If you attended Blackhat Briefings 2005 you might missed it, but there are 20 or so pages missing in your Blackhat book. This video shows why.
Calling Cisco’s reaction ‘aggressive’ gets a whole new meaning after watching the movie. Cisco, with the aid of Blackhat organizers, tore Lynn’s slides from the Blackhat Briefings book to protect their precious secret.
Didn’t help much though – as expected, the original slides are mirrored all over the web, and the problem blew up in their face.
Cisco actually requested Lynn to wait a year (!) before releasing the details of the vulnerability.
It took Lynn one month to discover how the vulnerability can be fully exploited. While I’m not underestimating Lynn’s skills, his work was mostly based on FX’s discoveries. I think we all learned that ‘silent’ bug fixes are never silent.