Cisco's black eye at Black Hat

There I was, running late to the Black Hat conference because of the weather, riding the long escalator to the third floor of Caesar's Palace in Vegas when I heard someone at the top of the stairs yell to someone behind me on the escalator.

"Man, hurry up. I think this dude is about to be arrested."

That was my first clue that something was up at the annual Black Hat conference. When I got to the top of the stairs, the buzz was even louder, and I followed it into Michael Lynn's presentation on flaws found in Cisco's Internet routers.

Still, I didn't really know what was going on just yet. I just saw a man standing in front of a large, responsive crowd wearing a white hat that looked like it said "Goo" on it. Like most first impressions, that one was wrong. The hat actually said "Good," and Lynn's presentation, though it seemed similar to others I've seen at other shows detailing flaws in various operating systems, was a little more substantial.

After the talk, I saw a woman rush up to Lynn and ask whether he had really just left his job at Internet Security Systems.

"Yes, as of this morning, I'm officially unemployed," Lynn said.

"Send me your résumé," the woman yelled back.

The only thing better in America than being famous is being infamous.

I slowly put two and two together and realized that Lynn had left ISS in order to deliver his presentation on security flaws at Cisco. Cisco and ISS were quick to jump on Lynn and Black Hat for the presentation, but all that did was rile up the hackers, who, if nothing else, love a good cause.

Before the day was out, I was being offered a MiniDisc containing the slides and audio recording of Lynn's talk along with a nice $15 Rolex and a bootlegged live recording of Green Day. I passed on the disc, which was a good move since most of the materials have since found their way to the Web in one form or another.

Aside from the fact that someone did something at a conference that was not scripted out beforehand like a major motion picture and made some real news, I didn't see what all the fuss was about. Cisco had already patched the flaw, and so I assumed most companies and organizations would install the patch in a timely fashion.

It wasn't until I went to Dan Kaminsky's presentation, in which he demonstrated how woefully some organizations update their servers, that I realized a bit of Cisco's -- and the IT industry's -- pain. Even if a patch is developed, distributed and downloaded, there is no guarantee that everyone will install it or maintain it properly. Few companies want to put up with the network downtime required to make the patch.

It is a sobering thought, but hammering the jobless Michael Lynn hardly seems like the way to prevent these problems. From what I hear, ISS's attempts to shut up Lynn and the Black Hat presentation with injunctions and legal action have given hackers yet another cause: hacking the flaw.

Oddly enough, as I wrote about last week, TippingPoint was offering to pay researchers and hackers for information on unpublished security flaws; some companies disagreed with that plan. But here was someone doing so at his own expense.

I think the Black Hat buzz and the TippingPoint offer say something about the industry moving forward a bit. Denial seems to be a losing ground in favor of dealing with the flaws that are out there. I don't know if that makes us sleep any sounder, but at least we're not lying to ourselves anymore.