News
News
7/27/2005
09:02 PM
Connect Directly
RSS
E-Mail
50%
50%

Cisco, ISS File For Injunction In Black Hat Security Flap

Cisco Systems and ISS late Wednesday filed for an injunction against a former ISS researcher who exposed vulnerabilities in Cisco’s router operating system at the Black Hat conference in Las Vegas earlier in the day.

Cisco Systems and ISS late Wednesday filed for an injunction against a former ISS researcher who exposed vulnerabilities in Cisco’s router operating system at the Black Hat conference in Las Vegas earlier in the day.

The motion, filed in U.S. District Court in San Francisco, seeks a temporary restraining order to stop Michael Lynn, a former ISS employee, from further releasing proprietary information belonging to Cisco and Internet Security Systems. The injunction also names the organizers of the Black Hat conference as defendants.

The filing stems from Lynn’s Wednesday morning speech at the Black Hat conference. In that talk, Lynn explained how he was able to exploit known vulnerabilities in Cisco’s IOS software.

Lynn’s presentation at Black Hat, based on research he conducted as a member of ISS’ X-Force R&D team, was canceled by ISS after the company reached an agreement with Cisco, and copies of Lynn’s presentation were removed from conference materials.

But Lynn, determined to proceed with the talk, resigned from ISS in order to present the research at Black Hat, according to an ISS spokesperson.

In the motion, Cisco charges that Lynn decompiled Cisco’s software in his research, a violation of intellectual property and software license rights. ISS further charges that the research Lynn presented was conducted while Lynn was an employee of ISS, thus the research belongs to the company.

“Cisco respects and encourages the work of independent research scientists; however, we follow an industry established disclosure process for communicating to our customers and partners,” the company said in a statement released Wednesday. “It is especially regretful, and indefensible, that the Black Hat Conference organizers have given Mr. Lynn a platform to publicly disseminate the information he illegally obtained.”

Cisco’s statement added that Lynn’s presentation was not a disclosure of a new vulnerability or a flaw with Cisco IOS software, but an exploration of “ways to expand exploitations of existing security vulnerabilities impacting routers.”

Attempts to reach Lynn for comment were unsuccessful.

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.