Re: [Full-disclosure] Cisco and Vocera wireless LAN VoIP devices don't check certificates

From: George Ou <george.ou_at_nospam>
Date: Thu Feb 21 2008 - 21:18:13 GMT
To: "JxT" <jxt.lists@gmail.com>

No, the source is VERY good. They just don't admit it openly on their website like Vocera's documentation.

From: JxT [mailto:jxt.lists@gmail.com]
Sent: Thursday, February 21, 2008 8:21 AM To: George Ou
Cc: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Cisco and Vocera wireless LAN VoIP devices don't check certificates

On 2/21/08, George Ou <george.ou@techrepublic.com> wrote: "I am also waiting for verification on Cisco's wireless VoIP handsets. I heard that the Cisco devices have the same design flaw, but it's fairly simple to confirm if you have one of those wireless LAN VoIP handsets."

So you just generalize and make assumptions about a product based on heresay? If the product is vulnerable, that's one thing. Go ahead and write about it, but if you can't confirm the vulnerability of the product, don't attempt to use a company to garner more attempts at reading your article. Perhaps your title should have read. "I think Cisco is vulnerable, but I don't know?" We all know Cisco is no better than anyone else when it comes to bugs/issues, but don't just go making assumptions and posts without proof. That's just sad journalism!

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: Kees Cook: "[USN-581-1] PCRE vulnerability"
Previous message: Dancho Danchev: "[Full-disclosure] Malicious Advertisements Serving Domains"
In reply to: JxT: "Re: [Full-disclosure] Cisco and Vocera wireless LAN VoIP devices don't check certificates"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]