ZDNet: Cisco hits back at flaw researcher

LAS VEGAS--Cisco Systems has taken legal action to keep a researcher from further discussing a hack into its router software.

The networking giant and Internet Security Systems jointly filed a request Wednesday for a temporary restraining order against Michael Lynn and the organizers of the Black Hat security conference. The motion came after Lynn showed in a presentation how attackers could take over Cisco routers--a problem that he said could bring the Internet to its knees.

The filing in U.S. District Court for the Northern District of California asks the court to prevent Lynn and Black Hat from "further disclosing proprietary information belonging to Cisco and ISS," said John Noh, a Cisco spokesman.

http://news.zdnet.com/2100-1009_22-5807551.html


Security through ignorance...

and spill everything he knows, right there.

Verbally flip them off.

It's only hapless consumers that won't know about it.

who points out the problem. That right there should be an end to any future business, IMHO.

It really would have been better for everyone (except the hackers)
if customers have a chance to patch a problem before hackers get to
exploit it.

it appears the hackers already had access to the information. The only people in the dark are the customers....so how is witholding the info beneficial to them?
If anything, they should be warned there is a problem so that they more quickly install the patch, no?

Large carriers get information from Cisco with regards to possible security holes and other critical network issues before public statements are made so the (average joe/hacker) may not know about a hack before the carriers get a chance to apply the fix.

they know this stuff before even the guy giving the press conference does, would be my guess.

Basically how much lead time do you give a manufacturer to get a fix out. The manufacturers want the answer to be "forever", the consumers want the answer to be "yesterday". Most people are using a 90 window or substantive progress rule of thumb. (Vendor gets 90 days to release the fix before you take it public, or need to show they are making substantive progress to you).

What is unclear is how much lead time Cisco was given to fix the problem. If he ambushed them, bad on him. If they had prior notice, bad on Cisco.

the presenter looks to be on crusade, which may serve no one well. Still it was a pretty slick piece of work.

But, this guy does seem to be on some sort of crusade and/or job hunt.

several of my officemates have worked with this guy in the past -- they all think very highly of him.