silicon-valley-sleuth

a blog from

And so Cisco's IOS nightmare continues

  • Tweet this

Cisco and ISS just can't resist to further ruin their damaged relationship with the security community and have expanded their legal campaign against an IOS vulnerability hack to any website that offers the slides from a presentation that they had failed to stop.

But as the spat's latest victim notices, this will only turn more attention towards the flaw and the real problem of Cisco's vulnerability.

First Cisco and ISS sued security expert Michael Lynn over giving details about a vulnerability in the IOS software that runs Cisco's routers on Wednesday at the Black Hat security conference in Las Vegas. As usually happens, the party that brought in the most lawyers won. Lynn didn't have much of a defence given that he had used information that he wasn't supposed to have after he quit his job at ISS, and had obtained it illegally to begin with by reverse engineering IOS.

But as the injunction against Lynn already suggested (see previous post), Cisco and ISS didn't stop at Lynn. They are now sending cease and desist notices to operators of websites that offer detailed information about Lynn's presentation, demanding that they remove the information.

Enter Richard Forno's website at Infowarrior.org. At 4 PM on Friday users could download a PDF document with Lynn's presentation from the website. I too could have done so, but I prefer to spend my days writing about Cisco's legal spats, not being part of them .

Forno received a fax from an ISS attorney at 5:22 PM. Shortly thereafter he took the document offline and replaced it with the fax.

Forno is anything but a coward for taking the document offline. As he points out in an email to vnunet.com, this only focuses more attention to the whole IOS issue. And hopefully it will fuel a serious discussion about the role of the software in the (in)security of the internet.

There must be a few PR managers and senior executives at Cisco scratching their heads this weekend, trying to figure out how the router maker that seemed to could do no wrong suddenly turned into the boogieman of the high tech industry.

The answer is very simple: they went bad the moment they got the lawyers  involved.

You don't improve internet security by sending cease and desist letters. You do that by engaging in the conversation.

Iosvillage2_1
A safer Ios - the Greek island that is.

Tags: cisco, ios, black hat, michael lynn, iss

30 Jul 2005

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment
To send to more than one email address, simply separate each address with a comma.