Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cisco 'Cover Up' Ignites Black Hat Controversy

A deal between Cisco and Internet Security Systems to pull a talk about Cisco vulnerabilities at the Black Hat conference in Las Vegas Wednesday has attendees crying cover up and led to the resignation of a prominent researcher.

Security experts view Black Hat as the premier event to discuss and explore Internet vulnerabilities. At this year’s event, Michael Lynn, a member of ISS’ X-Force R&D team, gave a talk Wednesday on vulnerabilities in Cisco’s IOS, but he did so only after resigning from ISS, according to a company spokesperson.

In the conference agenda, Lynn’s presentation was billed as an exploration of the feasibility of code execution against Cisco routers. Cisco’s IOS, the operating system that runs the San Jose, Calif.-based networking giant’s routers, has been perceived as impervious to remote execution of arbitrary code from stack and heap overflows, the agenda said.

Buzz of the controversy first started when attendees arrived at the conference to find Lynn’s 30-page presentation ripped from the conference materials. Despite the conference materials being removed, Lynn delivered the talk unchanged, said an ISS spokesperson.

Cisco Systems and ISS came to an agreement to cancel the talk and remove the presentation from the conference materials, the companies said. A Cisco spokesperson added that there was no "cover up" of new vulnerabilities. Cisco and ISS plan to research the vulnerabilities further and disclose them in the proper forum at a later date, the spokesperson said.

  • 1