Researcher Michael Lynn's presentation about a Cisco security flaw at the Black Hat conference stirred up much controversy, with Cisco taking him to court in a bid to stifle him from sharing his findings any more widely.
The security researcher who stirred up a hornet's nest last summer when he went public with a new exploitation tactic against Cisco's popular network routers has been hired by rival Juniper Networks.
Michael Lynn, who prior to the Black Hat conference in July 2005, was employed by Internet Security Systems (ISS), now works for the Sunnyvale, Calif.-based network hardware maker in an unknown capacity.
Lynn's controversial presentation at Black Hat -- which offered up new techniques that could be applied to a months'-old vulnerability in Cisco's IOS (Internetwork Operating System) -- was blasted by Cisco, which quickly took Lynn to court in hopes of stifling him. Within days, Lynn promised to never again discuss his findings. Cisco and ISS also pressured the conference to reclaim all presentation materials.
In order to present at Black Hat, Lynn was forced to resign from ISS; at the end of his presentation, he put his resume on a screen and said he was looking for a job.
Cisco took a hard line against Lynn because his new attack methodology would allow attackers to seize control of Cisco routers or render them inoperative. The company's hardware plays a dominant role in the Internet's infrastructure, and any mass attack on its routers could cripple the Net.
Coincidentally, Cisco released a critical security advisory Wednesday, Nov. 2, and a patch for a vulnerability that the company claims it uncovered after additional investigation into Lynn's presentation and exploit techniques.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.