Feeds

Cisco, ISS file suit against rogue researcher

'The right thing to do here is to make sure that everyone knows that it's vulnerable'

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

LAS VEGAS--Networking giant Cisco and security company Internet Security Systems filed on Wednesday a restraining order against the management of the Black Hat Conference and a security expert who told conference attendees that attackers can broadly compromise Cisco routers.

The legal action followed a presentation by security researcher Michael Lynn, a former ISS employee, who brushed off threats of legal action and a broad effort to delete his presentation from conference materials to warn attendees that malicious programs could be run on Cisco routers.

While the information had already been presented by Lynn, a Cisco spokesman said that the companies wanted to prevent further dissemination of inside information about Cisco's routers.

"We don't want them to further discuss it," said Cisco spokesman John Noh. "This is about protecting our intellectual property."

Three weeks of intense discussions between ISS, the researcher, Cisco, and conference management failed on Wednesday. Two days before, Cisco representatives spent eight hours ripping out the ten-page presentation from the conference book and ISS executives decided to pull the presentation, allowing researcher Lynn to speak on a different topic.

In a dramatic reversal on Wednesday, Lynn told attendees he tendered his resignation to ISS less than two hours before he went on stage to present his findings, then proceeded to describe a reliable way to run programs by exploiting the Internet Operating System (IOS), the core software for Cisco routers.

"I feel I had to do what's right for the country and the national infrastructure," he said. "It has been confirmed that bad people are working on this (compromising IOS). The right thing to do here is to make sure that everyone knows that it's vulnerable."

A majority of the Internet infrastructure relies on Cisco networking hardware to route data from one computer to another. While security researchers have found flaws in the IOS router software in the past, almost all the vulnerabilities have only allowed an attacker to degrade communications in what is known as a denial-of-service attack.

Lynn outlined a way to take control of an IOS-based router, using a buffer overflow or a heap overflow, two types of memory vulnerabilities. He demonstrated the attack using a vulnerability that Cisco fixed in April. While that flaw is patched, he stressed that the attack can be used with any new buffer overrun or heap overflow, adding that running code on a router is a serious threat.

"When you attack a host machine, you gain control of that machine--when you control a router, you gain control of the network," Lynn said.

ISS disavowed any foreknowledge of Lynn's intent to resign and present his findings. Cisco condemned the talk in strong terms that suggested the company may initiate legal action against the researcher and the conference, describing the presentation as the illegal publication of proprietary material.

"It is especially regretful, and indefensible, that the Black Hat Conference organizers have given Mr. Lynn a platform to publicly disseminate the information he illegally obtained," the company said in a statement. "We appreciate the cooperation we have received from ISS in this matter. We are working with ISS to continue our joint research in the area of security vulnerabilities."

For his part, Black Hat Conference organizer and founder Jeff Moss denied that he had any idea of Lynn's intent.

"He told me yesterday that he would do his backup presentation," Moss said after the controversial presentation. Moss said he had worked hard to address Cisco's concerns with the original presentation. "We were in the middle of trying to run a conference and lawyers from Cisco were talking about a temporary restraining order."

Security for virtualized datacentres

Next page: Related stories

More from The Register

next story
It's Big, it's Blue... it's simply FABLESS! IBM's chip-free future
Or why the reversal of globalisation ain't gonna 'appen
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
CAGE MATCH: Microsoft, Dell open co-located bit barns in Oz
Whole new species of XaaS spawning in the antipodes
Microsoft and Dell’s cloud in a box: Instant Azure for the data centre
A less painful way to run Microsoft’s private cloud
AWS pulls desktop-as-a-service from the PC
Support for PCoIP protocol means zero clients can run cloudy desktops
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.