Silicon Valley Sleuth, an insider's view from Silicon Valley
 A blog from vnunet.com

January 2008
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    


Other blogs
PCW Inter@ctive
Your views, your comments, your say

Security Watchdog
Sniffing out IT security
issues

The test bed
The hottest products, news and gossip from PCW's
Labs.

IT Sneak
IT Sneak Blog rummages in the dustbin of IT events.

Backbytes
An irreverent and offbeat look at the lighter side of technology

InterActive Home
Your complete guide to home entertainment technology

Taking Stock
Gags and Gossip from Accountancy Age.

Gizmodo
The gadgets weblog.



« RSS is for just a happy few | Main | San Andreas vice »

A Cisco security controversy

If 31 pages are ripped from a conference guide at the last moment, surely that must mean something big is going on.

As it turns out, there is. At this week's Black Hat conference, security expert Michael Lynn was scheduled to give a presentation about an attack method against Cisco routers running the Internet Operating System, the software that controls Cisco routers much like Windows XP controls PCs.

In his presentation, Lynn would have shown how to effectively disable the router using a known exploit in IOS. And with disabling I mean that the attack would make it impossible to reboot or use the equipment.

Cisco and ISS had decided to cancel the presentation because further research was required, according to Cisco.

"When [ISS] would present, they would have presented materials that were much more beneficial to the security industry," Cisco security spokesman John Noh told vnunet.com.

Lynn claimed that Cisco had pressured the security company to do so. As his employer crumbled under the pressure, Lynn decided to do what he believed was the right. He quit his job and proceeded to give the presentation.

As it goes with whistle blowers, his presentation made Lynn an instant celebrity while the lawyers are circling around him.

Cisco and ISS have filed a motion in a California court requesting a restraining order against Lynn. He might have found a genuine way to shut down Cisco routers, the legal complaint argues that he illegally reversed engineered IOS to get there (even if it took him 6 months to do so).

So what? A hacker could take the same approach and shut down the internet. A restraining order won't do much good against a terrorist hacker attack.

Of course we have to behave around copyrights, but copyrights should take a back seat when security is at stake.

Blackhat_guide
31 pages lost...

Tags: cisco, ios, black hat, michael lynn, iss

 

July 28, 2005 at 08:14 PM | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/24766/2901650

Listed below are links to weblogs that reference A Cisco security controversy:

Comments

Post a comment






 

Useful links: About | Privacy policy | Terms & conditions | Top of the page
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503