Here's a PDF that purports to be Michael Lynn's presentation on Cisco's critical vulnerabilities ("The Holy Grail: Cisco IOS Shellcode And Exploitation Techniques"), delivered at last week's Black Hat conference. Lynn's employer, ISS, wouldn't let him deliver the talk (they'd been leant on by Cisco), so Lynn quit his job, walked onstage and delivered it anyway. (See yesterday's post
and Scheneier's take
1.9MB PDF Link
Update: Seb sez, "Cisco, Michael Lynn and ISS have all come to an 'arrangement'. It would seem all material pertaining to the flaw, the exploit and the talk are to be handed over to Cisco, who will presumably lock it all up and throw away the key. All videos of the presentation are to be handed over as well, and Lynn has been forbidden from talking at Black Hat or Defcon."
Michael Lynn, a former ISS researcher, and the Black Hat organisers agreed to a permanent injunction barring them from further discussing the presentation Lynn gave on Wednesday. The presentation showed how attackers could take over Cisco routers, a problem that Lynn said could bring the Internet to its knees.
The injunction also requires Lynn to return any materials and disassembled code related to Cisco, according to a copy of the injunction, which was filed in US District Court for the District of Northern California. The injunction was agreed on by attorneys for Lynn, Black Hat, ISS and Cisco.
Lynn is also forbidden to make any further presentations at the Black Hat event, which ended on Thursday, or the following Defcon event. Additionally, Lynn and Black Hat have agreed never to disseminate a video made of Lynn's presentation and to deliver to Cisco any video recording made of Lynn."
Update 2: Randi, a reader who claims to be an ex-coworker of Lynn's, and the girlfriend of Lynn's roommate, says, "A settlement with Cisco has been reached, but ISS is still pursuing criminal charges. The press doesn’t appear to know yet that the FBI is performing an investigation now, starting with seizing equipment from Michael and his roommates. On a happy note, Mike has received quite a few job offers, including from some places you wouldn't expect."
Update 3 Courtesy of James, Wired News's coverage of the FBI's investigation of Michael Lynn
It’s the end of an era, sort of: Fraunhofer IIS, the developers of the MP3 audio compression format, announced that they are ceasing their licensing program. In a blog post, spokesman Matthias Rose says that it’s had a good 20-year run and is obsolete. But it’s also true that the decoding patents expired last year, […]
Freddy deBoer writes that he’s been telling the same joke for years about Silicon Valley’s only product, which might be universalized as “At last, a way to verb with nouns on the internet!” But the social-media techopoly is stable, now, and so the venture capitalists have moved on to the three terrible trends that will […]
Alex Wood is an addict but won’t give up his smartphone. But he has five strategies for limiting its control over him: “I used to wake up tired. My body would ache and my head felt sore, like waking up with a hangover. Finally, I took control, like attending an AA class for addicts, I […]
Yes, yes there is. The ultraportable Twisty Glass Mini boasts all of the simplicity of its forebear, while fitting just a little bit better in your pocket.The Mini is perfect for casual smokers, and anyone who doesn’t have the patience or fine motor skill for rolling papers. This piece keeps the convenient design of its older […]
Learning to code is a perfect way to grow your technical sophistication, and open up a host of new career options. But since most “learn to code” initiatives focus heavily on web development, it can be tough to find good resources for general-purpose computer science outside of a 4-year degree program. To get a broad […]
While many newer smartphones boast decent water resistance, most of us are still stuck with the kind of handsets that need to spend the night in a bowl of rice when they get wet. If you want to enjoy your favorite podcasts in the shower but are holding out for your next phone upgrade, this […]