Michael Lynn, a former Internet Security Systems researcher, and the Black Hat organisers agreed to a permanent injunction barring them from further discussing the presentation Lynn gave on Wednesday. The presentation showed how attackers could take over Cisco routers, a problem that Lynn said could bring the Internet to its knees.
The injunction also requires Lynn to return any materials and disassembled code related to Cisco, according to a copy of the injunction, which was filed in US District Court for the District of Northern California. The injunction was agreed on by attorneys for Lynn, Black Hat, ISS and Cisco.
Lynn is also forbidden to make any further presentations at the Black Hat event, which ends Thursday, or the following Defcon event. Additionally, Lynn and Black Hat have agreed never to disseminate a video made of Lynn's presentation and to deliver to Cisco any video recording made of Lynn.
In the first news conference of his life, Lynn on Thursday said that despite all the legal wrangling he faced during the past day and a half, demonstrating an attack on Cisco's router software was the right thing to do.
"I think I did the right thing. It was pretty scary, but the real important thing was there was the potential of serious problem," Lynn said. "I did not think the nation's interest was served by waiting another year when a router worm would be a serious threat."
In his presentation Wednesday, Lynn outlined how to attack Cisco's Internetwork Operating System to gain control over the router running IOS. Cisco routers make up the infrastructure of the Internet. A widespread attack could badly hurt the Internet, according to experts attending Black Hat.
Lynn quit his job as a researcher at ISS to deliver the presentation after ISS had decided to pull the session. Notes on the vulnerability and the talk, "The Holy Grail: Cisco IOS Shellcode and Remote Execution," were removed from the conference proceedings by Cisco, leaving a gap in the thick book.
After the talk, Lynn retained attorney Jennifer Granick in the face of legal action by his former employer ISS and Cisco. Granick is the executive director of the Stanford Law School Centre for Internet and Society.
"Without her help I would be in some really serious trouble," Lynn said Thursday.
Cisco said in a statement Thursday that it is "gratified" by the agreed injunction. It prevents further discloser of information that could help create an attack on critical network infrastructure, the San Jose, Calif., networking giant said in a statement.
"It is Cisco's opinion that the method Mr. Lynn and Black Hat chose to disseminate this information was not in the best interest of protecting the Internet," Cisco said.
Cisco plans to release a security advisory on the issue within the next day, it said.
So just put Cisco on your list of bad corporations and do no more business with them. Adobe is already on my list. So is Microsoft. Companies that abuse their station do not get my business.