.comment-link {margin-left:.6em;}
Visit Freedom's Zone Donate To Project Valour

Saturday, July 30, 2005

Cisco V Michael Lynn

Michael Lynn lost the battle (BBC):
Mr Lynn found out about the Cisco bugs while working at computer security consultants, Internet Security Systems - a job he left only hours before he presented the information to the conference.

He said it was important to get information about the bugs in to the public domain.

Cisco did not agree and won an injunction that bars Mr Lynn and organisers of the Black Hat conference from ever talking about what they know.
More details at the PC World blog:
At the conclusion of the Black Hat Briefings yesterday, embattled security researcher Michael Lynn diclosed the agreement he and the conference made with Cisco Systems and Internet Security Systems concerning his presentation on Cisco software vulnerabilities....

Under the terms of a permanent injunction, sought by both Cisco and Lynn's former employer, ISS, Lynn must give the companies all of his research materials, including the presentation slides, his notes, and proof-of-concept software Lynn wrote that he used during his presentation. Black Hat must give Cisco the videotape of the presentation made by the conference's audio-visual contractor. Parts of the presentation have already been posted on security Web sites.
A prior WP blog post explaining the lead up:
According to people who heard the presentation today, Lynn demonstrated how the flaw could be exploited but obscured much of the technical details that an attacker would need to know to pull it off. The injunctions filed against him state that ISS and Cisco had been working together on the flaw for the past four months, and that up until earlier this week, a Cisco executive was slated to co-present the findings with Lynn at Black Hat. But on Monday, Cisco asked conference organizers to pull Lynn's presentation from the conference materials handed out to attendees.
Not very reassuring. But the information escaped, and Cisco did publish a security alert with one problem and the patches available. Presentation slides (pdf) are up at InfoWarrier.


Comments: Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?