Cisco whistleblower legaled into silence

Cisco routers running their IOS operating system make up the vast majority of the Internet’s “infrastructure” devices. Basically, routers connect everything to everything else. IOS was widely considered to be rather secure. In particular, “running arbitrary code” on a Cisco router running IOS was thought to be extremely difficult.

Mike Lynn, a technologist at security company ISS, was about to reveal at the Black Hat security conference[*1] a method of running arbitrary code on IOS routers. Cisco, ISS, Black Hat, and Lynn entered negotiations and Lynn’s presentation was (literally) ripped out of the Black Hat conference proceedings. Lynn then resigned from ISS and gave his presentation anyway. Threats of proscecution and litigation ensued. Lynn has apparently backed down[*2] :

Lynn and his attorney agreed to a permanent injunction that prevents him from using any Cisco code in his possession for further reverse engineering or security research or presenting the same material at the DEF CON hacker convention which follows Black Hat. In addition, Lynn must hand over the names of any websites or people to whom he gave or sold the information. The permanent injunction does not prevent Lynn from doing further research on Cisco products, provided it is done legally.