Business & Finance
11:40 AM
Connect Directly
Repost This

Change Agents

Scott Kveton? Blake Caldwell? Here are some people you probably don't know who will shape IT in the coming year.

Security On Principle

Mike LynnMike Lynn was barely out of diapers in 1984 when a group of Stanford computer scientists founded Cisco Systems. Despite his age, or perhaps because of it, Lynn this summer took on the networking giant, exposing a flaw in its Internetwork Operating System that could let attackers take over Cisco routers and switches, which operate in about 80% of large corporate IT environments.

Lynn dispelled the widely held notion that it's impossible to overflow IOS's buffers and exploit these overflows, revealing that hackers could gain control of network traffic, remotely examine packet content, modify traffic, and break weakly authenticated encryption.

The gutsy move won the 24-year-old accolades in the IT-security community, but it cost him his job and made him the subject of a lawsuit filed by Cisco and his former employer, Internet Security Systems Inc., a security products and services provider. The suit has been settled, and Lynn now works for Cisco rival Juniper Networks Inc.

In addition to technical prowess, Lynn has a sense of priorities. He had no intention of letting people write exploits based on his work or any information he revealed at the Black Hat conference where he first spoke about the vulnerabilities, says Dan Kaminsky, senior security researcher at security research firm Doxpara Research. "He didn't build his slides in a way where people could reproduce his work."

The presentation did provide security pros with evidence that they needed. "That crowd ... wanted to know how their networks were at risk," Kaminsky says. "Mike didn't do what Cisco wanted; he did what Cisco customers wanted." Cisco has since issued patches for versions of IOS Lynn identified as vulnerable.

Lynn's work on IOS demonstrates his ability to take security research in new directions and stand behind his findings, regardless of how controversial. "He's principled, which is refreshing," says Jeff Moss, founder and president of Black Hat, an IT-security training and consulting group.

Lynn had a huge impact at Black Hat, but he isn't a publicity hound. He agreed to be interviewed for this article only if Juniper acquiesced, which it didn't. The company even declined to describe Lynn's job.

Whether Lynn works for Juniper as a researcher or a security consultant, the IT world is better for it. "If Juniper was looking to put together a consulting business, then they've got a great guy," Moss says. "Even if they just have him working on their own products, then their products will be that much more secure. He's also got a lot of knowledge of Cisco technology, so it won't take much time to get him up to speed."

Lynn has a standing invitation to speak at future Black Hat events. If he does, count on a packed house.

--Larry Greenemeier

3 of 8
Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.