Cisco Router Flaw Goes Public

Each year, the Black Hat security conference gathers to talk about security vulnerabilities within currently available technologies.

Obviously, manufacturers are not too happy with these disclosures, but this week Cisco went as far as threatening legal action against conference organizers if a presenter was allowed to reveal potentially damaging information about the company's routers.

Michael Lynn, a former researcher with Internet Security Systems, showed how hackers could gain control of Cisco Internet routers. The flaws could potentially pose a security risk to both corporations and government entities, which use Cisco's products in large numbers.

Lynn quit his job with ISS before making the presentation after executives from the company demanded he remove sensitive portions. Cisco instructed its own workers to tear 20 pages of information, as well as destroy some 2,000 CDs containing information on the presentation.

Cisco and ISS are also pursuing legal action against Lynn and Black Hat to prevent any further information on the vulnerability from being released. Cisco maintains that Lynn somehow obtained the information used in the presentation illegally.

Claiming the release of the flaw was "premature," Cisco is justifying its actions as a way to protect its customers.

Lynn, on the other hand, says nothing malicious is intended by his presentation, claiming it is aimed at getting Cisco customers to upgrade their firmware, which remedies many of the problems highlighted in his presentation.

While Lynn initially agreed to cancel the presentation, that changed when he took the stage. Lynn had quit his job with ISS shortly before the presentation, which meant he was no longer bound by the agreement ISS had struck with Cisco.

"What I just did means I'm about to get sued by Cisco and ISS. Not to put too fine a point on it, but bring it on," Lynn said after giving the presentation.