vyatta Inc. -- and of course they've already had something to say about all this.)

Lynn was the researcher sued by Cisco over his presentation at the Black Hat Briefings conference in 2005. (See Cisco Faces Security Flap, Cisco Reveals 'Black Hat' Flaw, Feds Grant Cisco an Injunction, and Cisco Finds Another Flaw.)

Cisco, by the way, has responded to the EuSecWest situation, but in a cop-out way. Because nothing's been revealed yet, Cisco's security advisory can safely say there's been "no indication of the discovery of a new vulnerability in Cisco IOS."

Full disclosure: United Business Media owns both Light Reading and Black Hat.

— Craig Matsumoto, West Coast Editor, Light Reading

Be the first to post a comment regarding this story.
Sign In