News

[Security]

Friday 29th July 2005

Cisco vulnerably details leak onto the Net 4:31PM, Friday 29th July 2005

The truth will out, and according to F-Secure's Mikko Hypponen, copies of Michael Lynn's controversial presentation on hacking Cisco's IOS platform are now floating about the Internet, despite Cisco's legal moves to block the researcher revealing any further information.

At this year's Black Hat conference in Las Vegas, Lynn jacked in his job with Internet Security Systems in order to give a presentation on hacking Cisco's Internetwork Operating System via a flaw. Although the hole had been patched since April, the technique was suspected to have worked using other vulnerabilities.

Cisco and

ADVERTISEMENT

Internet Security Systems pulled the presentation; Cisco sent out staff to pull details of the demonstration from the conference programs and subsequently won an injunction against Lynn to prevent him mentioning the thing again, to which Lynn agreed.

Security expert Bruce Schneier says in his blog that the debacle could turn into a PR disaster for Cisco. 'Now it doesn't matter what they say - we won't believe them. We know that the public-relations department handles their security vulnerabilities, and not the engineering department. We know that they think squelching information and muzzling researchers is more important than informing the public... And these are the people building the hardware that runs much of our infrastructure? Somehow, I don't feel very secure right now' he writes.

If copies of Lynn's presentation are now widely available online, Schneier's concerns are not without foundation.

Matt Whipp

Submit to: Digg | Slashdot | Del.icio.us | Technorati