Cisco, Researcher Settle Flaw Tussle
Cisco said it has settled a dispute with a former researcher from Internet Security Systems who had quit his job so he would be free to give a speech about a flaw in Cisco routers at the yearly Black Hat conference in Las Vegas. The communications hardware maker had threatened legal action if the presentation was given.
Any source code that researcher Michael Lynn had in his possession must be returned to Cisco under the agreement. Lynn will also be barred from ever giving a presentation on the topic again. The settlement appears to be a win for the company, which felt the release of the flaw was "premature" and dangerous to customers.
Lynn, on the other hand, said after he made the speech that nothing malicious was intended by his presentation and claimed it was aimed at getting Cisco customers to upgrade their firmware, which remedies many of the problems he highlighted.
Cisco and ISS pursued legal action against Lynn and Black Hat to prevent any further information on the vulnerability from being released.
It also appears as if Cisco is also trying to sweep any evidence of the presentation ever happening under the rug. As part of the settlement reached in San Francisco court Thursday, Black Hat will turn over any video of the presentation.
"We are gratified with the court's actions. Cisco and ISS took action only as a last resort, to stop continued irresponsible public disclosure of illegally obtained proprietary information," Cisco said in a statement.
However, it seems as if Lynn disagrees with Cisco's stand, and told the Associated Press that the company never admitted that somebody could take control of their routers. "They fought that argument for a long time. You can see how far they're willing to go. I demonstrated it live on stage. That debate is over now."