Cisco employees spent hours tearing out Lynn??™s disclosure
presentation from the conference program notes that were being provided to attendees.
Cisco also ordered 2,000 CDs containing the presentation destroyed. Just before giving
Chapter 3: Proper and Ethical Disclosure
49
PART I
his alternate presentation, Lynn resigned from ISS and then delivered his original Cisco
vulnerability disclosure presentation.
Later Lynn stated, ???I feel I had to do what??™s right for the country and the national
infrastructure,??? he said. ???It has been confirmed that bad people are working on this
(compromising IOS). The right thing to do here is to make sure that everyone knows
that it??™s vulnerable...??? Lynn further stated, ???When you attack a host machine, you gain
control of that machine??”when you control a router, you gain control of the network.???
The Cisco routers that contained the vulnerability were being used worldwide. Cisco
sued Lynn and won a permanent injunction against him, disallowing any further disclosure
of the information in the presentation. Cisco claimed that the presentation ???contained
proprietary information and was illegally obtained.??? Cisco did provide a fix and
stopped shipping the vulnerable version of the IOS.
Pages:
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158