An ex security researcher has agreed not to divulge information on flaws he found in Cisco System's routers. Mr Lynn was to have presented his findings at the Black Hat conference, but the settlement now prevents this:
LAS VEGAS--The dispute over a presentation on hacking Cisco Systems' router software at the Black Hat security confab culminated in a legal settlement Thursday.
Michael Lynn, a former Internet Security Systems researcher, and the Black Hat organisers agreed to a permanent injunction barring them from further discussing the presentation Lynn gave Wednesday. The presentation showed how attackers could take over Cisco routers, a problem that Lynn said could bring the Internet to its knees.
The injunction also requires Lynn to return any materials and disassembled code related to Cisco, according to a copy of the injunction, which was filed in U.S. District Court for the District of Northern California. The injunction was agreed on by attorneys for Lynn, Black Hat, ISS and Cisco.
Lynn is also forbidden to make any further presentations at the Black Hat event, which ends Thursday, or the following Defcon event. Additionally, Lynn and Black Hat have agreed never to disseminate a video made of Lynn's presentation and to deliver to Cisco any video recording made of Lynn.
More from news.com
here.
This will re-ignite the debate over whether such flaws - be it in router code, Internet browsers or other software - should be made public, so that people are forewarned of the issues, or should it all be kept under wraps, so the naer-do-wells can't exploit it?
Let us know your view on the matter in the news forums
here.
Want to comment? Please log in.