Friday, July 29, 2005

Mike Lynn Presentation Online

Rick Forno has posted a .pdf of Mike Lynn's presentation. So much for the removal of pages from the Black Hat books by Cisco goons! This is a pathetic charade that public relations personnel and lawyers should study in the future. Cisco and ISS have handled this in exactly the wrong way. Did they ever think they could supress information at a hacker convention, of all places? Bruce Schneier has weighed in as well:

"Despite their thuggish behavior, this has been a public-relations disaster for Cisco. Now it doesn't matter what they say -- we won't believe them. We know that the public-relations department handles their security vulnerabilities, and not the engineering department. We know that they think squelching information and muzzling researchers is more important than informing the public. They could have shown that they put their customers first, but instead they demonstrated that short-sighted corporate interests are more important than being a responsible corporate citizen."

One of the comments on Bruce's blog says

"Mike's roommate just let me know that the FBI is investigating Mike and is currently seizing his stuff. Also, no one has any information on his whereabouts.

Posted by: jim at July 29, 2005 10:29 AM"

Update: FBI involvement confirmed: Wired reports Whistleblower Faces FBI Probe:

"The FBI is investigating a computer security researcher for criminal conduct after he revealed that critical systems supporting the internet and many networks have a serious software flaw that could allow someone to crash or take control of the routers.

Mike Lynn, a former researcher at Internet Security Systems, said he was tipped off late Thursday night that the FBI was investigating him for violating trade secrets belonging to his former employer, ISS...

Lynn's lawyer, Jennifer Granick, confirmed that the FBI told her it was investigating her client.

Granick said, however, that she thought the agency was simply following through on a complaint it received when Cisco and ISS filed their lawsuit against Lynn and that it didn't come after her client reached his settlement. She didn't know the nature of the complaint but said it was probably something to do with intellectual property and that it most likely came from Cisco or ISS.

'The investigation has to do with the presentation,' she said, 'but what crime that could possibly be is unknown because they haven’t found any (evidence against him).'

She hadn't spoken with the U.S. attorney in charge of the investigation but said she thought it was possible that the investigation would wind down soon for lack of evidence, now that Lynn had reached an agreement with Cisco and ISS.

'There's no arrest warrant for (Lynn) and there are no charges filed and no case pending,' Granick said. 'There may never be. But they got a complaint and as a result they were doing some investigation.'
Lynn said that if the case was not dropped, he thought it unlikely that the FBI would try to arrest him this weekend.

'I think they got burned with the Dmitry Sklyarov case,' he said."


J_Kenpo said...

You know, after looking at the presentation, Id have to say thats a little grey area...

None of the information here is really new, everyone has known about buffer overflows and pointer manipulation for the longest time. The example of this->prev->next = this->next did not make sense, guess I would have had to hear the presentation to know what he was talking about there :). The only questionable material was the dissasembled code displayed during the presentation.

edizzle said...

Problem is that the info is probably legally ISS intellectual property. I'm sure he signed something when hired and/or discovered the information on company time or something. Props to Mike Lynn for not being a corporate monkey but I hope ISS doesn't legally beat him up too bad.