Thursday, July 28, 2005

Watch Cisco's Lawyers: There's a Security Fire

A 24-year old technician at Internet Security Systems Inc. (Nasdaq: ISSX) claims he has found numerous and fundamental security flaws in Cisco's router operating system. The researcher, Michael Lynn, quit his job when threatened by Cisco's lawyers. Cisco wanted to halt a presentation at the Black Hat security conference on what Lynn had found. There was extensive coverage in today's Wall Street Journal.

This story is early in its life, but it will have legs. It appears that Lynn is right in his belief that there are vulnerabilities in Cisco's routers, a critical and very widely used component in trusted Internet infrastructure. One interpretation of events this week is that Cisco is aware of the problems but does not have solutions: premature disclosure of vulnerabilities alerts the bad guys.

It would certainly behoove network administrators to be extra vigorous in quickly applying any patches that Cisco puts out.

Update the suit was settled out of court late Thursday.

No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.