Lynn stirred the Black Hat security confab in Las Vegas on Wednesday by quitting his job at ISS to demonstrate that he could gain control of a Cisco router by exploiting a security flaw. He did so in defiance of Cisco and ISS, who had agreed to cancel the talk. Cisco and ISS subsequently sued Lynn and the Black Hat organizers for public disclosure of illegally obtained proprietary information.
Hats off to Lynn for taking action to prove that his findings were true at the risk of his job and legal action because he felt this was a very big flaw that could be extremely dangerous.
Lynn had said that exploitation of the flaw could bring the Internet to its knees. He also warned that criminal hackers may already be working to exploit it.
On Saturday, network security specialist Raven Alder gave a presentation on the vulnerability of the Net’s infrastructure. She did not repeat Lynn’s demonstration, but Alder said Lynn’s disclosure was important to the security of the Net. The room was packed and roiled about what some people at Defcon call “Cisco gate.”
“For the first time it looks like you can really remotely own a Cisco box,” Alder said. “This is a scary thing if you are a network operator. This is a real threat.”
Lynn has settled with Cisco. He also had to turn over any Cisco code he had. More in the article.