Michael Lynn, a security researcher at Internet Security Systems (ISS), planned to give a presentation on a now-patched flaw
in the Internetwork Operating System (IOS) software used to power Cisco's routers, until Cisco put pressure on ISS to put a stop to it. Following the 2004 theft of Cisco's IOS source code, it was feared that attackers could create a devastating worm attack using Lynn's information and the source code. Lynn, however, felt that it was paramount that security communities gained knowledge of the flaw, since users running older versions of the company's software are at risk. Lynn has therefore quit his position at ISS
, and the planned presentation has gone ahead at the Black Hat security conference
in Las Vegas.
Lynn said he felt compelled to quit his job so that he could give the talk because the Cisco security issues are of vital importance to the Internet's health. "This is the right thing to do," he said to applauding Black Hat attendees. "When you attack the router, you gain control of the network."
Lynn described a now-patched flaw in the Internetwork Operating System (IOS) software used to power Cisco's routers, and the steps he used to gain control of a router. Although Cisco was informed of the flaw by ISS, and patched its firmware in April, users running older versions of the company's software are at risk, he said.
Cisco and ISS have now filed a restraining order
against the management of the Black Hat Conference and Lynn. Cisco cited reasons of protecting intellectual property.