Cisco IOS Hacker Finds Work at Juniper

Updated: Security researcher Michael Lynn, made famous for exposing a major hole in Cisco's software, is now employed at Cisco rival, Juniper.

Michael Lynn, the security researcher who made international headlines in July for blowing the whistle about a major hole in Cisco Systems Inc.s software, has found employment at Ciscos chief rival, Juniper Networks Inc.

A Juniper spokesman confirmed that Lynn works for the Sunnyvale, California, networking equipment maker, three months after he lost his job as a researcher at Internet Security Systems Inc. when he disregarded company requests to spike a presentation at the Black Hat Briefings Conference in Las Vegas about vulnerability in Ciscos IOS (Internetwork Operating System).

Cisco issued a patch for the hole Lynn discovered on Wednesday.

Cisco did not respond to requests for comment in time for this story. An ISS spokesman said the company had "nothing to add" to the story.

Lynn was the subject of intense media attention and a lawsuit after his planned discussion of the vulnerability IOS at Black Hat, an annual hacker convention, turned into a stand-off between Cisco, Lynn and show organizers.

Initially, Cisco forced conference organizers to physically remove notes on the IOS hole from conference proceedings and convinced Lynns employer ISS to cancel the talk.

Lynn agreed with the plan, then abruptly changed his mind, and resigned his position at ISS and presented information on the hole to a rapt audience.

Lynns talk prompted Cisco and ISS to get a California court to issue an injunction and temporary restraining order against Lynn and Black Hat Inc., demanding that Lynn and Black Hat stop disseminating information on the IOS hole, which Cisco alleged was illegally obtained.

/zimages/2/28571.gifCisco patches Black Hat IOS flaw. Click here to read more.

Lynn, Cisco and ISS reached an agreement shortly after the talk, with Lynn promising never to discuss the hole or present at Black Hat again, and to return all research materials relating to the hole to Cisco. Lynn then disappeared from view.

In its patch Wednesday, Cisco acknowledged that IOS was vulnerable to what are known as heap-based overflows, in which portions of memory on Cisco routers are overwritten with malicious code.

While Lynns defiance of Cisco and ISS made him a folk hero within the hacking and security researcher community, many speculated that he could have trouble finding work, especially at security research companies like ISS that emphasize confidentiality.

With Lynn now gainfully employed at Juniper, those concerns turn out to be unfounded.

A company spokesman declined to say what Lynns job was, or how long he had been working at the company, citing a company policy not to discuss individual roles and responsibilities.

Bruce Schneier, founder and CTO of CounterPane Security Inc., said that Juniper may have picked the right man for the job, even if Lynn is a former hacker.

"Smart companies hire the best person for a job," said Schneier. "Sometimes the best person for the job is a former hacker. And sometimes the best person for a job is someone who stood up for whats right against some pretty big companies."

Editors Note: This story was updated to include analyst comments.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.