Bruce Schneier has posted a fascinating story about Cisco’s harassment of a security worker called Michael Lynn:
Lynn was going to present security flaws in Cisco’s IOS, and Cisco went to inordinate lengths to make sure that information never got into the hands of the their consumers, the press, or the public.
Cisco threatened legal action to stop the conference’s organizers from allowing a 24-year-old researcher for a rival tech firm to discuss how he says hackers could seize control of Cisco’s Internet routers, which dominate the market. Cisco also instructed workers to tear 20 pages outlining the presentation from the conference program and ordered 2,000 CDs containing the presentation destroyed.
In the end, the researcher, Michael Lynn, went ahead with a presentation, describing flaws in Cisco’s software that he said could allow hackers to take over corporate and government networks and the Internet, intercepting and misdirecting data communications. Mr. Lynn, wearing a white hat emblazoned with the word “Good,” spoke after quitting his job at Internet Security Systems Inc. Wednesday. Mr. Lynn said he resigned because ISS executives had insisted he strike key portions of his presentation.
A copy of Michael Lynn’s presentation is now available here.
Comments
One response to “Cisco harass security worker”
[…] Tom Raftery had this to say, which was very interesting for the world of computer and network security. Why would Cisco try to silence a man that could reveal something about their product which compromised a majority of computers and networks on the planet? In this “open” world of the World Wide Web we expect better, we want the hardware that runs the ‘net to be the best, and to be as secure as possible, especially in this day and age. […]