Wired Interviews Mike Lynn

ndansmith writes "Wired has got an interview with Mike Lynn, who revealed a major vulnerability in Cisco IOS at Black Hat 2005 in Las Vegas, and who has subsequently become the subject of an FBI investigation. A quote from Mike Lynn: 'Cisco said, "You guys are lying. It is impossible to execute shell code on Cisco IOS." At that point (ISS) management was annoyed.... They were like, "Mike, your new research project is Cisco IOS. Go find out how to exploit bugs on Cisco IOS so we can prove these people wrong."'"

Finding vulnerabilities != being a criminal

[Zweideutig]

I am tired of hearing about people basically volunteering to audit software and find problems, and then get accused for it. Lets go after the crackers that just read securityfocus for the latest exploit, and then exploit it so they can "vandalize." UNIX (the kind under the UNIX trademark) had many weaknesses that made it luaghably insecure in its day, but dedicated hackers (not crackers, I mean skilled creators) found many vulnerabilities, which of course were fixed and UNIX (including the *BSD derivatives and branded UNIX such as Solaris) has become quite secure today thanks to this. I apprieciated the effort of those who contributed their findings. There is a difference between reporting a broken safe lock in a bank, and exploiting it to obtain the contents (robbery.) This ignorance irritates me.