ID: IRCNE2012101652
Date: 2012-10-21
According to "scmagazine", a researcher who was planning this weekend to disclose major vulnerabilities in Huawei and H3C routers has decided to scrap the presentation.
The researcher, Kurt Grutzmacher, was scheduled to deliver the talk Saturday at the ToorCon security show in San Deigo, but agreed to can it after being contacted this week by HP, the parent company of China-based H3C and a partner of Huawei.
On Aug. 6, Grutzmacher revealed the flaws to US-CERT, which was to coordinate with the affected vendors, he said in a Thursday blog post. US-CERT's disclosure policy dictates that the researcher must then wait 45 days before going public with the vulnerability details.
A month later, he checked on the progress and learned that the companies needed more time. Grutzmacher told them they could have until ToorCon. Then, this week, he received a "very cordial and apologetic voicemail and email" from HP's software security response team, asking requesting that he not present.
Even though he said he planned to offer mitigation recommendations to the audience, Grutzmacher agreed to kill the talk.
"If you value your network and its data then you should already have taken steps to protect it," Grutzmacher wrote.
- 2