Blogs
Marian Prokop's picture
Marian Prokop

More posts |

July 28, 2005 - 3:36 P.M.

Should Michael Lynn have told at Black Hat or not?

. What's this?

Among the latest developments in the Michael Lynn story at the Black Hat conference is that the research analyst was served with a temporary restraining order  barring him from discussing the flaw that could compromise Cisco's unpatched routers . The order was filed by Cisco and Internet Security Systems, Lynn's former employer, from which he either resigned or was forced to resign after giving a presentation on how a malicious hacker could exploit a flaw in unpatched Cisco router software that  "could crash those systems or intercept Internet communications." According to Red Herring, Lynn explained his actions by saying,

"I feel I had to do what’s right for the country and the national infrastructure,” he said. “It has been confirmed that bad people are working on this \[compromising IOS\]. The right thing to do here is to make sure that everyone knows that it’s vulnerable.”

Cisco and ISS disagreed and said releasing the data was premature, says Network World. The two companies also filed a temporary restraining order against Black Hat to prevent the organization from distributing video of Lynn's presentation.
But Network World says their effort may be too late  and that some copies of the CD may be in circulation.
In a statement  on its Web site, Cisco said it "respects and encourages the work of independent research scientists; however, we follow an industry established disclosure process for communicating to our customers and partners."
The statement continued: "It is important to note that the information presented at the Black Hat Conference yesterday was not a disclosure of a new vulnerability or a flaw with Cisco IOS software. The research presented explores possible ways to expand exploitations of known security vulnerabilities impacting routers."
The company also urged its customers to "upgrade their software to the latest available versions."
Let's hope this issue is resolved quickly and in a reasonable way that fixes the flaw once and for all and gives Michael Lynn his due.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?

Related Posts

5 tips for managing remote data centers
Even BEFORE 9/11 this was bad news
LightSquared vs. GPS politics: Improper influence?
Megaupload down, DoJ charges 7, Anonymous fights back

Today's Top Stories

Essential browser tools for Web developers
Hands on: The new iPad
Microsoft cuts the prices of some Office 365 plans
Google works to overhaul its search
Mozilla will start Firefox silent updates in June
Preston Gralla: Big backlash is building against Windows 8. Will Microsoft listen?