Here's a PDF that purports to be Michael Lynn's presentation on Cisco's critical vulnerabilities ("The Holy Grail: Cisco IOS Shellcode And Exploitation Techniques"), delivered at last week's Black Hat conference. Lynn's employer, ISS, wouldn't let him deliver the talk (they'd been leant on by Cisco), so Lynn quit his job, walked onstage and delivered it anyway. (See yesterday's post
and Scheneier's take
1.9MB PDF Link
Update: Seb sez, "Cisco, Michael Lynn and ISS have all come to an 'arrangement'. It would seem all material pertaining to the flaw, the exploit and the talk are to be handed over to Cisco, who will presumably lock it all up and throw away the key. All videos of the presentation are to be handed over as well, and Lynn has been forbidden from talking at Black Hat or Defcon."
Michael Lynn, a former ISS researcher, and the Black Hat organisers agreed to a permanent injunction barring them from further discussing the presentation Lynn gave on Wednesday. The presentation showed how attackers could take over Cisco routers, a problem that Lynn said could bring the Internet to its knees.
The injunction also requires Lynn to return any materials and disassembled code related to Cisco, according to a copy of the injunction, which was filed in US District Court for the District of Northern California. The injunction was agreed on by attorneys for Lynn, Black Hat, ISS and Cisco.
Lynn is also forbidden to make any further presentations at the Black Hat event, which ended on Thursday, or the following Defcon event. Additionally, Lynn and Black Hat have agreed never to disseminate a video made of Lynn's presentation and to deliver to Cisco any video recording made of Lynn."
Update 2: Randi, a reader who claims to be an ex-coworker of Lynn's, and the girlfriend of Lynn's roommate, says, "A settlement with Cisco has been reached, but ISS is still pursuing criminal charges. The press doesn’t appear to know yet that the FBI is performing an investigation now, starting with seizing equipment from Michael and his roommates. On a happy note, Mike has received quite a few job offers, including from some places you wouldn't expect."
Update 3 Courtesy of James, Wired News's coverage of the FBI's investigation of Michael Lynn
The office I work in is full of things old people buy to make themselves feel young again. I can honestly say that our awesome new toy, The Swagtron T3 Hoverboard, makes me feel very, very old. I’ll explain why later. Swagtron T3 Pros There’s no way to overcharge the battery and that means no […]
One thing that’s consistent among amateur pool players is that they unknowingly stand up during their shots. Just as in golf, pool players need to keep their heads down and stay still after they shoot in order to hit straight. The DIGICUE helps keep shots consistent by letting you know every time you’ve had extra […]
A leaked memo from Apple CEO Tim Cook to his staff explaining why he met with Donald Trump — a guy who called Apple traitors for refusing to defeat their own security — explains the rationale: “tax reform.”
Computer hacking isn’t just something happening to the DNC. Major software companies need white-hat hackers to ensure the security of their products and users, and I came across a Computer Hacker Professional Certification Package that conveniently teaches those advanced IT techniques online.This course package will prepare you for various computer security certification exams with over 60 hours […]
One of the best ways to progress a career in project management is through earning recognized certifications. These certifications carry significant clout and don’t require expensive tuition or student loans. This Ultimate Project Management Certification Bundle is a great example of an affordable way to get ahead. It includes training for 9 certifications including PMP, […]
There’s nothing quite like the rush of playing against a real human opponent. But from a developer standpoint, creating fun multiplayer experiences is incredibly complex. Fortunately, the Unity3D game engine has made all aspects of game creation, including multiplayer functionality, as accessible as ever.This Unity Course Bundle introduces all of the necessary elements of creating […]