Black Hat: The Latest on Lynn and Cisco
LAS VEGAS, July 27 -- The Michael Lynn story keeps getting more interesting. The computer security researcher lost his job at Internet Security Systems today after he briefed Black Hat conference attendees about a flaw in the software that powers Internet routers made by Cisco Systems. The latest is that Lynn has been served with a temporary restraining order designed to prevent him from discussing any more details about the flaw.
In the order, which was jointly filed by ISS and Cisco, Lynn is said to have illegally reverse-engineered Cisco source code and that he stands to profit from this research. A copy of the document, obtained by washingtonpost.com, reads: "Cisco believes that Lynn is also disclosing ISS and Cisco proprietary information outside of the context of a formal presentation as well."
Reading over the papers faxed to him in his hotel room, Lynn called the accusations ridiculous.
"I'm probably going to go bankrupt because of what I did today," Lynn said. "I mean, I have car payments that I'm afraid I'm not going to be able to make now."
Cisco routers are used on nearly every major segment of the Internet infrastructure. By exploiting the flaws described in his talk today, Lynn said attackers could crash those systems or intercept Internet communications. An automated attack against the router flaw -- delivered through an Internet worm, for example -- could effectively darken much of the Internet, he said.
According to people who heard the presentation today, Lynn demonstrated how the flaw could be exploited but obscured much of the technical details that an attacker would need to know to pull it off. The injunctions filed against him state that ISS and Cisco had been working together on the flaw for the past four months, and that up until earlier this week, a Cisco executive was slated to co-present the findings with Lynn at Black Hat. But on Monday, Cisco asked conference organizers to pull Lynn's presentation from the conference materials handed out to attendees.
Lynn said several people familiar with the legal proceedings told him Cisco and ISS also were seeking to have the local sheriff's office seize his laptop computer and other equipment. A spokeswoman for Cisco said she did not believe the restraining order included a request for Lynn's possessions. Lynn is scheduled to appear in federal district court at 8:00 a.m. Thursday.
It remains unclear whether Lynn will face criminal or civil charges for his talk today. But from the injunction application filed today, in which the companies cited previous cases involving the theft of trade secrets, the two companies hinted at the former, saying "there should be no bond requirement or the bond requirement should be minimal."
Lynn said he quit his job at ISS and went ahead with his presentation because he felt that the Cisco flaw is extremely serious. He said he intends to take a stand in court so that other security researchers aren't bullied into burying their findings when the companies they're researching decide not to publicly address serious security flaws in their products.
"They're trying to intimidate and scare me, and I'll be honest it's working a little bit, but not enough. People who know me will tell you I have a long history of not being afraid of people I should."
See my previous post for Cisco's official line on Lynn.
Posted by: Jasen | July 28, 2005 11:45 AM | Report abuse
Posted by: Mike | July 28, 2005 12:34 PM | Report abuse
Posted by: phybre | July 28, 2005 12:55 PM | Report abuse
Posted by: Chris | July 28, 2005 12:55 PM | Report abuse
Posted by: Bob | July 28, 2005 1:34 PM | Report abuse
Posted by: drfez | July 28, 2005 2:15 PM | Report abuse
Posted by: hhhobbit | July 28, 2005 3:20 PM | Report abuse
Posted by: Robert Guess | July 28, 2005 4:06 PM | Report abuse
Posted by: Disenfranchised with Cisco | July 28, 2005 5:57 PM | Report abuse
Posted by: Jim | July 29, 2005 12:37 AM | Report abuse
Posted by: npguy | July 29, 2005 1:48 AM | Report abuse
Posted by: Johann | July 29, 2005 10:49 AM | Report abuse
Posted by: Jason | July 29, 2005 12:06 PM | Report abuse
Posted by: Yougy | July 30, 2005 1:47 PM | Report abuse
Posted by: dc0de | July 30, 2005 4:52 PM | Report abuse
Posted by: Jack | August 2, 2005 9:47 AM | Report abuse
Posted by: Bah Humbug | August 2, 2005 4:58 PM | Report abuse
Posted by: anonymous | August 3, 2005 1:33 PM | Report abuse
The comments to this entry are closed.