Researcher agrees to silence on Cisco flaws

Free Newsletters

Log-in | Register

Researcher agrees to silence on Cisco flaws Cisco plans to issue a security advisory 'within the next day'
By Stephen Lawson and Robert McMillan, IDG News Service July 29, 2005			E-mail Printer Friendly Reprints Slashdot It!

A security researcher who gave a presentation on vulnerabilities in Cisco Systems routers at this week's Black Hat USA conference has agreed not to further discuss the issue under the terms of a permanent injunction issued by a U.S. federal court.

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Microsoft

Cisco plans to issue a security advisory "within the next day," according to a statement the company released on Thursday after the injunction was issued.

Cisco and Internet Security Systems (ISS) sought the injunction on Wednesday against Michael Lynn, who gave the Wednesday morning presentation, and Black Hat, which organized the Las Vegas computer security conference. It was granted on Thursday by Judge Jeffrey White of the U.S. District Court for the Northern District of California, in San Francisco.

All parties involved in the case have agreed to the injunction, effectively putting an end to a dispute that dominated the final two days of Black Hat and diminished the reputation of Cisco and ISS in the eyes of many attendees.

ISS had originally replaced the presentation, entitled "The Holy Grail: Cisco IOS Shellcode and Remote Execution," with a different one and had ensured the presentation materials were torn out of a book that was part of the materials given out at the Black Hat show.

But Lynn, a research analyst at ISS, quit his job at ISS and gave the presentation anyway.

"The information that Mr. Lynn disclosed at the conference, we believe was illegally obtained, and included Cisco intellectual property," said Cisco spokesman John Noh.

Lynn described a now-patched flaw in the Internetwork Operating System (IOS) software used to power Cisco's routers, and demonstrated a buffer-overflow attack in which he took control of a router. Although Cisco was informed of the flaw by ISS, and patched its firmware in April, users running older versions of the company's software are at risk, he said.

Among other things, the injunction issued Thursday blocks Lynn from disclosing or disseminating any part of the presentation, disseminating any video recording of the presentation, or disassembling or reverse engineering Cisco code in the future.

Cisco had sought the injunction "to stop continued irresponsible public disclosure of illegally obtained proprietary information," it said in a statement.

At a news conference Thursday afternoon, Lynn admitted that he had converted some of Cisco's binary code into a human-readable form, a process called reverse-engineering. But he disputed the idea that this was an illegal practice. "It's generally speaking not illegal to reverse engineer for security reasons," he said.

Many end-user license agreements, including Cisco's, prohibit reverse-engineering.

Lynn said the attention that the case drew will push Cisco to improve the security of its routers. "I think I did the right thing. It was pretty scary, but the real important message was [that] there was a potential or serious problem coming in the future. It wasn't too late to fix it, but you had to take it seriously," Lynn said.

"I didn't think the nation's interests were served by waiting until another year, until a router worm would be a serious threat," he said.

Cisco welcomed the injunction.

"Cisco's actions with Mr. Lynn and Black Hat were not based on the fact that a flaw was identified, rather that they chose to address the issue outside of established industry practices and procedures for responsible disclosure. It is Cisco's opinion that the method Mr. Lynn and Black Hat chose to disseminate this information was not in the best interest of protecting the Internet," the company said in its statement.

By pointing out the possibility of a worm attack on Cisco's routers, Lynn has performed a valuable service, said Black Hat attendee James Pearl, a consultant with Booz Allen Hamilton.

He did not have kind words for Cisco, and said the networking giant's attitude toward security might ultimately be bad for Cisco's business. "Security through obscurity doesn't work. You can stick your head in the sand but your butt's in the air," he said. "Do I really want to go with a company like Cisco that had to hide their problems?"

But Lynn's former employer, ISS, came out "the real loser in this," he said. "They've lost somebody really good, and everybody's saying, 'You didn't stand up for your guy.'"

E-mail

Printer Friendly

Reprints

Slashdot It!

TOP NEWS:

» Think small with Linutop 2 PC
The tiny, energy-efficient Linux-based Linutop 2 is a low-cost, minimalist PC that is eerily quiet to use

» Sun technologist: SOAP stack a 'failure'
Tim Bray, co-inventor of XML, prefers REST mechanism over SOAP

» Software piracy hurts the open-source community too
Many nations are beginning to see stolen proprietary software as a lost opportunity for open source software, whose development can encourage innovation and job growth

» Intel readies slew of embedded chips based on Atom core
Intel is trying to increase performance and drop power consumption in more than 15 system-on-chips that use the Atom core

» Microsoft surprise reorganization aimed at online woes
Microsoft's online troubles hint at larger vulnerability; the company is facing challenges in areas that have been a lock for many years

» Attack code released for DNS bug
Security experts warn that this attack code may give cybercriminals a way to launch virtually undetectable phishing attacks

Are you ready for event-driven business?
"Faster than a speeding bullet" doesn't just refer to superheroes anymore, it's the velocity your business needs to compete. In this webcast you will learn strategies you can implement today that will keep your systems ahead of the increased business velocity. Sponsor: Progress Sonic

» Click here to view this Webcast

Zombie PCs Are Attacking Your LAN
A recent study showed that malware-infected zombie PCs are now a bigger threat to ISPs and Web infrastructure than DoS attacks. As this brand new IT Strategy Guide explains, an increased use of peer-to-peer techniques by the attackers has made it harder to fight back. Download now, compliments of Verio:

