Black Hat Day 2: Peace Breaks Out
LAS VEGAS, July 28 -- Michael Lynn, the security researcher whose talk yesterday about new flaws in Cisco Systems routers landed him in court this morning, has settled the legal dispute with Cisco and his former employer, Atlanta-based Internet Security Systems.
Under the terms of a permanent injunction signed by a federal judge this afternoon, Lynn will be forever barred from discussing the details about his research into the vulnerabilities he claimed to have discovered in the widely used Cisco hardware.
According to a copy of the injunction obtained by washingtonpost.com, the settlement also requires Lynn to "prepare complete mirror images of all computer data in his possession or control. ISS and Lynn shall appoint a third party forensic expert to verify, in the presence of ISS and Lynn (or his representative), on the mirror image, that Lynn has provided to ISS and/or Cisco any ISS- or Cisco-owned materials."
After said expert is done with the data, all of the Cisco-related information on Lynn's computer hard drive must be securely deleted.
Black Hat Inc., the sponsor of the eponymous conference, was also targeted by the injunction and will be required to destroy any and all video recordings of Lynn's presentation.
The conference organizers were slated to hold a press conference about the whole mess this afternoon. I will file an update if the briefing adds anything substantial to the story. But just because Lynn, Cisco and ISS have made peace won't please security experts gathered here. What more can the companies disclose about Lynn's research? If the flaw is indeed serious, when will a patch be made available, and how will they work with Cisco's huge customer roster to make sure the fixes are rolled out quickly and efficiently?
Posted by: Anonymous | July 29, 2005 5:51 AM | Report abuse
Posted by: roland | July 29, 2005 9:55 AM | Report abuse
Posted by: Johann | July 29, 2005 11:02 AM | Report abuse
Posted by: If there's a flaw, fix it... | July 29, 2005 1:56 PM | Report abuse
The comments to this entry are closed.