Feeds

Cisco, ISS file suit against rogue researcher

'The right thing to do here is to make sure that everyone knows that it's vulnerable'

  • alert
  • submit to reddit

Internet Security Threat Report 2014

LAS VEGAS--Networking giant Cisco and security company Internet Security Systems filed on Wednesday a restraining order against the management of the Black Hat Conference and a security expert who told conference attendees that attackers can broadly compromise Cisco routers.

The legal action followed a presentation by security researcher Michael Lynn, a former ISS employee, who brushed off threats of legal action and a broad effort to delete his presentation from conference materials to warn attendees that malicious programs could be run on Cisco routers.

While the information had already been presented by Lynn, a Cisco spokesman said that the companies wanted to prevent further dissemination of inside information about Cisco's routers.

"We don't want them to further discuss it," said Cisco spokesman John Noh. "This is about protecting our intellectual property."

Three weeks of intense discussions between ISS, the researcher, Cisco, and conference management failed on Wednesday. Two days before, Cisco representatives spent eight hours ripping out the ten-page presentation from the conference book and ISS executives decided to pull the presentation, allowing researcher Lynn to speak on a different topic.

In a dramatic reversal on Wednesday, Lynn told attendees he tendered his resignation to ISS less than two hours before he went on stage to present his findings, then proceeded to describe a reliable way to run programs by exploiting the Internet Operating System (IOS), the core software for Cisco routers.

"I feel I had to do what's right for the country and the national infrastructure," he said. "It has been confirmed that bad people are working on this (compromising IOS). The right thing to do here is to make sure that everyone knows that it's vulnerable."

A majority of the Internet infrastructure relies on Cisco networking hardware to route data from one computer to another. While security researchers have found flaws in the IOS router software in the past, almost all the vulnerabilities have only allowed an attacker to degrade communications in what is known as a denial-of-service attack.

Lynn outlined a way to take control of an IOS-based router, using a buffer overflow or a heap overflow, two types of memory vulnerabilities. He demonstrated the attack using a vulnerability that Cisco fixed in April. While that flaw is patched, he stressed that the attack can be used with any new buffer overrun or heap overflow, adding that running code on a router is a serious threat.

"When you attack a host machine, you gain control of that machine--when you control a router, you gain control of the network," Lynn said.

ISS disavowed any foreknowledge of Lynn's intent to resign and present his findings. Cisco condemned the talk in strong terms that suggested the company may initiate legal action against the researcher and the conference, describing the presentation as the illegal publication of proprietary material.

"It is especially regretful, and indefensible, that the Black Hat Conference organizers have given Mr. Lynn a platform to publicly disseminate the information he illegally obtained," the company said in a statement. "We appreciate the cooperation we have received from ISS in this matter. We are working with ISS to continue our joint research in the area of security vulnerabilities."

For his part, Black Hat Conference organizer and founder Jeff Moss denied that he had any idea of Lynn's intent.

"He told me yesterday that he would do his backup presentation," Moss said after the controversial presentation. Moss said he had worked hard to address Cisco's concerns with the original presentation. "We were in the middle of trying to run a conference and lawyers from Cisco were talking about a temporary restraining order."

Top 5 reasons to deploy VMware with Tegile

Next page: Related stories

More from The Register

next story
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.