|
|
|
Cisco Files Suit to Gag Researcher, Security Conference
By: Paul F. Roberts
2005-07-27
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
Saying information about a flaw in Cisco's IOS was obtained illegally, the company attempts to keep former ISS researcher Michael Lynn from publicizing the discovery.Cisco Systems and Internet Security Systems have asked a U.S. District Court to issue a restraining order against a former ISS researcher and Black Hat over the leak of information about security holes in Ciscos Internetwork Operating System.
The two companies jointly filed an injunction and temporary restraining order Wednesday against researcher Michael Lynn and the Black Hat Briefings Conference, demanding that Lynn and Black Hat Inc. stop disseminating information on security holes in IOS (Internetwork Operating System) that Cisco Systems Inc. alleges was illegally obtained.
Lynn and Black Hat were not immediately available for comment. A Black Hat spokesperson said she was not aware that the companies had taken legal action.
The legal move follows two days of high drama, in which Cisco tore pages concerning the hole out of the Black Hat Briefings conference proceedings and had CDs containing the presentation removed.
 Read more here about Ciscos attempts to prevent discussion of an IOS vulnerability at Black Hat.
On Wednesday, Black Hat organizers announced that a planned talk on the IOS hole would be cancelled, prompting Lynn to resign his position at ISS (Internet Security Systems Inc.) and give the talk anyway, to a packed audience of security experts and hackers.
According to Lynn, flaws in IOS could allow attackers to use existing "heap overflow" vulnerabilities to take control of Cisco routers running IOS.
In heap overflow attacks, chunks of data are sent to vulnerable systems that cause areas of the devices memory to be overwritten with code of the attackers choosing.
The technique developed by Lynn would give remote attackers access to the IOS "shell," from which the attacker could control the device. With control of a Cisco router running IOS, for example, attackers could control or snoop on the content of network traffic passing through the device, Lynn said.
While the strategy does not involve new security vulnerabilities in IOS, it provides a way for malicious hackers to amplify the affect of known heap overflows, a Cisco spokesperson said.
By reverse-engineering IOS code, Lynn found a way to disable a process called "check heap" that is designed to detect such irregularities, and used an older exploit, known as an "uncontrolled pointer exchange," to gain control of IOS systems.
Click here to read about the Black Hat conference and database security.
Lynn violated the terms of his end-user agreement when he reverse-engineered, then publicized snippets of the IOS code, according to a Cisco spokesperson.
As of Wednesday evening, a Federal district court judge in San Jose, Calif. was reviewing the request for an injunction and cease-and-desist order, the Cisco spokesperson said.
"We hope the facts come out that what [Lynn] did was illegal. Cisco will do what is necessary to protect our customers and intellectual property," he said.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
|
|
�������x}ks㶲qU��S$5Ҕlcؖciƙn(��S$�IO['7n7�%?&{ScK�h4�F%ۚnXcra3��Π^HRcg͛6{C'(Ȑԭg��R�m�w4V=3OL��A����+yV�შ��b�H����%�j'~=xkLslL1dč16�\�3�Ѣe�b
^Pk$ȁ_uxܤ�%HC8�5Ѻ!AQ�w�g^#A}#%L}{*�N5wlX�Q�CRT�/FX�P~�FD�cf�?Z�ϩgv^/ԡ��x%�E1\shj�US?z�ZoV͉*]XYu�jZlLw�E?iQָqj>\NHsোV|߂)W��F0�,h�eݴ�sÚcR>LGݣfZ+ʁ~�^1p�-^n3B��e��u:f<̟=0��;mJ�SS�i}YVi |��
I�8hhFƋEri�6����iH'D4A�?
