Silicon Valley Sleuth, an insider's view from Silicon Valley
 A blog from vnunet.com

May 2008
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31


Other blogs
PCW Inter@ctive
Your views, your comments, your say

Security Watchdog
Sniffing out IT security
issues

The test bed
The hottest products, news and gossip from PCW's
Labs.

IT Sneak
IT Sneak Blog rummages in the dustbin of IT events.

Backbytes
An irreverent and offbeat look at the lighter side of technology

InterActive Home
Your complete guide to home entertainment technology

Taking Stock
Gags and Gossip from Accountancy Age.

Gizmodo
The gadgets weblog.



« IOS controversy: could blogs and news websites be next? | Main | The hacker hacked »

And so Cisco's IOS nightmare continues

Cisco and ISS just can't resist to further ruin their damaged relationship with the security community and have expanded their legal campaign against an IOS vulnerability hack to any website that offers the slides from a presentation that they had failed to stop.

But as the spat's latest victim notices, this will only turn more attention towards the flaw and the real problem of Cisco's vulnerability.

First Cisco and ISS sued security expert Michael Lynn over giving details about a vulnerability in the IOS software that runs Cisco's routers on Wednesday at the Black Hat security conference in Las Vegas. As usually happens, the party that brought in the most lawyers won. Lynn didn't have much of a defence given that he had used information that he wasn't supposed to have after he quit his job at ISS, and had obtained it illegally to begin with by reverse engineering IOS.

But as the injunction against Lynn already suggested (see previous post), Cisco and ISS didn't stop at Lynn. They are now sending cease and desist notices to operators of websites that offer detailed information about Lynn's presentation, demanding that they remove the information.

Enter Richard Forno's website at Infowarrior.org. At 4 PM on Friday users could download a PDF document with Lynn's presentation from the website. I too could have done so, but I prefer to spend my days writing about Cisco's legal spats, not being part of them .

Forno received a fax from an ISS attorney at 5:22 PM. Shortly thereafter he took the document offline and replaced it with the fax.

Forno is anything but a coward for taking the document offline. As he points out in an email to vnunet.com, this only focuses more attention to the whole IOS issue. And hopefully it will fuel a serious discussion about the role of the software in the (in)security of the internet.

There must be a few PR managers and senior executives at Cisco scratching their heads this weekend, trying to figure out how the router maker that seemed to could do no wrong suddenly turned into the boogieman of the high tech industry.

The answer is very simple: they went bad the moment they got the lawyers  involved.

You don't improve internet security by sending cease and desist letters. You do that by engaging in the conversation.

Iosvillage2_1
A safer Ios - the Greek island that is.

Tags: cisco, ios, black hat, michael lynn, iss

July 30, 2005 at 06:25 AM | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451b07469e200d835525afd69e2

Listed below are links to weblogs that reference And so Cisco's IOS nightmare continues:

Comments

Post a comment






 

Useful links: About | Privacy policy | Terms & conditions | Top of the page
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503