The FBI is investigating a computer security researcher for criminal conduct after he revealed that critical routers supporting the internet and many networks have a serious software flaw that could allow someone to crash or take control of them.
Mike Lynn, a former researcher at Internet Security Systems, or ISS, said he was tipped off late Thursday night that the FBI was investigating him for violating trade secrets belonging to his former employer.
Lynn resigned from ISS Wednesday morning after his company and Cisco threatened to sue him if he spoke at the Black Hat security conference in Las Vegas about a serious vulnerability he found while reverse-engineering the operating system in Cisco routers. He said he conducted the reverse-engineering at the request of his company, which was concerned that Cisco wasn't being forthright about a recent fix it had made to its operating system.
Lynn spoke anyway, discussing the flaw in Cisco IOS, the operating system that runs on Cisco routers, which are responsible for transferring data over much of the internet and private networks.
Although Lynn demonstrated for the audience what hackers could do to a router if they exploited the flaw, he did not reveal technical details that would allow anyone to exploit the bug without doing the same research he did to discover it.
See also, from BoingBoing, Michael Lynn's controversial Cisco security presentation.
Here's a PDF that purports to be Michael Lynn's presentation on Cisco's critical vulnerabilities ("The Holy Grail: Cisco IOS Shellcode And Exploitation Techniques"), delivered at last week's Black Hat conference. Lynn's employer, ISS, wouldn't let him deliver the talk (they'd been leant on by Cisco), so Lynn quit his job, walked onstage and delivered it anyway. (See yesterday's post and Scheneier's take for more). 1.9MB PDF Link
No comments:
Post a Comment