The 'Unthinkable' Becomes Possible - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

10:10 AM

The 'Unthinkable' Becomes Possible

When a young information security researcher made the bold claim this summer that he could do the unthinkable to the world's networking infrastructure, security professionals took notice. Michael Lynn's July presentation at the Black Hat security conference proved that hackers could exercise control over Cisco Systems' once-impenetrable Internetwork Operating System.

Cisco was not amused. The company had Lynn and Black Hat sign a permanent injunction forbidding them from disclosing or disseminating Lynn's presentation, titled "Cisco IOS Shellcode And Exploitation Techniques," although slides as well as digital photos of the presentation still are available on the Web. Lynn, who had been studying IOS code as an employee of security vendor Internet Security Systems Inc., also is barred from making further presentations at conferences for hackers. Other stipulations prevent Lynn, who quit his job, from decompiling Cisco code currently in his possession and required that he return all ISS-owned materials to the company.

Lynn's case was unique because of the seriousness of the flaw he exposed, says Jennifer Granick, executive director of the Stanford Law School Center for Internet and Society and Lynn's lawyer. "Cisco routers make up so much of the backbone of the Internet, and people don't really update routers like they do their desktops," she says.

Reactions to Lynn's bravado are mixed. "What he did was a service," says George Roettger, Internet security specialist for Internet service provider NetLink Services Inc., which serves Ohio and surrounding areas. "Lynn didn't give out information that nobody knew before; he just proved it was possible."

The resulting awareness that Lynn's presentation created wasn't a bad thing, says Dan Lukas, lead security architect for Aurora Health Care in Wisconsin, a not-for-profit health-care network. And he believes companies should be just as concerned with internal security threats. Says Lukas, "I'm more worried about an internal user who knows how your servers are named than someone trying to hack in from the outside."

Return to the story:
The Next Big Target

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll