Why Cisco's Attempt To Suppress Security Researcher Backfired

from the everybody's-hacking-now dept

Last week, we noted just how ridiculous it was that Cisco thought it could make the discussion of a massive security exploit disappear by ripping some pages out of a presentation, demanding all video tape from the presentation and getting the speaker to agree not to discuss the issue again. All that really did, in true Streisand Effect means, was make damn sure that a lot of security researchers have spent the whole weekend trying to break Cisco's software based on what they know. Yes, this would have gotten some attention if the original plans for a presentation had gone off as planned -- but Cisco's reaction drew that much more attention to it and made it quite clear that Cisco was really, really worried about it. You would have thought that the company would recognize how this response would play out, but apparently no one told them how the internet works on these types of issues.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    BG, 1 Aug 2005 @ 6:08am

    What if...

    What if they developed security software that was programmed to increased its security and complexity with every attempt to break into it? What if Cisco had did this and that they could go throught the Streisand effect and actually end up with a more formidable product intentionally? Maybe with every break-in, the code would change and build upon itself from the last attempt? This almost sounds as if it should exist already...

    link to this | view in thread ]

  2. identicon
    Anonymous of Course, 1 Aug 2005 @ 10:54am

    Lawyers Making Money

    At least the lawyers are making money. On some mirrors the PDF from the presentation has been replaced by a threatening letter from a law firm representing Cisco. However the mirror in Russia is still up... imagine that. I'm sure Cisco is being billed for each usless letter and the wasted time spent trying to supress the information. That said, after reading though it I can see why the presentation has Cisco's underwear in a bunch. Although you'd think by now the smart people there would have anticipated such events and would be better prepared to handle them.

    link to this | view in thread ]

  3. identicon
    Ivan Sick, 1 Aug 2005 @ 3:48pm

    Re: What if...

    The idea of evolutionary software is nice, but we're not they're yet. Nowhere close to AI period, much less the kind required for that. (I'm not saying we shouldn't be trying to get there, just that it couldn't happen today.)

    link to this | view in thread ]

  4. identicon
    Nonesuch, 1 Aug 2005 @ 10:19pm

    Re: Re: What if...

    What if they developed security software that was programmed to increased its security and complexity with every attempt to break into it? What if Cisco had did this and that they could go throught the Streisand effect and actually end up with a more formidable product intentionally? Maybe with every break-in, the code would change and build upon itself from the last attempt? This almost sounds as if it should exist already...

    Sounds neat, but goes against how exploits are developed.

    Let's say that I want to take over Cisco 7200 class transit routers, one of the most common peers in the current BGP cloud. Do I start launching random attacks against live Internet routers at randomly selected universities?

    No!

    What I do is go out on eBay and dovebid and pick up a a few variants of the Cisco router I'm targeting, plug them into my 100% isolated from the Internet test lab, and start my cheap imported Russian hackers pounding away at them.

    So after a few weeks I have a tried and true exploit, without overly committing any crime, and without giving Cisco or any researcher with a sniffer on the backbone any sign of what I am developing.

    The term "0day" is generally used to refer to such an exploit only when it has been developed to fruition without even the underlying vulnerability being exploited having been revealed to the vendor nor the public.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.