[ISN] Juniper researcher Michael Lynn crashes Cisco party at Black Hat

From: InfoSec News (alerts@private)
Date: Fri Aug 04 2006 - 09:48:02 PDT


http://www.networkworld.com/news/2006/080306-lynn-cisco-black-hat.html

By Ellen Messmer
NetworkWorld.com
08/03/06

The invite-only party last night that Cisco held at a nightclub for Black 
Hat conference attendees was crashed by security researcher Michael Lynn, 
who last year was sued by Cisco for revealing a serious flaw in Cisco 
routers.

Along with some friends, Michael Lynn, who now works for Cisco rival 
Juniper Networks, evaded the security checks Cisco had put in place for 
the party, which included a name check and legal identification.  Lynn and 
his friends, declaring "Cisco owes us a drink," gleefully posed in front 
of a Cisco sign inside the Pure Nightclub. Once aware the Lynn entourage 
had crashed the party, Cisco employees took it in stride.

"We're here to let security researchers know we want to work with them," 
said Jeff Platon, Cisco's Vice President of Security Solutions Marketing, 
with some diplomacy.

In his former job as security researcher at Internet Security Systems, 
Michael Lynn incurred the wrath of both ISS and Cisco at last yearÂ’s Black 
Hat conference as he defied them in going ahead with a planned talk to 
reveal a buffer overflow vulnerability in Cisco gear.

Cisco and ISS had sought to cancel the talk, even destroying informational 
material that had already been prepared for attendees.

Lynn, who quit his job at ISS to disclose the Cisco software flaw, was 
sued by Cisco and ISS, though the lawsuits were resolved within the week 
with help from attorney Jennifer Granick.

Last night, Lynn said he was enjoying working for Juniper and had moved on 
from doing vulnerability analysis to assisting Juniper in product design 
and development across its product line. "Sometimes it's letting them know 
what to do, sometimes it's more of a matter of not doing something," Lynn 
commented.

Also at the Cisco party was Gerhard Eschelbeck, CTO at Webroot which makes 
antispyware software. When asked whether Webroot would stick to being just 
spyware or branch out into antivirus as well, Eschelbeck said the company 
was considering a broader strategy that would encompass "malware" 
malicious code in general.

Eschelbeck said Webroot is considering acquiring an antivirus firm in 
future announcements on that score were likely to be forthcoming.



_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Fri Aug 04 2006 - 10:00:50 PDT