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Software Quality Management for SOA - SOA brings challenges for every part of the IT organization, and the IT quality organization is no exception. IT quality...
How Does Your IT Help Desk Measure Up? - Today's IT help desks must respond to their companies' growing service needs without increasing their already strained staff...
Best Practices for the Service Desk - According to a recent study only 53 percent of surveyed IT users are satisfied with their help desk support. Download this...
Discover How to Provide Anytime, Anywhere IT Support - Remote employees unduly bogged down with technical problems can mean significant losses in productivity, revenue and satisfaction...
Class of Service: Myths and Misconceptions - There has been much discussion about the benefits of CoS; but, there are also common myths, which unless challenged, can...
Factors to consider when comparing DSL or Cable - As the demand for high-speed access increases, businesses are looking for cost-effective connection options for remote workers...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

•

Application development

•

•

•

•

•

•

•

•

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

TECH WATCH

What's the 411 on GOOG-411?
Just as Google has become synonymous with "performing a Web search," 411 is understood to mean "information" -- as in "what's the 411?" I was thus surprised to discover, from a billboard, no less, that the king of search is taking on the ...

Apple HTML source reveals 'iPhone Extreme'
"This one's a stretch..." reports AppleInsider. Um, yeah. Reporting on HTML code sightings of product names could be called a stretch, but iPhone Extreme has a ring to it. Now, that sounds like the product Apple should have released first, rather ...

COLUMNISTS

Unified under law

(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...

» MORE COLUMNISTS

MORE INFOWORLD BLOGS

Open Sources

Product Management
When I joined MySQL four years ago, there was quite a lot of debate about product management. We didn't actually have ...

Zero Day

Botnet herders tending smaller flocks
New research backs up the theory that botnet operators are keeping their networks smaller in a continued effort to keep ...

• Advice Line
• Database Underground
• The Deep End
• Enterprise Mac
• Geeks in Paradise
• Grid Meter
• The Gripe Line
• InfoWorld Daily
• Inside IT
• IT Troubleshooter
• ITXtreme
• Open Sources
• ProdBlog
• Real World SOA
• Reality Check
• Security Adviser
• SMB IT
• The Storage Network
• Tech Watch
• Virtualization Report
• Zero Day

RESOURCE CENTER	advertisement
Ads by techwords beta See your link here

GOVERNMENT IT & POLICY
•	'If you don't go after the network, you're never going to stop these guys. Never.'
•	From the State Department, All the News for Inquiring Minds
•	TechPresident, the Internet Citizenry's New Consensus Taker

Sponsored Technology Links
SGI - SGI Adaptive Data Warehouse: Building a High-End Oracle Data Warehouse Microsoft - Learn about the software-based VoIP solution from Microsoft. Vizioncore - Complete Solutions for Virtual Server Management Microsoft - Meet Windows Server 2008. The server unleashed. HP - Whitepaper: How IT Quality Managers Respond to SOA Change Xerox - Experience the colorful side of business at www.frugalcolor.com IBM - Webcast: Take control of your content- leverage MOSS HP - Whitepaper: Software Quality Management for SOA AT&T - Thinking about IMS AT&T - Factors to consider when comparing DSL or Cable AT&T - Going mobile with today's technology AT&T - What to expect from a Technology Assessment. Polycom - Telepresence For The Enterprise GoToMyPC - Research Brief: Providing Secure and Cost-Effective Remote Access AppAssure - Keeping the E-Mail Flowing Tripwire - Secure your virtual and physical environments with the same software. CA - Efficient - Flexible - Compliant PGP - Is Your Data Safe? Novell, IBM, and Intel - Solution for Open Virtualization Provides Server Consolidation Curl - IT Guide: Rich Internet Application (RIA) Security Symantec - Whitepaper: Secure, recover, and archive critical information Microsoft - {Open Source} Heroes Happen Here Symantec - Whitepaper: Protecting Microsoft(R) Applications Riverbed - Five Ugly Truths about WAFS and Caching InterSystems - Use Ensemble - quickly create composite applications. Cirba - Advanced Workload Analysis Techniques		Rackspace - Go Green Without Sacrificing Server Performance CA - Manage your IT more effectively. AT&T - Measuring mobile productivity CA - Plan IT better, Manage IT better. AT&T - Refine your company's plan for a Business Disruption Event Cirba - Consolidating Workloads onto Mainframes AT&T - Class of Service: Myths and Misconceptions AT&T - Enhancing security through Quantum Cryptography Riverbed - Wide Area Data Services Microsoft - Microsoft Forefront makes defending your systems easier. Learn how. HP - Explore the interactive whitepaper: Rightsizing Blades for the mid-market. Symantec - Webcast: Beyond AntiVirus AMD - Renowned Engineering Institution Chooses AMD Processor-Based Servers AMD - Watch this flash demo of the Quad-Core AMD Opteron Processor EMC - EMC and VMware help you build your virtualized infrastructure. AMD - HP and Oracle deploy unbreakable computing infrastructure Qwest - Learn how Qwest voice and data solutions can save you time. MKS - The Power of UNIX/Linux on Windows with MKS Toolkit Vision Solutions - Is your smaller organization ready for High Availability? Vision Solutions - Is system maintenance doing more harm than good? HP - NEW HP LaserJet P4014n printer Starting at $699 after $100 IS. HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW HP - Speed, agility, flexibility - The HP BladeSystem c-Class. Nokia - Restore Your Mobile Devices With One Click Oracle - The Power of Two with SOA and BPM

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist