Here's a PDF that purports to be Michael Lynn's presentation on Cisco's critical vulnerabilities ("The Holy Grail: Cisco IOS Shellcode And Exploitation Techniques"), delivered at last week's Black Hat conference. Lynn's employer, ISS, wouldn't let him deliver the talk (they'd been leant on by Cisco), so Lynn quit his job, walked onstage and delivered it anyway. (See yesterday's post
and Scheneier's take
1.9MB PDF Link
Update: Seb sez, "Cisco, Michael Lynn and ISS have all come to an 'arrangement'. It would seem all material pertaining to the flaw, the exploit and the talk are to be handed over to Cisco, who will presumably lock it all up and throw away the key. All videos of the presentation are to be handed over as well, and Lynn has been forbidden from talking at Black Hat or Defcon."
Michael Lynn, a former ISS researcher, and the Black Hat organisers agreed to a permanent injunction barring them from further discussing the presentation Lynn gave on Wednesday. The presentation showed how attackers could take over Cisco routers, a problem that Lynn said could bring the Internet to its knees.
The injunction also requires Lynn to return any materials and disassembled code related to Cisco, according to a copy of the injunction, which was filed in US District Court for the District of Northern California. The injunction was agreed on by attorneys for Lynn, Black Hat, ISS and Cisco.
Lynn is also forbidden to make any further presentations at the Black Hat event, which ended on Thursday, or the following Defcon event. Additionally, Lynn and Black Hat have agreed never to disseminate a video made of Lynn's presentation and to deliver to Cisco any video recording made of Lynn."
Update 2: Randi, a reader who claims to be an ex-coworker of Lynn's, and the girlfriend of Lynn's roommate, says, "A settlement with Cisco has been reached, but ISS is still pursuing criminal charges. The press doesn’t appear to know yet that the FBI is performing an investigation now, starting with seizing equipment from Michael and his roommates. On a happy note, Mike has received quite a few job offers, including from some places you wouldn't expect."
Update 3 Courtesy of James, Wired News's coverage of the FBI's investigation of Michael Lynn
I asked Amy Parness, the co-founder of Sparkle Labs, maker of fantastic educational electronics kits, to write a Medium post about gender and the business of being a maker business person. Her terrific essay calls out the problems with “pink girly engineering kits.” From Medium:
Zero UI is the new term for “invisible interfaces”—what happens in the future when all the clicking and tapping and typing is history: “If you look at the history of computing, starting with the jacquard loom in 1801, humans have always had to interact with machines in a really abstract, complex way.” [Fast Company]
CEO Dick Costolo will resign, to be replaced in the interim by Jack Dorsey
It’s time for a power upgrade — throw out that tired-out power strip and swap in this family-size USB charger, packed with 6 high-speed ports. With a built-in control chip, Kinkoo optimizes each port to ensure the fastest charging possible for all your devices. The Kinkoo is made from high-grade and durable materials so you […]
Watching Netflix, Hulu or other streaming services can unfortunately be difficult while traveling outside the US. Rather than bypass these restrictions with the help of a complex and slow VPN, choose a faster and simpler solution with Getflix. Instead of rerouting all your Internet traffic through a different server, this handy service only routes the […]
Shake, stir, and muddle your way to delicious homemade cocktails with this must-have bar set. Expect only the finest quality tools from MakersKit — enabling you to unleash your inner mixologist.Top 12 Favorite Things of 2014, Sunset MagazineQuart-size vintage-style Mason jar shakerRetro double jigger for accurate measurementsStrainer & spouts for a mixologist-style smooth pourHardwood muddler […]