The plot thickens, or should that be sickens? In an interview with Wired News posted on August 1, 2005, Wired News asked Lynn about the process of events leading up to this whole Cisco/ISS/Lynn thing, and at one point in the interview, Lynn stated:
Lynn: So on January 27th, ISS comes out with their response to this vulnerability — the advice to their customers based on my analysis…. I stayed up all night basically (to research it).
I realized in looking at this (that the program) is actually way worse than Cisco said…. So (our guy) calls up … Cisco and says, “OK, we aren’t 100 percent sure that we found the same bug that you’re talking about, but it’s important we find out because the one we found has much, much greater impact. You said there’s (the possibility) of a denial-of-service attack. But the one we found is fully exploitable.”
Cisco said, “You guys are lying. It is impossible to execute shell code on Cisco IOS.” At that point (ISS) management was annoyed…. They were like, “Mike, your new research project is Cisco IOS. Go find out how to exploit bugs on Cisco IOS so we can prove these people wrong.”
And then just when you think it couldn’t get any worse, Lynn told of a time in June (about a month before all this went down) before Cisco and ISS pulled the Presentation — and his subsequent resignation from ISS — when things got sticky at ISS because they felt this could have been their Witty Worm! Where Lynn actually resigned and then ISS talked him out of the resignation by agreeing to give him control over who could see or have the exploit.
From the Interview regarding ISS’ concern that something they were basically blamed for — could have been caused by this very Cisco router vulnerability that Lynn had found:
(The Witty worm was a particularly aggressive and destructive code released by someone last year that targeted computer systems running a security program made by Internet Security Systems and even more specifically targeted military bases using the software. It infected more than 12,000 servers and computer systems in about an hour. Because of the worm’s speed in spreading and its creators’ apparent knowledge of who ISS’ customers were, some security experts speculated that someone working for or connected to ISS might have been responsible for writing and releasing it.)
MUCH more in the interview! A must read.
EDIT: Computerworlds’ IT BlogWatch lists how other security bloggers are reacting to revelations from the Lynn interview.
EDIT 2: John Dvorak also has a great writeup on this in his article entitled: Cisco routers at Risk? Commentary: Companies’ lawyers make problem worse.