• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • COMTECH banner

BATTLESPACE Updates

   +44 (0)77689 54766
   

  • Home
  • Features
  • News Updates
  • Defence Engage
  • Company Directory
  • About
  • Subscribe
  • Contact
  • Media Pack 2024

CISCO TRIES TO SQUELCH RUMOUR ABOUT ROUTER FLAW

August 5, 2005 by

28 Jul 05. DAVID BANK, Staff Reporter of THE WALL STREET JOURNAL, reported that the annual Black Hat computer-security conference has become a forum for experts to disclose vulnerabilities in tech products, often rankling the products’ makers. But few companies go to the lengths that Cisco Systems Inc. did this week to suppress information about a flaw in its software that directs Internet traffic.

Cisco threatened legal action to stop the conference’s organizers from allowing a 24-year-old researcher for a rival tech firm to discuss how he says hackers could seize control of Cisco’s Internet routers, which dominate the market. Cisco also instructed workers to tear 20 pages outlining the presentation from the conference program and ordered 2,000 CDs containing the presentation destroyed.

In the end, the researcher, Michael Lynn, went ahead with a presentation, describing flaws in Cisco’s software that he said could allow hackers to take over corporate and government networks and the Internet, intercepting and misdirecting data communications. Mr. Lynn, wearing a white hat emblazoned with the word “Good,” spoke after quitting his job at Internet Security Systems Inc. Wednesday. Mr. Lynn said he resigned because ISS executives had insisted he strike key portions of his presentation.

Cisco said the presentation didn’t identify any flaws not previously disclosed, but did explore new methods for exploiting flaws in the software that runs its routers. The company said it isn’t sure whether the flaws could allow a hacker to take control of a router, which is a specialized computer.

The company said it acted to protect its customers and the Internet from what it called “premature” disclosure of a potential security flaw. Cisco said it had been working to document the extent of the vulnerability and to develop remedies. “It is especially regretful, and indefensible, that the Black Hat Conference organizers have given Mr. Lynn a platform to publicly disseminate the information he illegally obtained,” Cisco added.

Cisco maintains Mr. Lynn found the flaw by reverse-engineering its product, which the San Jose, Calif., company said violates the law. Yesterday afternoon, Cisco and ISS together sought a federal court order barring Mr. Lynn and Black Hat from any further dissemination of what the companies said was their proprietary information.

The incident marks a new chapter in the argument over appropriate disclosure of security risks. Technology companies generally seek to control information about vulnerabilities in their products, for both security and marketing reasons. But many security researchers say disclosure spurs both vendors and customers to take security more seriously.

“The vulnerabilities are out there on the Net in full broadcast mode,” said Gilman Louie, a tech-industry veteran who heads In-Q-Tel, a venture-capital firm backed by the Central Intelligence Agency. “The bad guys get to it faster than everybody else. I’d rather have disclosure and let everybody respond.”

Mr. Lynn said he wanted to prod Cisco customers to install the latest version of the company’s software, which remedies nearly all of the bugs that Mr. Lynn identified. Cisco acknowledged that many customers haven’t installed the software fix, but said it didn’t know the precise number.

“It’s not a secret anymore that I can take control of Cisco routers,” said Mr. Lynn, who claims to have written his first software at age 4. “What they’re trying to get rid of is the proof.”

The eight-year-old Black Hat conference attracts both tech vendors and security researchers who specialize in finding flaws in computer products. Jeff Moss, president of Black Hat, said he reluctantly agreed to alter the conference materials. “With Cisco’s attorneys breathing down my neck, it was a no-brainer,” he said.

The high drama reflected the high stakes. Cisco regularly discloses bugs, or software flaws, that can allow hackers to force its routers to

Primary Sidebar

Advertisers

  • qioptiq.com
  • Exensor
  • TCI
  • Visit the Oxley website
  • Visit the Viasat website
  • Blighter
  • SPECTRA
  • Britbots logo
  • Faun Trackway
  • Systematic
  • CISION logo
  • ProTEK logo
  • businesswire logo
  • ProTEK logo
  • ssafa logo
  • AtkinsRealis logo
  • IEE
  • EXFOR logo
  • sibylline logo
  • Team Thunder logo
  • Commando Spirit - Blended Scoth Whisy
  • Comtech logo
  • GoExporting logo
  • ECHODYNE logo
  • Supercat logo
  • Galvion logo
  • Leonardo DRS logo
  • MTC logo
  • IDC logo
  • IDC logo
  • DVD2024 logo
  • SDSC logo
Hilux Military Raceday Novemeber 2023 Chepstow IAV 2024

Contact Us

BATTLESPACE Publications
Old Charlock
Abthorpe Road
Silverstone
Towcester NN12 8TW

+44 (0)77689 54766

BATTLESPACE Technologies

An international defence electronics news service providing our readers with up to date developments in the defence electronics industry.

Recent News

  • EXHIBITIONS AND CONFERENCES

    December 1, 2023
    Read more
  • MANAGEMENT ON THE MOVE

    December 1, 2023
    Read more
  • CONTRACT NEWS IN BRIEF

    December 1, 2023
    Read more

Copyright BATTLESPACE Publications © 2002–2023.

This website uses cookies to improve your experience. If you continue to use the website, we'll assume you're ok with this.   Read More  Accept
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT