Researcher Resigns Over New Cisco Router Flaw

Posted by samzenpus on Thursday July 28, 2005 @12:02AM from the don't-go-down-with-the-ship dept.

An anonymous reader writes "Michael Lynn, formerly a researcher for Internet Security Systems resigned today rather than conceal his research into serious new flaws in Cisco routers, according to stories at Washingtonpost.com and CRN. Interestingly, Cisco says the the problem is not a security vulnerability, although it chided Lynn for not going through proper vulnerability disclosure channels. Both stories note that Lynn is in danger of being sued by Cisco for revealing the information, details of which were pulled at the last minute from the materials handed out to Black Hat attendees." Update: 07/28 12:23 GMT by Z : SimilarityEngine writes "Cisco and ISS are filing a law suit against Michael Lynn and the management of the Black Hat Conference, following Lynn's presentation discussing a vulnerability in IOS."

2 of 423 comments (clear)

Min score:

Reason:

Sort:

They Had Been Working on it for *4 Months*! by Anonymous Coward · 2005-07-28 00:24 · Score: 5, Informative

How long should it take?

http://blogs.washingtonpost.com/securityfix/2005/0 7/update_to_cisco.html

The injunctions filed against him state that ISS and Cisco had been working together on the flaw for the past four months, and that up until earlier this week, a Cisco executive was slated to co-present the findings with Lynn at Black Hat.
Re:I wonder... by saridder · 2005-07-28 02:26 · Score: 5, Informative

Not sure if you really are Mike, but your facts are 100% correct. It wasn't a new vulnerability, just a new way to exploit a known vulnerability which has already been patched. Also, if I read correctly, you need to be directly connected to the router to execute the vulnerability; it's a not a remote attack.

--
--- RFC 1149 Compliant.