Security researcher settles dispute with Cisco

[BlackCryptoKnight]

The dispute over a presentation on hacking Cisco Systems' router software at the Black Hat security confab culminated in a legal settlement Thursday in the US.

Michael Lynn, a former Internet Security Systems researcher, and the Black Hat organisers agreed to a permanent injunction barring them from further discussing the presentation Lynn gave Wednesday. The presentation showed how attackers could take over Cisco routers, a problem that Lynn said could bring the Internet to its knees.

Read more...

Cisco moved swiftly to silence the man. Can't let the secrets of remote code exploits on Cisco routers get out...

[megiddo]

so does this mean we may see an update for the firmware of our cisco router soon. and which options will be limited if any? those are some questions i would want answered

[birchoff]

so does this mean we may see an update for the firmware of our cisco router soon. and which options will be limited if any? those are some questions i would want answered

There is nothing sadder than a corporation silencing a whistle blower... While I understand that you dont want exploits coming out crippling the internet... From what I have heard of the exploit the bug is really hard to exploit and requires a little misconfiguration of the router... So now that cisco has shut him up admins the world over know nothing of the exploit and cannot protect themselves but once again the "evil" hackers the world over can go out buy a cisco router and beat it to death till they find out what the exploit is... sigh....

[megiddo]

its most likely that it will be addressed in some form of newsletter or new revision to ccna and higher certs i believe. remember that you have to recertify every 2 years or so, so basically in 2 years time, people should be trained to protect themselves from an unknown problem

[birchoff]

its most likely that it will be addressed in some form of newsletter or new revision to ccna and higher certs i believe. remember that you have to recertify every 2 years or so, so basically in 2 years time, people should be trained to protect themselves from an unknown problem

Let the games begin..... http://www.securityfocus.com/news/11263

[jamrock]

Hackers are now trying to crack Cisco routers.

http://www.cnn.com/2005/TECH/08/01/d...eut/index.html

[Ropy]

CISCO isn't being honest it seems. Check this out...


C/P = http://www.boingboing.net/2005/07/27...searcher_.html

"Things to note: Lynn and ISS contacted Cisco about this vulnerability in April and it was fixed. Vulnerable versions are no longer available from Cisco. Cisco and ISS both initially support Lynn's presentation at Black Hat. Cisco had, initially, commited to sending a representative to corraborate Lynn's findings. Lynn had been planning to give this presentation since then, which was months in advance, with the consent of both ISS and Cisco.

"On Monday before the conference Cisco and ISS decided to pull the presentation with vague reasons given. This prompted the actions by Lynn on Wednesday, resignation and release.

"It is important to note and propogate that Lynn did go through the corrrect channels for release: he contacted the vendor, the vendor issued a fix. At this point, normally, public release would be allowed and expected."

[birchoff]

Hackers are now trying to crack Cisco routers.

http://www.cnn.com/2005/TECH/08/01/d...eut/index.html

No need to hack all those poor cisco boxes.. looks like the presentation is already available to the underground already...

http://www.zdnet.com.au/news/securit...9205058,00.htm

sigh as always the only people who lose in the censorship battle are the ones who play by the rules in the first place

[Ropy]

Here's a vid of CISCO representatives ripping out Mike Lynn's presentation from the Black Hat proceedings.

>> http://downloads.oreilly.com/make/cisco.mov

[birchoff]

Here is the entire story straight from the horses mouth

http://www.wired.com/news/privacy/0,1848,68365,00.html