Hi,
On Wed, Feb 13, 2002 at 08:38:34AM +0000, Neil J. McRae wrote:
> > It would be much more helpful if Cisco would publish their advisory
> > quickly now, now that the CERT advisory is out - especially clarifying
[..]
> You asked questions, people answered based upon what they could
> say under various non-disclosure agreements and under the treat of being
> the idiot that release the info to the public before anyone was
> ready.
Ummm, sorry if I was misunderstood here. I did NOT want to criticise
any of those (non-Cisco people!) that did offer some advice. Thanks to
you!
I still think that *Cisco* should get their act together now, and quickly
publish an official statement about which configurations are vulnerable
and which ones aren't. Most of the facts are out anyway (check
http://www.securitydatabase.net/forum/viewtopic.php?TopicID=3443).
> In my view Cisco handled this very well, much better than other vendors,
> although it would be nice if we had non-buggy code :-).
Cisco did handle it well - up to the point where the CERT advisory came
out, pointing to a Cisco document that does not exist yet.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert@greenie.muc.de
fax: +49-89-35655025 gert.doering@physik.tu-muenchen.de
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:04 EDT