DefCon Day 1: Lynn Presentation Circulating on Internet
LAS VEGAS, July 29 -- The full, unedited version of Michael Lynn's controversial presentation on flaws he claims to have uncovered in the software powering Cisco Systems's widely used Internet routers has been posted on a series of Web sites, and copies of it are being freely exchanged at the DefCon hacker conference here. (I believe one reader posted a link in the comments area of a previous post, but I'll let you find it on your own.)
This is the same presentation, of course, that Cisco and Lynn's former employer, Internet Security Systems, obtained a court injunction to have destroyed (see previous posts).
One DefCon attendee who asked not to be named told me today that an international consortium of hackers is now working around the clock to write software code that could be used to exploit the flaw Lynn uncovered. I have not been able to confirm that, but everyone here is saying they expect an exploit to be released sometime in the next few days.
Rumors also are flying that Lynn is about to be charged with federal crimes for releasing the details of his research. Lynn declined to talk to me when I reached him on his cell. His lawyer, Jennifer Grannick, confirmed that FBI agents were investigating the incident, but she said that Lynn had not yet been arrested or charged with any crime.
Lots of people here, including many who have real problems with what Lynn did and how he did it, acknowledge that if Lynn is charged it could very well discourage many security researchers from even approaching companies about vulnerabilities they have found in commercial software and hardware. In the end, this means the bad guys -- who are taking advantage of such flaws to break into companies, conduct cyber extortion and conduct espionage -- will be able to continue exploiting flaws.
By the way, a group of concerned hackers has set up a legal defense fund for Lynn. The PayPal account where anyone interested can send money is firstname.lastname@example.org.
Posted by: H. Carvey | August 2, 2005 4:50 PM | Report abuse
Posted by: Tony Freeman | August 2, 2005 9:37 PM | Report abuse
The comments to this entry are closed.