dzG\`��x:3� �
z7s�F#m�v=@W�T�[�(�7?�� ;
K`pm�&;�xk
�z90�Ё4q�jR��*3<��ûmd<
�gx ���i
��L<�ĥlH }p�]x9-WR���C/0@\JIAtmN|t�"AђF��(�4� �g3#X"M"'Gs`[X��;�.VKŸ�\*y"�JM':WKR�h&,��,BV-KPf%i2i0��W-&D7rB��.G �7Kᙖ&ZlY,*|\O5�&F#ch�f=tA.ϼG3I�`0�D��D%\Ew,O�f�kzn0�
H6(qa6Ê0ӊYsƾ�
s����ҸFvGM'�М��,�'pBB+H5L��´Lh@�,iobcs8A�yT�X�ouMl�f{aM�v"�Vv�6P�z�4fs)wdmӰnW�C77UBsN@B/W2 \_&VAB5
6d:ɤPl';oW f8$|r%e�y� x�j~�#J}Mox��=h{q#%NA{
��=�e河�x_OuXKnuo?JյI8�JҰ.�Z*���!d[�}aa6E]�QZRKHD@CR)е�
saŰ,B�
/0\:�Cb&^fxhQ nM>*m!}�|qö��VO5/�TY9Ϧ7��4-j)+�ثX3l�d �tA�qF�AKg>��[
elp
ku��P�C6�u\'7�gsm�lr��f.�G1�`;�ۋhpBa e ֤ȫU5=�ゆ��_�ۄ�K a*814kqq;_Z�vO[tٔzohNVp�� Dza`iNR}�
0^gujΤc!�R��XO%}�T5"QȚ5'A(JqЧȅa| s Mn��N�uW�hPQ�
BI�M5+�F-/;һGݶ^�*ߊ��kh@jc4e2fj��4_l0-xocJ�D%xXPr'�N|YUKZQT*8+0yϸoF�SO@Px��B�h�/Op}rywM}C7/OAPz~gn-&Wڜq��שeXTXe���1�0k��fWc#S@)w@F(i>�.KTNj�ZA7\:kFNM۩��{1��
��"����<έ!1��L��xuS�B1"GBƆ�g%:��!pwC*yUd
awk*���:@u�Wt��a�7 �X�]Q�iS3>-R�x�sֹi>UN�ZЁP}5u4s=X\���``!>
?b&аW؇b_@�UrP-9kyE1�E����P�a54�'v*��1�>H(TX�g7cMH]ac6U�{z@nb)Z'ڝ-WvhX�JE噓CIۛ�G|5{ |l3=GNq�L+ s0bsI�l
x@̬�m!w0m9�5b~���y�-0P>Oϗb=`�4Ω,6rO�]Ӟque��lO>=ՃR��5:=F`=�Эt;Gv'� ܶtϡR@�7��PU ��ō�fπifOdž�
mԃ]M1p
Jxm"{(OU?"⣤:i2R�BE-)1CoE����7xџYD+(++i-Z2�˾~
m.E��[�F�4˷�ʨK�3[,X.DД�5Ϩ��x=d�Rb�
k�QhCa[��,ZbХ,D(�?x�i3rY��*`WdP�%�Hbx|{W
!iz^8q��oRٛظ�~2��_�K��LC�VjD��3,�`jBU\㯌&��D\7{q!��U%W
BQ`��о(&[߳M/ɪO@T�#��;?�t%.cMwvH
yO}ڹI͋C<Ĺ{�g:vݹ<$�"̼5rj?y�jysq 4
8&/OZ�Rם�'R&�ø@o3)=h3 J@��c��Iv1]�0�~�r*gEyrҾ|/]wXog^�hy# @xGW:^Bh^o_/I;k~�Fۗ-)u��o= R#�!5/�Y�F�^9>o5�O�M1k�0ѭxѤ<��!
;fWP~M@�y}\9`B4|�^�5c��fpX[ۍZ��_aݪ�,d"0�!&���UtZ>���@�RPOh�[#NݫHvRgp=4{"�
B�B�0F_TJh�)4zu�Sxv:\79S��j67 EGW%'[+�u{-�-��:}mF�ў`�m�e܃�*WV|[k'?>!)���.4t왏Q5䅠s"K1xc�|q�AZ$|l]��
9%0�\(��c6�?G0��cd���J�b,0oB�O�&.�[�jցS橩-bB�<<�ah�:_<�Y�'i�M,$_�Mx4HPW
Pقt��dž5>۴8�^]Ҿxu�Iyp4�2k��%85(^y�L��>ڢG -&GXuTq-�jշΫ�؉���lj9l01{>t�A^CrS�r�S"2KI�D�1uwb;2x�;�xZ1�̿ݮpne9{G|۷=s�'5\;�6'cv,Q�N�xq�f=7FstY�7YpgMb[;oA�Ć#w�BkQD=%7��`�v*=d]9E<.Dg)��=���!'�ryuMzgQ�W��$�tNs �wjh�w낧 �� �;c�#g䜁q+nne�ue��Psn�O)+evؽ¾"�8�
��0z�Nt,4P$9U
ۻ�Ȟ\EVe.tٕNx;:�pi�ɨ�@7Yu��(f~\;pOҠEc�5dw-uw{�bRcc7^
x9J>]-e%QJW=�]&ZDqw5V {QI9*p}�=,J`TT�yr^�Af&v?KYޟ;+�!bi8V=�Th6w-}c�Z�yi'K-x<ƑgO�a<7}5�0[f؞qfd"L��d<��J��;�m�oFp7�N
Ϧf_ O��%�FJ�aMٌ�)!a_�к õaV:���O�p$|#؈�O_�O�o*NƊ f*�ꈧ x&5[W�)�&5ŗ�x�pI�M{fr+���7��^=vʸ�!Ydm%F=�e�8�NK��ֈ㙡[A32O2�z]-�,0eROX�'G\/G_big�?���&��k�M{Q�c�yހK-6^�^}�eG�_Ӹ�ʚ�*.��!yq$JT�(!+c�/X`/.�xõ$xYx_(J D�Q�҂w|�XKt Y��71g^d;Ѭ1u���x�+Jy*xoWˈJ!�P;e�SH�&�_
nx���3^�f�9ED�/;�5�1Y� ء�D�[P7Wj\-ķrb; n �{/�h�i
ԥ!aJ454l�̸<_�b-;3|4kc4Fԕ�D�(Xİ��*l��4 �,Ax<��~dvEp��0<}DRJd IDB4
U.jIR*R�?g DG:Ètf�4aX$/3͛H�g&�"a[I#L{(i"�M6o �0�& �����0�),x56|y�%pK:4k_�ř$�Y�u5�$wf�_P+h{$���DF瑇�# J����#�� N�#�@'I뙐X��sx[恤Zݔ5/Κ!Ʒ*>._,Oj7<"a)L(�� �n��&"�n;��}ߪmjo>eIJJaS)84(� (ܙ{iiB�D��D8
'Ͽ%B<ٮύoH/oH�X6H�l]m�`|�G2>k.~Vp
@1��K(�D� p;�3v]nlW[u �ֱ�` .smq"i�q7/7/7/7/���{y#}�d"2��͓.R[T1W�5;
�Tz�#�s[?A"7Ux|cuG�o8>[E]Oj=8m�~>P!g 5��/R{.�Y�r$ǔo�`6hcg�6УH
�oc=+܂�T�_{��.�_l��!�ΎRU|Ň_�|rcޠm8VI�-f�ޡƓlv1Ek�&a�sѤs�H�" !&.�R�BzxUȵGOP�/osn��]R
Aѫ̿ڕtY[�xA_^�FZPyqg9Xk{�ހ�:
U'w/�pGu%뜃oA�====�*�v�ބJjI=����htEm܄2b>=[�7v&��$v})^�D8$tiDm�9�~a7�Ȱu�۾'a�I'TE��W.L,'&�\aO�T_-^G�XF%1���cgR) x_ڣ�;&sWٖ=K4Lp��u*=U=i)ε'�J]cli,�8Wz��i>tFj0��`��"!,��ʁ���`_> �-B�^z}܊��憌#)H-�էXϔ:X*ibT9{����A��av��/d�Cߦߍmjl3��`=
�=m���Wۇe߱$vtu-
ۉ$��B��*�I"�A~5��i?ccFN;M|�MAd`h֒�_fHɸ��'8�&S3yd0cT2̬,�bdf[_)��ᖀH��yr�,~vϳYb�>ن@Qy뢗ʿ�^S�G.V�%�Ǔy�0嚦X�'+f�C`,.Kb1DKb���Ћ��:$9�PC���ǹ6tmw"f�tx{QyV�P=G?}e?_W�,�L�Y+
ZAX#J:*㻝�1l nI>I570O:&-?G(p�[D�Ob{[� ��.h�Of:��
2,�a.,m9-0�
/#r~ۘP�^q���g$Wc��0�0��dv�{�+ʫ{��m�n'ʉh3�"j\IJ��js1/elJb�$F�yA x!�Fvw;�Kb+J6s{$Q�`+j�keo+� ,�!BΗ�9��D�NE0�7��v9We`8(ĒN˓z
��/(/)qylwK]�3�m.91�͂E
.
t
1�\(�jE<]C- {uRExeL<^^Ar�ç�i��/��"�rTI{ �K�!X[x��HU)
&`x�e~Ű�tl� 6t~^Šx!Vy
<�m�+=�߶MvX5.
