MemeStreams | MemeStreams Discussion

Create an Account

This page contains all of the posts and discussion on MemeStreams referencing the following web page: Cisco, Security Researcher Settle Dispute. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Cisco, Security Researcher Settle Dispute by ryan is the supernicety at 7:43 pm EDT, Jul 28, 2005
Looks like they have reached a settlement, according to the AP.
Link - Reply

Abaddon and the Lawyers of Cisco (spoiler)
by Dagmar at 8:14 pm EDT, Jul 28, 2005

Well, damn. Just damn.

Even after presenting this information in front of a few thousand highly skilled and trusted security professionals (let's face it, if you can get your office to shell out $1,500 to attend BlackHat Briefings, they pretty much must trust you) Cisco's lawyers are _still_ trying to spin this as if Abaddon's exploit technique were not "mature enough" and that he "did not follow proper industry disclosure rules".

Oh yes, and the link mentions that the settlement of the suit they slapped him with (in bloody record time!) requires him to _never_ repeat what he spoke of at BlackHat. So much for the tradition of having PDFs of everyone's presentations available, and so much for anyone outside of that conference room being able get straightforward details on what is a _very_ serious matter that IT professionals should damn well know about.

That, in a word, is _bullshit_. Abaddon has been doing his due diligence and then some on this issue for _months_. There is absolutely nothing that they could possibly say he didn't do. He talked with the FBI, the DHS (Department of Homeland Security), Cisco themselves (he even went to San Jose personally to tell them about it) and did his damnedest to make sure absolutely everyone involved knew the exact scope of the problem.

Cisco gives in to Mike Lynn by Rattle at 8:16 pm EDT, Jul 28, 2005
Cisco Systems Inc. and a network security firm reached a settlement Thursday with a researcher who quit his job so he could deliver a speech on a serious flaw in Cisco software that routes data over the Internet. He also must return any proprietary Cisco source code in his possession. "The purpose of doing this presentation was to prevent a worm from being made," he said. He also said he decided to defy his employer because Cisco's operating system source code had been stolen and posted on a hacker Web site. Additionally, Lynn said, he has seen discussions of Cisco vulnerabilities posted on Web sites for Chinese hackers. "Cisco has never told anybody that it was possible to take over one of their routers," Lynn said. "They fought that argument for a long time. You can see how far they're willing to go. I demonstrated it live on stage. That debate is over now."
Link - Reply

Settlement between Mike Lynn and Cisco
by skullaria at 11:08 pm EDT, Jul 29, 2005

Looks like they have reached a settlement, according to the AP.

Another company trying to shut someone up.

There is a redundant post from Dr. Nanochick not displayed in this view.