From jericho at attrition.org Sat Feb 5 09:42:04 2005 From: jericho at attrition.org (security curmudgeon) Date: Sat Feb 5 09:42:06 2005 Subject: [attrition] Cisco: There is no fixed software for this issue. Message-ID: http://www.attrition.org/security/rant/cisco01.html Cisco: There is no fixed software for this issue. Fri Feb 4 01:55:02 EST 2005 Jericho I think it is time to give up on Cisco. Most professionals in the security industry have long since given up on vendors such as Microsoft and resigned ourselves to the fact that they don't understand security, and that for all the marketing and PR these companies never will. Year after year, we see stupid and trivial security bugs pop up in their software. Often times these are the same vulnerabilities reborn with a new product, or the same class of vulnerabilities creeping back into the code due to poor programming practices. In other cases, vulnerabilities are found and supposedly patched by vendors. Days or weeks later, it is discovered that the patch does not fully mitigate the original problem and can be bypassed and the software is still vulnerable. [..]