Friday, July 29, 2005

Cisco Silencing former ISS employee about possible problems with internet routers

At the Black Hat 2005 conference, former ISS employee Michael Lynn was to discuss the possible exploits of Cisco routers. The presentation was pulled by the Black Hat Organizers (particularly Jeff Moss) under threat of lawsuit by Cisco and ISS. Furthermore, they are in the process of silencing all those that might have had a mirror of the presentation (see the following infowarrior site), which basically they threatened the site operator to pull the information or face a suit himself. As the Internet Storm Center so elequently put it -

Lynn's Cat is Out of The Bag

While Black Hat may have torn out paper pages, the PDF of Michael Lynn's presentation, "The Holy Grail: Cisco IOS Shellcode and Exploitation Techniques," lives on. Given the amount of attention this thing has gotten, mirrors and links to it are now all over the place.

Shame on Cisco and ISS for their conduct to a security researcher that was discussing a possible issue that he had discovered in working for ISS that can affect much of the core of the internet. There was to be nothing in there to tell the black hats that might be attending the conference before DEFCON 2005 how to exploit it (basically, they would have to do the same research that Lynn did). Many top proponents of full disclosure (like Bruce Schneier) have railed on these companies for the way they handled the situation.

What is Cisco trying to hide...


Post a Comment

<< Home