There are outstanding issues on Cisco's 2900 switches that have been unfixed there for years.

For the record, Lynn did not disclose the details of this vulnerability at all. The presentation was merely a demonstration that IOS was exploitable just like any other OS.

I don't work for True North any more -- sorry. Please edit the article to reflect that; I don't know how True North would feel about being associated with my controversial talk. I deliberately didn't name my current employer, since I wasn't talking under their banner and wasn't sure if they wanted to be associated with my opinions on this matter.

I hope Cisco reveals the full technical details of this problem as quickly as possible. The only reason I use Cisco is for the hardware. The software is closed-source and I have to trust Cisco to keep it secure. They dropped the ball completely.

I disagree with CISCO's position and believe that every effort should be made to release this information. The more it becomes available, the sooner CISCO will fix the problem.

The (fixed) exploit Lynn mentioned was merely an example of how to get on the box, but there are obviously going to be more ways to do that and quite likely someone already knows some of them. He also explains that while this is not the end of the world, the hardware abstraction Cisco is pursuing will make this type of attack work on many more routers.

Cisco's attempts to keep this one quiet has merely resulted in various hackers working through the weekend to investigate the vulnerability further!

Michael Lynn just wanted the fame behind this exploit. Sounds like he is first a crook and secondly a major-league jerk.

Raven is right. Because of the way it has (mis)handled this, all that Cisco has achieved is that people aren't going to care to report vulnerabilities to it. Lynn should have been thanked, not sanctioned.