Networking giant attempts a cover up

[Steve]

Michael Lynn, an ISS employee, resigned from his post to make a presentation on exploiting a security hole in the IOS operating system, used on Cisco routers, following attempts to pull the presentation.

The exploits he achieved were performed using a security flaw which has been fixed by Cisco in newer versions of IOS, but still Cisco were not pleased with Lynn's plans and convinced ISS to pull the presentation. Lynn then resigned so that he could present his findings. ISS and Cisco have now filed for a restraining order against Lynn.

The filing in US District Court for the Northern District of California asks the court to prevent Lynn and Black Hat from "further disclosing proprietary information belonging to Cisco and ISS," said John Noh, a Cisco spokesman.

"It is our belief that the information that Lynn presented at Black Hat this morning is information that was illegally obtained and violated our intellectual-property rights," Noh added.

Still, attendees of the Black Hat conference found the presentation very interesting.

"He got a shell really easy and showed a basic outline how to do it. A lot of folks have said this could not be done, and he sat up there and did it," said Darryl Taylor, a security researcher.

ZDNet has the full story.

[Dougal]

And i thought cisco were nice people.

[Dougal]

update on this story:

Cisco have now dropped all bad feelings, but all the conference information has been removed from everything. So there's no mor e "official" documents, only the people that attended the conference know about it know.

[webbyman]

wtf? surely he's trying to help them tighten security

[Dougal]

The problem is that Cisco don't want to go back and re-engineer all their operating systems to fix that security hole.

It would take a lot of time and man power which in the current economic climate isn't feasable.