Michael Lynn, who prior to the Black Hat conference in July 2005, was employed by Internet Security Systems (ISS), now works for the Sunnyvale, Calif.-based network hardware maker in an unknown capacity.
Lynn's controversial presentation at Black Hat -- which offered up new techniques that could be applied to a months'-old vulnerability in Cisco's IOS (Internetwork Operating System) -- was blasted by Cisco, which quickly took Lynn to court in hopes of stifling him. Within days, Lynn promised to never again discuss his findings. Cisco and ISS also pressured the conference to reclaim all presentation materials.
In order to present at Black Hat, Lynn was forced to resign from ISS; at the end of his presentation, he put his resume on a screen and said he was looking for a job.
Cisco took a hard line against Lynn because his new attack methodology would allow attackers to seize control of Cisco routers or render them inoperative. The company's hardware plays a dominant role in the Internet's infrastructure, and any mass attack on its routers could cripple the Net.
Coincidentally, Cisco released a critical security advisory Wednesday, Nov. 2, and a patch for a vulnerability that the company claims it uncovered after additional investigation into Lynn's presentation and exploit techniques.