{�u3fI<6߅�7cXz��2
F37:Qc{3YvfBOO��ތp��@�1j63�8E;l/�AF;�R?d_b���~~�R&gI*.5A4�`},k\%24bZ᧖/(%\֜�9ק|'mYJZT,wЗ�Ufv-l˻J�/n0|z`Bu�.':Tg�zRX�=oi9'MvGp�]X2y�=��0Y飏ji+�
� M� 9�ڭ]}G%�`y���z1߾�
w5W�سG>�,-Ԯ=0U�� Į��@W�FD}#i!���,t:´'tjhG&vU�tTJtz�yB
h>#Ժ3\B+�{^n9�$z.z{ΰ|oEZ`3+nޖT�mmqV]���F
Rx�3�o24Lj��С4�?R)&7�:*\W"гAԳFܞTk↉ky`�EPi�rLGh%9Q�ŧQ+3h=1@>�+p��S�C7R�46$Ae�5T?�0J\7{q�B
|Ub[�Ycz>_Ed�_�t�තI}coKI }
br�t�wǃ݂_� ѝ#Fw_
�6f^z�ZQ!NG�^C>N�!1K=�o~{@ۜp
X!q,�-D|�|0XV$ʽO��g-��?P�-RWldfB"@Ր��^�ȟ�Ѻi~F~he{Z]
d"�k�``:�snw� - �~�"R 'l�=��R+����aK9.��f+�Zw}؛
0kÎo8fkH�ע s)؇c*�[7?__v�aHe
>�h0�.gj9�UtK$|+2&�B�s�8���翛__]&: %��
�5"��|ͮ��ubH
э�'jk�М�1;ŜDQ�6/ށ�]O>vWLQ_j��*��{3wȥ4ˑ/ �H~�H'�U,���)��T��&}�fA=bA!>?~��e�ԍM)�H0\��ofRb���"(�[��]ă0>]hS'+SX-Ln1�YrC,zEQp#ߛ�h�S?X�K�mݜ�(�8��S�j1)t��/H�zsD
��úޙ�COFx`����3�W�VjE)�O�ӾRs]�1U�K&|inߣx444_eM�JR!e
�`x�zFgȈp�/w�/�'�&G]lFLf瘦yuuvI^Z{|ݾ;uO
܂/W[s9tܹtھl]]/{ƩL·_smeR0,g��4e�šj�&\�«a_rxIxqD_0=4��e8'Q?B)Qe3�\VC�aW~Sab^)o\|:Z��A��N|vuIc[O:o=jҡ/h5{a`1D�
'M&7�b�R:o�H粕i�&5+<�v��vq^_>4')_;�?ϴ/S�v
?w3)埠s��fE\@/R�/�}/R{�H�"��)y�y()��SϠ,_P�(H)L�K�L��I�:_:)
*?S���KޯP�_�R#L+}LG�@MZ9M
@7)�ݤ_|y�ʛ)rּ
)��QJy)8JR�E�rXB]�@y>++P/ntR�ث�:�/)/�)^�}{+sg#�q$��\a
-�/Y[S0�Q -��{}h}0�^ZE�/Jl�F� �AQ�yE#��C�h��toD.��s$�&}:i@L�w%<_[nNJ>�j9.~QBxdB$WI7Ɔ iS,==wND1�K�AF0_��Gz̉n~v)�s�җ23��qr�jY@ @9:_�\�pۭo㦠n/�x/:)7X""io'"\v���<2kݫ++c�+p'k͠~�%c"iM^Lv=�4w)�P�xZ@&l\ef(-�@B�^��@w>p1?#߽�,+ꏸ�7lcm�n>[�;u}<_5߷Ck6�'Su}�MgLXV�)pF
#0�ߤ�H=���ŁK�
@O|-ӯ�.h
w;c��i`�Id@*�ZjR3vkvM5�DDK1�QJS�L͗R�0�XT����^9�Q(Fuo*K0s�z!�J1
=4a֭xK_c(�B�&\C�xG�t[-.2f�dof�2��Ф�˗p^Wv$�@�@0�~Y8P"`!�I�؞6F^�$�r�{
