I owe you an beer (we say it like that..ofcourse we mean a beerS)..... Is it problem for cisco/friendly stuff to write emails from
personal accounts? then they could feel more free... or? Lot of people here at this list previously worked 4 Cisco!... just look
from where they are replying... micro$oft...,
never wanted to know why they did it... b'cos I already heard stories from cisco background ...so I sympathise with them ... but
know also some guys from MS ;-)
Cheers
Alex
> -----Original Message-----
> From: Neil J. McRae [mailto:neil@COLT.NET]
> Sent: Wednesday, February 13, 2002 9:39 AM
> To: Gert Doering
> Cc: Brett Rodgers; cisco-nsp@puck.nether.net
> Subject: Re: [nsp] CSCdw65903
>
>
> > Hi,
> >
> > It would be much more helpful if Cisco would publish their advisory
> > quickly now, now that the CERT advisory is out - especially
> clarifying
> > which configurations are vulnerable and which ones are not
> (like "if
> > you do not have 'snmp-server host ...' statements, and if
> you only use
> > 'snmp-server community' with ACLs, you are not vulnerable"
> - if that's
> > the way it is).
> >
> > Upgrading a large production network on the basis of
> nebulous "it would be
> > better to upgrade, you'll see!" is not good advice.
> >
>
> Gert,
> I sympathise with your point of view, but I think its hard to be
> in Cisco's place were you have to balance a mass panic/attack against
> letting some key networks/infrastructure deal with the issue
> before release.
> You asked questions, people answered based upon what they could
> say under various non-disclosure agreements and under the
> treat of being
> the idiot that release the info to the public before anyone was
> ready. My hats of to you for noticing it though :-).
>
> In my view Cisco handled this very well, much better than
> other vendors,
> although it would be nice if we had non-buggy code :-).
>
> Regards,
> Neil.
>
>
>
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:04 EDT