News
News
7/27/2005
09:02 PM
Connect Directly
RSS
E-Mail
50%
50%

Cisco, ISS File For Injunction In Black Hat Security Flap

Cisco Systems and ISS late Wednesday filed for an injunction against a former ISS researcher who exposed vulnerabilities in Cisco’s router operating system at the Black Hat conference in Las Vegas earlier in the day.

Cisco Systems and ISS late Wednesday filed for an injunction against a former ISS researcher who exposed vulnerabilities in Cisco’s router operating system at the Black Hat conference in Las Vegas earlier in the day.

The motion, filed in U.S. District Court in San Francisco, seeks a temporary restraining order to stop Michael Lynn, a former ISS employee, from further releasing proprietary information belonging to Cisco and Internet Security Systems. The injunction also names the organizers of the Black Hat conference as defendants.

The filing stems from Lynn’s Wednesday morning speech at the Black Hat conference. In that talk, Lynn explained how he was able to exploit known vulnerabilities in Cisco’s IOS software.

Lynn’s presentation at Black Hat, based on research he conducted as a member of ISS’ X-Force R&D team, was canceled by ISS after the company reached an agreement with Cisco, and copies of Lynn’s presentation were removed from conference materials.

But Lynn, determined to proceed with the talk, resigned from ISS in order to present the research at Black Hat, according to an ISS spokesperson.

In the motion, Cisco charges that Lynn decompiled Cisco’s software in his research, a violation of intellectual property and software license rights. ISS further charges that the research Lynn presented was conducted while Lynn was an employee of ISS, thus the research belongs to the company.

“Cisco respects and encourages the work of independent research scientists; however, we follow an industry established disclosure process for communicating to our customers and partners,” the company said in a statement released Wednesday. “It is especially regretful, and indefensible, that the Black Hat Conference organizers have given Mr. Lynn a platform to publicly disseminate the information he illegally obtained.”

Cisco’s statement added that Lynn’s presentation was not a disclosure of a new vulnerability or a flaw with Cisco IOS software, but an exploration of “ways to expand exploitations of existing security vulnerabilities impacting routers.”

Attempts to reach Lynn for comment were unsuccessful.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.