Advertisement
Promo

Security threats Toolkit

Cisco tries to silence researcher

Joris Evers CNET News

Published: 28 Jul 2005 08:40 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Cisco has taken legal action to keep a researcher from further discussing a hack into its router software.

The networking giant and Internet Security Systems jointly filed a request Wednesday for a temporary restraining order against Michael Lynn and the organizers of the Black Hat security conference. The motion came after Lynn showed in a presentation how attackers could take over Cisco routers — a problem that he said could bring the Internet to its knees.

The filing in US District Court for the Northern District of California asks the court to prevent Lynn and Black Hat from "further disclosing proprietary information belonging to Cisco and ISS," said John Noh, a Cisco spokesman.

"It is our belief that the information that Lynn presented at Black Hat this morning is information that was illegally obtained and violated our intellectual-property rights," Noh added.

Lynn decompiled Cisco's software for his research and by doing so violated the company's rights, Noh said.

The legal moves came Wednesday afternoon, only hours after Lynn gave the talk at the Black Hat security conference in Las Vegas. Lynn told the audience that he had quit his job as a researcher at ISS to deliver the presentation, after ISS had decided to pull the session. Notes on the vulnerability and the talk, "The Holy Grail: Cisco IOS Shellcode and Remote Execution," were removed from the conference proceedings, leaving a gap in the thick book.

Lynn outlined how to run attack code on Cisco's Internetwork Operating System by exploiting a known security flaw in IOS. The software runs on Cisco routers, which make up the infrastructure of the Internet. A widespread attack could badly hurt the Internet, he said.

The actual flaw he exploited for his attack was reported to Cisco and has been fixed in recent releases of IOS, experts attending Black Hat said.

The ISS research team, including Lynn, on Monday decided to cancel the presentation, Chris Rouland, chief technology officer at ISS, said in an interview. "It wasn't ready yet," he said. Lynn resigned from ISS on Wednesday morning and delivered the presentation anyway, Rouland added.

Lynn presented ISS research while he was no longer an employee, Rouland said.

Adding to the controversy, a source close to the Black Hat organisation said that it wasn't ISS and Lynn who wanted to cancel the presentation, but Cisco. Lynn was asked to give a different talk, one on VoIP security, the source said.

But ISS' Rouland said there "was never a VoIP presentation" and that Wednesday's session was supposed to be cancelled altogether.

"The research is very important, and the underlying work is important, but we need to work with Cisco to determine the full impact," Rouland said.

Cisco was involved in pulling the presentation, a source close to the company said. The networking giant had discussions with ISS and they mutually agreed that the research was not yet fully baked, the source said.

The demonstration on Wednesday showed an attack on a directly connected router, not a remote attack over the Internet. "You could bring down your own router, but not a remote one," Rouland said.

One Black Hat attendee said he was impressed with Lynn's presentation. "He got a shell really easy and showed a basic outline how to do it. A lot of folks have said this could not be done, and he sat up there and did it," said Darryl Taylor, a security researcher. Shell is a command prompt that gives control over the operating system.

Noh said that Lynn's presentation did not disclose information about a new security vulnerability or new security flaws. "His research explored possible ways to expand the exploitation of existing vulnerabilities affecting routers," the Cisco spokesman said.

Cisco has patched several flaws in IOS over the past year. Last year, the San Jose, California, networking giant said that part of the IOS source code had been stolen, raising fears of more security bugs being found.

On Wednesday, Noh reiterated the company's usual advice that customers upgrade their software to the latest versions to mitigate vulnerabilities.

Following his presentation, Lynn displayed his resume to the audience and announced he was looking for a job. Lynn was not available for comment. Representatives of the Black Hat organization said the researcher was meeting with lawyers

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
75 out of 157 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

2 comments

  1. Well actually this problem is nothing new. The Phr... Anonymous
  2. Good for Michael Lynn. Many company's do not like... Anonymous

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:











Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Campaigners criticise '£10bn NHS IT ov...

The National Health Service's flagship IT project has been criticised by a tax campaign group for running billions of pounds over budget. The NHS National Programme for IT (NPfIT)... More

2 comments

Climate research centre compromised

One of the UK's leading climate change research centres has had a security breach. The Climate Research Unit at the University of East Anglia (UEA) suffered a compromise of information,... More

1 comment

Government web-monitoring plans on hol...

Government plans to compel ISPs to process and store details of all web communications have been put on hold until after the next election. The Home Office told ZDNet UK on Wednesday... More

1 comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters