Cisco's Research Nemesis Hired By Rival Juniper

Researcher Michael Lynn's presentation about a Cisco security flaw at the Black Hat conference stirred up much controversy, with Cisco taking him to court in a bid to stifle him from sharing his findings any more widely.
The security researcher who stirred up a hornet's nest last summer when he went public with a new exploitation tactic against Cisco's popular network routers has been hired by rival Juniper Networks.

Michael Lynn, who prior to the Black Hat conference in July 2005, was employed by Internet Security Systems (ISS), now works for the Sunnyvale, Calif.-based network hardware maker in an unknown capacity.

Lynn's controversial presentation at Black Hat -- which offered up new techniques that could be applied to a months'-old vulnerability in Cisco's IOS (Internetwork Operating System) -- was blasted by Cisco, which quickly took Lynn to court in hopes of stifling him. Within days, Lynn promised to never again discuss his findings. Cisco and ISS also pressured the conference to reclaim all presentation materials.

In order to present at Black Hat, Lynn was forced to resign from ISS; at the end of his presentation, he put his resume on a screen and said he was looking for a job.

Cisco took a hard line against Lynn because his new attack methodology would allow attackers to seize control of Cisco routers or render them inoperative. The company's hardware plays a dominant role in the Internet's infrastructure, and any mass attack on its routers could cripple the Net.

Coincidentally, Cisco released a critical security advisory Wednesday, Nov. 2, and a patch for a vulnerability that the company claims it uncovered after additional investigation into Lynn's presentation and exploit techniques.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing