Cisco Systems Inc and Internet Security Systems have won a permanent court order to stop a former Internet Security employee from discussing ways to exploit weaknesses in Cisco equipment vital to the operation of the Internet.
Former Internet Security Systems employee Michael Lynn this week told the Black Hat conference of security enthusiasts about the vulnerability of Cisco routing equipment, despite concerns by the companies.
The ruling by a US District Court in San Francisco permanently bars Lynn and the Black Hat conference organisation from further disseminating, in any form, a presentation Lynn gave at the conference on Wednesday in Las Vegas.
Lynn declined to comment. Jeff Moss, president of Black Hat, predicted the ruling would have a dampening effect on security enthusiasts.
"People will say, 'Why would we tell the public about this if we're going to be sued? We're just going to post this anonymously,'" he said. "Who is going to tell Cisco about a problem now?"
Internet Security Systems said in a statement the information Lynn presented did not disclose a new vulnerability or flaw with Cisco's Internetwork Operating System software but was a description of ways to "expand exploitations of known security vulnerabilities" affecting Cisco's routers, which direct Internet traffic.
An FBI spokesman said the agency took such cases seriously but would not comment on whether Lynn was under investigation.
Cisco said it had not seen any "abnormal activity" such as efforts to hack the company's routing equipment since Lynn's presentation.
"At this point, we are not aware of any active exploits," a Cisco spokeswoman said. Internet Security Systems had no further comment on the matter beyond a statement that the court injunction was granted.
Internet Security and San Jose, California-based Cisco, the biggest maker of gear used to direct traffic over the Internet, filed a joint request for the court injunction after Lynn gave the presentation.
Lynn made the presentation after he had given his resignation to Internet Security Systems.
The Black Hat conference is a big gathering of computer security enthusiasts who mull the latest and greatest trends in tech security.
The court ruling forbids Lynn from making further use of, or disclosing, any of the research in the presentation that he conducted while employed by Internet Security.
Cisco said in a statement on Thursday that Cisco and Internet Security had prepared an alternative presentation designed to discuss Internet security, including a flaw Lynn had identified, but without revealing Cisco software "code" or assistance that might help third parties exploit the flaw.
Cisco said it and Internet Security were told they would not be allowed to present that presentation at the Black Hat conference.
Atlanta-based Internet Security Systems said it provides protection for these Cisco vulnerabilities.
Internet Security is known for its network intrusion prevention software that offers big companies in industries like banking and automotive protections to keep Internet menaces like viruses and spam from getting inside corporate networks.
Comments
Comments are closed.