The Latest on Black Hat's Cisco Soap Opera

LAS VEGAS -- Yesterday, the biggest gossip circulating among the attendees at Black Hat here revolved around the initial-session talk given by Michael Lynn, detailing a completely new form of exploit that, given certain very specific and limited circumstances, could give someone complete control of Cisco routers.

At the outset, Lynn announced to the rapt audience that, two hours before he'd given the talk, he'd resigned his position at Internet Security Systems.

The latest news, as of around 7 pm, was that Cisco and ISS had filed the first legal papers in San Francisco that seek to squelch both Blackhat and Lynn from releasing any more information, including videotape of the conference session. (See CRN story for details.)

Black Hat CEO Jeff Moss said he expected to receive some sort of legal documents sometime today.

What is still unclear is what exactly Cisco or ISS expect to happen if they issue the restraining order. Lynn gave his entire talk, where he demonstrated the vulnerability but revealed almost no useful technical details that would enable anyone in the audience to repeat the attack. Surely, some members of the audience recorded the presentation and have passed around those audio recordings.

Frankly, once a talk like this is given, the cat is now thoroughly out of the bag, and it's up to Cisco to fix the problem, not attack the whistleblower or his "whistle"--that is, the conference organizers.

The whole thing smells very similar to the controversy when computer science researcher and Princeton University professor Edward Felten was prevented, at the eleventh hour, from presenting the results of his research into serious faults with a form of digital music "watermarking," called SDMI, at an academic conference in 2001. Facing the threat of a lawsuit from RIAA, he withdrew his paper from the conference, but later presented the results at a different conference. Felten was never sued, and SDMI promptly disappeared, never to be heard from again.

Lynn himself has been scarce since his talk. Every reporter on the scene has surely e-mailed him several times by this morning.

At the end of the presentation, Lynn posted his resume as a presentation slide, and quipped to the audience of his fellow security analysts that he's now looking for work. More than a few conversations around the lounges and restaurants last night in Caesar's Palace (where the conference takes place) revolved around this topic, with representatives of other security companies wondering aloud who would hire Lynn now that he's left ISS, and whether they could snap him up before someone else does.