Thursday, August 04, 2005

Ciscogate:The Lynn interview

#155 In an exclusive interview with Wired News, Mike Lynn discusses the events behind the scenes leading up to this week's IOS exploit disclosure at Black Hat, and what he thinks it means for the security of the internet.

This is an absolutely MUST read, and actually quite disturbing (how Cisco and ISS management handled various things). Given all the legal attention Lynn has been receiving of late I doubt if he would not be telling the truth for fear of further reprisals. For another highly recommended "inside view", Lynn's attorney, Jennifer Granick has a detailed weblog about what happened at BlackHat and DefCon and the various lawyer meetings with Cisco.

The most significant quote out of all of this for Cisco customers to take heed of is "(Right now) nobody patches Cisco routers because there's been this culture (that) there's just never anything that can go wrong (with them). So, unless there's some really critical thing that's making it crash, people don't install the patches.... We have to change the public perception about patching now, and that cause is not best served by pretending that there's not a problem and saying maybe you can talk about this next year.... The time to talk about this is before the critical problem comes around. "

There is a nice reflection of this interview as well as comments on how unpatched Cisco routers are in customers networks on the Lil Bambi weblog. Also, Computerworlds' IT BlogWatch lists how other security bloggers are reacting to revelations from the Lynn interview.

..and two amazing predictions made before the event that were spot on the money...

13 July Hackers to target Cisco next?
13 May Best you start thinking about patching your IOS now

UPDATE 1: Here's some news about the FBI's investigation into Lynn leaking trade secrets.

UPDATE 2: Bruce Schneir makes a point in his blog update by quoting : "Copies of Lynn's talk have popped up on the Internet, but some have been removed due to legal cease-and-desist letters from ISS attorneys, like this one. Currently, Lynn's slides are here, here, here, here, here, here, here, here, here, here, here, here, here, and here" .

UPDATE 3: ZDnet in Australia posts an interesting article about ISS defending its actions. Michael Lynn's former employer has insisted it has treated him fairly throughout the Cisco IOS flaw affair, but others in the industry remain unconvinced, especially The founder and chief executive of Check Point, Gil Shwed, who accused ISS of hypocrisy and using the disclosure of vulnerabilities to drum up business. "It's not for research activities, it's not done to promote the community... it's done for marketing, it's done to promote ISS," he said at a Check Point user event in Bangkok, Thailand.
Rate this post: (Provided by NewsGator)


Blogger LilBambi said...

Hey Dwaine! You are so right! Definitely some Blogosphere Synergy. :-)

I am glad to see folks picking up the banner for Lynn in the face of big corporations that are attacking him when all he wanted to do is make sure the Internet remains safer at the router level for businesses and governments and even for us as website owners and Internet users.

Lynn was very clear about the fact that Cisco was aware of the vulnerability and had a fix out before he made his 'demonstration' to get folks concerned enough to update their affected Cisco routers since Cisco hadn't properly impressed upon their own customers the need to do so at that time. And to show that the new version may be a better architecture but not as safe as it should be and that it can be fixed before companies and governments start depending on it.

I commend Lynn on what he did and how he did it.

Thursday, August 04, 2005 3:54:00 PM  

Post a Comment

Links to this post:

Create a Link

<< Home