Fiasco: BlackHat, Cisco, ISS, Lynn

[This was originally published on the OSVDB blog.]

There are far too many articles covering this topic to justify me rewriting the story in my own words. So in summary, relevant links with background. End up with Schneier’s commentary for a good summary and additional links.

BlackHat Briefings: Cisco IOS Security Architecture by Michael Lynn
http://www.blackhat.com/html/bh-usa-05/bh-usa-05-schedule.html

Security researcher quits job and blows whistle on Cisco’s fatal flaws
http://www.boingboing.net/2005/07/27/security_researcher_.html

Cisco, ISS file suit against rogue researcher
http://www.securityfocus.com/news/11259

Cisco Security Hole a Whopper
http://www.wired.com/news/privacy/0,1848,68328,00.html

Cisco Security Advisory: IPv6 Crafted Packet Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml

Cisco, ISS, Michael Lynn and Black Hat sign legal accord
http://www.networkworld.com/news/2005/072805-cisco-settlement.html
Cisco settles dispute with flaw researcher
http://news.com.com/2061-10789_3-5809295.html?part=rss&tag=5809295&subj=news

Text of the Cisco-ISS-Lynn-Black Hat Agreement
http://blogs.washingtonpost.com/securityfix/2005/07/text_of_the_cis.html

Rick Forno hosts Lynn PDF, gets C&D from ISS
http://www.infowarrior.org/users/rforno/lynn-cisco.pdf

Cisco Harasses Security Researcher
http://www.schneier.com/blog/archives/2005/07/cisco_harasses.html

Leave a Reply

%d bloggers like this: