Jul 28 2005

Security researcher hit with gag order

Published by Martin at 6:54 am under Hacking

Cisco, ISS file suit against rogue researcher

Cisco tries to silence researcher

Black Hat: The Latest on Lynn and Cisco

Just in case you didn’t know, Black Hat is going on in Las Vegas this week. Michael Lynn, a security researcher, formerly of ISS, gave a presentation yesterday on a new vulnerability in the Cisco IOS, which could possibly be used to create a worm or virus that could affect routers world wide. Cisco and ISS were not amused, and are pressing legal action against Mr. Lynn.

I have to give Mr. Lynn major kudos; he quit ISS two hours before the presentation, knowing full well that he’d be facing legal action. But he felt that the vulnerability was too serious to hide, and that companies like Cisco shouldn’t be allowed to hide security vulnerabilities. He wants to help set a legal precedent for security researchers, defending their ability to publish their research.

I admire Mr. Lynn’s morals. I mentioned the incident to my wife, who asked what I’d do in his situation. Lynn mentioned in one interview that he is going to have a hard time making a car payment in the future; I could live with that. I have a wife, two kids, a house payment and all the other things that go with a family. If I was in his position, I would have had to let the presentation go. I hope the Electronic Frontier Foundation will be able to help him.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

3 Responses to “Security researcher hit with gag order”

  1. # The Quiet Earthon 01 Aug 2005 at 2:02 pm

    Waterloo in Vegas

    The Story So Far
    By now you all have read about Michael Lynn’s presentation at Black Hat 2005. Let’s, nevertheless, recap: ISS X-Force did contract for Cisco to check IOS for (possible) security vulnerabilities. It comes as no surprise that they found…

  2. # The Quiet Earthon 03 Aug 2005 at 12:56 pm

    ISS Replies

    As I mentioned in my earlier post I have sent emails to ISS and Cisco with some questions about the incident. I have received ISS’ answers today and find them interesting both in what they say and what they don’t. I will leave the comments up to you. H…

  3. # NetworkWorld.com Communityon 05 Aug 2005 at 1:52 pm

    Let’s delete Save

    Lars Pind explains why it’s time to ditch the Save command in most applications:

    The “Save” command in desktop software is a consequence of hardware design. Because p

Trackback URI |