News
News
7/27/2005
09:02 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Cisco, ISS File For Injunction In Black Hat Security Flap

Cisco Systems and ISS late Wednesday filed for an injunction against a former ISS researcher who exposed vulnerabilities in Cisco’s router operating system at the Black Hat conference in Las Vegas earlier in the day.

Cisco Systems and ISS late Wednesday filed for an injunction against a former ISS researcher who exposed vulnerabilities in Cisco’s router operating system at the Black Hat conference in Las Vegas earlier in the day.

The motion, filed in U.S. District Court in San Francisco, seeks a temporary restraining order to stop Michael Lynn, a former ISS employee, from further releasing proprietary information belonging to Cisco and Internet Security Systems. The injunction also names the organizers of the Black Hat conference as defendants.

The filing stems from Lynn’s Wednesday morning speech at the Black Hat conference. In that talk, Lynn explained how he was able to exploit known vulnerabilities in Cisco’s IOS software.

Lynn’s presentation at Black Hat, based on research he conducted as a member of ISS’ X-Force R&D team, was canceled by ISS after the company reached an agreement with Cisco, and copies of Lynn’s presentation were removed from conference materials.

But Lynn, determined to proceed with the talk, resigned from ISS in order to present the research at Black Hat, according to an ISS spokesperson.

In the motion, Cisco charges that Lynn decompiled Cisco’s software in his research, a violation of intellectual property and software license rights. ISS further charges that the research Lynn presented was conducted while Lynn was an employee of ISS, thus the research belongs to the company.

“Cisco respects and encourages the work of independent research scientists; however, we follow an industry established disclosure process for communicating to our customers and partners,” the company said in a statement released Wednesday. “It is especially regretful, and indefensible, that the Black Hat Conference organizers have given Mr. Lynn a platform to publicly disseminate the information he illegally obtained.”

Cisco’s statement added that Lynn’s presentation was not a disclosure of a new vulnerability or a flaw with Cisco IOS software, but an exploration of “ways to expand exploitations of existing security vulnerabilities impacting routers.”

Attempts to reach Lynn for comment were unsuccessful.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.