August 2, 2005 Open Source Security 3

*NOTE*” If i forgot to trackback you and i used your post let me know and i will correct it as soon as possible. Everyone i have linked to deserves proper credit..:)

Cicso and ISS have created quite a mess for themselves.

First, Mike Lynn showed at the BlackHat conference how to get the equivalent of root on all cisco routers using hte ipv6 modules. Cisco suddenly balked and leaned on ISS. ISS told Lynn to not disclose so he quit and did it anyway. Now Cisco has a settlement with Lynn that means lynn has to dump all of his research in this area. Also ISS has gotten the FBI involved. To top things off, Cisco/ISS are now sending Cease and desist orders to anyone who hosts the presentation photos. A huge amount of links follows and this will be updated as long as it continues to be updated.

Original Presentation
Tom’s Networking: Owning IOS at Black Hat 2005
Schneier on Security(Huge Roundup): Cisco Harasses Security Researcher
Wired: Router Flaw Is a Ticking Bomb (* note has an interview with Lynn)
BoingBoing’s original post
Search Security: Security researcher causes furor by releasing flaw in Cisco Systems IOS
Wired: Cisco Security Hole a Whopper
Wall Street Journal Online: Cisco Tries to Squelch Claim About a Flaw In Its Internet Routers

Now the coverup begins:
SecurityFocus.com: Cisco, ISS file suit against rogue researcher
ZDNET UK: Cisco tries to silence researcher
ComputerWorld.com: Furor over Cisco IOS router exploit erupts at Black Hat
Tom’s Hardware: Cisco Behaving Badly

Repurcussions begin to show themselves:
News.com: Flaw researcher settles dispute with Cisco
Makezine.com: Video of Cisco/ISS ripping out pages from printed conference books…
News.com: Cisco hits back at flaw researcher
BBC News: Cisco acts to silence researcher
Metathoughts: Audio of a Press Conference at BlackHat USA 2005 over Cisco and Michael Lynn.
Wired.com: Whistle-Blower Faces FBI Probe

Attempts to silence backfire:
SecurityFocus.com: Exploit writers team up to target Cisco routers

*Hat Tip to memestreams who gave me these links:
Dagmar’s Coverage
Memestreams: Mike Lynn’s ‘exploit’, in plain (non-technical) English
Memstreams: ISS and Cisco v. Granick?s Gambling Plans

Here is Lynn’s Attorney’s blog that has her view of things:
Granick.com

Bruce Scheiner has more information and even more links.