News
News
7/27/2005
09:02 PM
50%
50%

Cisco, ISS File For Injunction In Black Hat Security Flap

Cisco Systems and ISS late Wednesday filed for an injunction against a former ISS researcher who exposed vulnerabilities in Cisco’s router operating system at the Black Hat conference in Las Vegas earlier in the day.

Cisco Systems and ISS late Wednesday filed for an injunction against a former ISS researcher who exposed vulnerabilities in Cisco’s router operating system at the Black Hat conference in Las Vegas earlier in the day.

The motion, filed in U.S. District Court in San Francisco, seeks a temporary restraining order to stop Michael Lynn, a former ISS employee, from further releasing proprietary information belonging to Cisco and Internet Security Systems. The injunction also names the organizers of the Black Hat conference as defendants.

The filing stems from Lynn’s Wednesday morning speech at the Black Hat conference. In that talk, Lynn explained how he was able to exploit known vulnerabilities in Cisco’s IOS software.

Lynn’s presentation at Black Hat, based on research he conducted as a member of ISS’ X-Force R&D team, was canceled by ISS after the company reached an agreement with Cisco, and copies of Lynn’s presentation were removed from conference materials.

But Lynn, determined to proceed with the talk, resigned from ISS in order to present the research at Black Hat, according to an ISS spokesperson.

In the motion, Cisco charges that Lynn decompiled Cisco’s software in his research, a violation of intellectual property and software license rights. ISS further charges that the research Lynn presented was conducted while Lynn was an employee of ISS, thus the research belongs to the company.

“Cisco respects and encourages the work of independent research scientists; however, we follow an industry established disclosure process for communicating to our customers and partners,” the company said in a statement released Wednesday. “It is especially regretful, and indefensible, that the Black Hat Conference organizers have given Mr. Lynn a platform to publicly disseminate the information he illegally obtained.”

Cisco’s statement added that Lynn’s presentation was not a disclosure of a new vulnerability or a flaw with Cisco IOS software, but an exploration of “ways to expand exploitations of existing security vulnerabilities impacting routers.”

Attempts to reach Lynn for comment were unsuccessful.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.