Cisco tries to get its secrets locked up again

Cisco/ISS gag security whistleblower

IOS flaw disclosure allegedly violated copyrights

Tom Sanders in California

A California judge has granted a request by Cisco Systems and Internet Security Systems (ISS) to issue a temporary restraining order against security expert Michael Lynn.

The judge's ruling was made on Thursday, and Lynn has since settled the dispute. All parties have made the injunction permanent.

Advertisement

Lynn gave a presentation on Wednesday at the Black Hat security conference in Las Vegas where he showed how to use a known exploit in Cisco's Internet Operating System (IOS) to bring down a router. He alleged that the flaw could cripple the entire internet.

The security hole that Lynn used has already been patched, but not all live systems are believed to have been updated.

The security expert was originally scheduled to give the presentation as an ISS employee. After the security company made a last minute decision to cancel the talk, Lynn quit his job and proceeded to make the presentation.

Conference organisers had removed 31 pages containing Lynn's presentation from the conference manual at the request of ISS.

Cisco and ISS had mutually agreed to cancel the presentation because further research was required, Cisco security spokesman John Noh told vnunet.com. This would have enabled the security researchers to provide more detail.

After Lynn proceeded with his presentation, which demonstrated how to shut down a router running IOS through remote execution, Cisco and ISS took legal action.

"Cisco and ISS jointly filed a motion for a temporary restraining order against Michael Lynn and the Black Hat organisers because we believe that the information Mr Lynn presented yesterday contained intellectual property belonging to Cisco and ISS and that he has illegally obtained it," said the companies in a joint statement.

Cisco did not object to Lynn's identifying a flaw in IOS, but took issue with the fact that his presentation contained information that could have helped third parties to exploit the vulnerability. The vendor argued that this was not in the best interests of the internet.

The injunction bars Lynn and Black Hat conference organisers from disclosing any notes and recordings from the presentation, and blocks Lynn from disclosing any further information about the IOS case that he gathered as an ISS employee.

Cisco also believes that, by decompiling the IOS software, Lynn has violated its copyrights. Decompiling is a form of reverse engineering.

A spokeswoman for ISS confirmed that the company had taken legal steps against its former employee, but could not provide any additional details because she had not seen the legal complaint at the time. Lynn could not be reached for comment.

An employee of security provider F-Secure who was present at the conference said in a blog posting: "Needless to say it's rather serious."

Lynn was aware of the legal consequences as he gave his presentation, but insisted that it was the right thing to do because of the seriousness of the issue.

As IOS is the dominant operating system for the internet, the software is a target for hackers. The flaw gets even more serious because the IOS source code was stolen in 2004, which potentially allows hackers to look for weak spots in the software's security.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Related whitepapers

Related jobs

Most watched

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

old computer

Government honours veterans of Bletchley Park at last

Surviving veterans of the code-breaking facility to receive badge of...

Motorola MC55 Enterprise Digital Assistant

Review: Motorola MC55 Enterprise Digital Assistant

A rugged Windows Mobile device for mobile workers

BT

BT promises 1.5m fibre connections by summer 2010

Telco begins major rollout in 69 locations across the UK

Primary Navigation