And so Cisco's IOS nightmare continues - Silicon Valley Sleuth

Silicon Valley Sleuth, an insider's view from Silicon Valley
 A blog from V3.co.uk

January 2010
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            




Other blogs
Download Junkie
Your daily dose of download discussion

IT Sneak
V3.co.uk's under cover reporter offers odds and ends from the odd end of the technology

Mac Inspector
Drills to the core of the latest Mac rumours and news

Security Watchdog
Sniffing out IT security issues

The Frontline
Insight into the latest tech news from V3.co.uk's team of reporters

V3.co.uk Labs
The latest UK business technology: quick reviews and first impressions




« IOS controversy: could blogs and news websites be next? | Main | The hacker hacked »

And so Cisco's IOS nightmare continues

Cisco and ISS just can't resist to further ruin their damaged relationship with the security community and have expanded their legal campaign against an IOS vulnerability hack to any website that offers the slides from a presentation that they had failed to stop.

But as the spat's latest victim notices, this will only turn more attention towards the flaw and the real problem of Cisco's vulnerability.

First Cisco and ISS sued security expert Michael Lynn over giving details about a vulnerability in the IOS software that runs Cisco's routers on Wednesday at the Black Hat security conference in Las Vegas. As usually happens, the party that brought in the most lawyers won. Lynn didn't have much of a defence given that he had used information that he wasn't supposed to have after he quit his job at ISS, and had obtained it illegally to begin with by reverse engineering IOS.

But as the injunction against Lynn already suggested (see previous post), Cisco and ISS didn't stop at Lynn. They are now sending cease and desist notices to operators of websites that offer detailed information about Lynn's presentation, demanding that they remove the information.

Enter Richard Forno's website at Infowarrior.org. At 4 PM on Friday users could download a PDF document with Lynn's presentation from the website. I too could have done so, but I prefer to spend my days writing about Cisco's legal spats, not being part of them .

Forno received a fax from an ISS attorney at 5:22 PM. Shortly thereafter he took the document offline and replaced it with the fax.

Forno is anything but a coward for taking the document offline. As he points out in an email to vnunet.com, this only focuses more attention to the whole IOS issue. And hopefully it will fuel a serious discussion about the role of the software in the (in)security of the internet.

There must be a few PR managers and senior executives at Cisco scratching their heads this weekend, trying to figure out how the router maker that seemed to could do no wrong suddenly turned into the boogieman of the high tech industry.

The answer is very simple: they went bad the moment they got the lawyers  involved.

You don't improve internet security by sending cease and desist letters. You do that by engaging in the conversation.

Iosvillage2_1
A safer Ios - the Greek island that is.

Tags: cisco, ios, black hat, michael lynn, iss

July 30, 2005 6:25 AM |

Comments

Post a comment







Useful links: About | Privacy policy | Terms & conditions | Top of the page
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093