ϛՋI�ǤK�4l�%dή�1vk�'�m'SFĹ=�,O�~�f+g�M�/G6@#�
dϽC�!φE1<:,1L��7�M5GЫ�ȅ�`"�9�oє^\'C��΅*˗ X֭2\#�vYzg['l�ylWRۨ+
dHtr�Y��;$y F(2�>^��^���`iB�ЋֽbZ7��%�='ݹ�fs(<:L𞥕\X�g'4WBMxYU7�M&GC϶hL�/l~=c7,�1{+0�_j
괯�ImEn_m΄�xsp��*!نI��]w�jcT��F\�gȌA)`<�\1@
D.WXN�A��}F垓gg_5�b
Gy&"3@tgQl(V� `Nm�%� 1o�)b%:�f*�Z�Oe��[BI<ŗ�|Ny�|XT��,sD��=�>K:[S2U)ւ�_6/gз�ǁ/[ى{KV9j�(�(&�]�a��)JqI�Y_[=$sDr��1ߠ(b/<%����*`>=.�X&"�>6�vo�>Occ�? `�vwjX5�Pŗ-0)�
um+#8�4��>ؼlQ�%��qm�.�c&�u��az:SAW �]��3қT�S1$+nvG�X
g7>��4'كt2`6�3`�܀}olI
��Wsx�R>zQ[`+��슧
�|���0vGĦRC�v/-�G�yJn�S.!�O�3�й?-}b/��;�W�oJ7=Tx%
�%`GY�U`+r
8ǩ=d�hup#��15��VBT�ȟa��t!L/V1?cum�nJQ�uF.Dm�khT[�)*l+�
��/�߉n^Gme�#�X#+��v$6ѿs�a�tX��l�p/>G1G[�0pcz:m�ƫ
q>2�#"�$(jVI�;;A0��&iE-ȣd`C�v�_�<8-��ci���;fcXJ
,�ozԝ'T�S*�4.>ϝ6_٦1s�q993E~�ǚzpP0�U9M�jֺW6x�ozc|�[w0�XjPtP.9͑5'a1�+�=�g-�hǵ"�ۄ!w0ѕDM1F(ͦ,1��f� �Ax���v�4<1�Tz�_E@�G7`yUĔ�f�ٵL\K�nr�m�mcs
Q }�&b�܌aBfb�ȴ���kL%d3�\j��/��YH~.�����9�9�.@OI"cXM1}aEo�|1GƼj�oijx�"~ ��Qvg[]\�NS�=�cDvoo�J�O�~ݽ��C|L˾ŗ5:0�܂aK=�{Ƿ_>Md`yCM`2P�^9d#BO��S�Áj�g��#{|_�%1�ډ|w�/�+H)�~��V%C
. ,fkY90.4J o�?,W3~)�!�jH �qq6]e^ϒ�ÄAP@c�AhcGuAk%���$�.Qߚ&#R2aQ:}U͗2�$�N�W|$Ŏc�ؐ�%�{0$s]_XGX���ש~T
��Gc%:5@Xϗ�@^y�^
oLh?{
^;=1#�PGm>OkeP|�vY1�JZ Jmgd@�Dp&ڮ(W�0Z?>�,\:v3�^oƞ< J�OYM<$|2A %zT:P�\�5n-h�/<-�Ea�3Sgu}Lh��p��dHE�[A= k"T3��{���`s>�ɂ5��EbaOWy��_Fg�F��#3�RIɅk6{:A�/g?7yOL`�.8E�]l+��/Tb
�l:n7�Kے-.�� B�~�5� ��1 '#Y_]8���nOhf=m]su�)L �]مnR7Bl�IJ��|puz.-5@\t;sNodW�eb�&'wvČw$ˮS�fQeě:=mv3<^
D��f�A+ʀ܆2-f�P+Z�
6G�sCz�C��,>(W�S8ǻ͎AR��@�ok)�60
'�2��BA��Prϝ�[ :?'B *�\v�$��ƞMnDʕěN[C(o�ol
Network Security & Hardware 
