RESEARCH TRIANGLE PARK — Cisco Systems and Internet Security Systems filed a restraining order and settled a dispute against a former ISS worker who quit the company in a highly publicized Las Vegas strip showdown over a report challenging Cisco router security.

Michael Lynn, a researcher at Atlanta-based ISS, walked away from his ISS job and went ahead to deliver his speech warning about a “digital pearl harbor” at the Black Hat security conference in Las Vegas earleir this.

The dispute over Lynn’s remarks generated a ton of publicity, including words such as “squelch” and “hits back” being used to describe Cisco’s efforts.

“They are going to sue me, and lawyers are probably waiting outside,” Lynn was quoted as saying by media reports.

Lynn claimed that hacker bulletin boards in China had reported ways to crack Cisco code and that Cisco code had been stolen at least twice.

When Cisco and ISS tried to block Lynn from giving his presentation, he quit and proceeded to hand out copies of his talk, The Associated Press and NewsFactor reported.

“Cisco believes the information that Mr. Lynn presented at the Black Hat Conference yesterday contains Cisco intellectual property and was illegally obtained,” John Noh, a Cisco spokesman, said in an internetnews.com report.

Cisco and ISS later reached a settlement with Lynn under which he agreed to not repeat the presentation he made and to return any Cisco source code he had, The AP reported.

The conference organizers also agreed to return any video of Lynn’s presentation, The AP added.

A Cisco spokesperson told The AP that the routing giant was scheduled to be on stage with Lynn at the conference but backed out when ISS and Cisco sought to submit a changed presentation. AP technology writer Matthew Fordahl also reported that Cisco hired “workers” to “yank related pages from handouts and substitute conference CDs”.

Both Cisco and ISS said Lynn’s research was “premature”. Angela Frechette, an ISS spokeswoman, said more research needed to be done, according to internetnews.com.

ISS Chief Technology Officer Chris Rouland also told The AP that ISS agreed with Cisco that the research was “premature”. He said Cisco did not pressure ISS.

“The research is very important, and the underlying work is important, but we need to work with Cisco to determine the full impact,” Rouland added, according to Cnet.com.

A conference spokesman told The AP that Lynn’s presentation had been “vetted” by ISS but last week ISS had a “total about-face” on the matter.

A Worm-Based ‘Pearl Harbor’?

“Cisco has never told anybody that it was possible to take over one of their routers,” Lynn told the AP. “They fought that argument for a long time. You can see how far they’re willing to go. I demonstrated it live on stage. That debate is over now.”

Lynn said he felt he had an obligation to issue his warning.

“Not to sensationalize, but it would be the digital Pearl Harbor we’ve heard about,” Lynn told The AP. “I felt it was the right thing to do for the country and for the national critical infrastructure.”

According to NewsFactor, Lynn said a “worm” could be created to knock down Internet routers because Cisco source code had been stolen. (For a report of the hacking, see: www.internetnews.com/ent-news/article.php/3354851 )

“Cisco has never told anybody that it was possible to take over one of their routers,” Lynn told The AP. “They fought that argument for a long time. You can see how far they’re willing to go. I demonstrated it live on stage. That debate is over now.”

ISS workers, including Lynn, discovered a way to manipulate Cisco routers in April. Cisco issued a patch. Cisco later issued statements reported by The AP that said Lynn’s research “was presented prematurely and did not follow proper industry disclosure rules.”

“It is Cisco’s opinion that the method Mr. Lynn and Black Hat chose to disseminate this information was not in the best interest of protecting the Internet,” Cisco added in a statement once an agreement had been reached with Lynn.

ISS Chief Technology Officer Chris Rouland also told The AP that ISS agreed with Cisco that the research was “premature”. He said Cisco did not pressure ISS.

A conference spokesman told The AP that Lynn’s presentation had been “vetted” by ISS but last week ISS had a “total about-face” on the matter.

ISS Questions Cisco VoIP

ISS has been critical of Cisco on another big issues earlier this month.

“Internet Security Systems Discovers Critical Flaws in VoIP Infrastructure,” proclaimed a headline on a press release.

“Internet Security Systems — announced it has provided protection for flaws the company discovered in VoIP technology offered by Cisco, one of the top players in the space,” ISS said on July 13. “VoIP is a fast-growing, easy-to-use technology that allows users to make cost-effective phone calls over the Internet, instead of transmitting calls over traditional telephone lines.” (For the full text of ISS’s comments, see: www.iss.net/issEn/delivery/prdetail.jsp?type=&oid=28097 ).

The entire matter led at least one researcher to criticize Cisco’s maneuvers.

“Cisco could have and should have handled this better, especially since they knew about the vulnerability well in advance and they knew Mr. Lynn was scheduled to speak about it in this conference,” said F-Secure researcher Mikko Hypponen.

Links to other coverage:

For Cnet’s coverage of the story, see: news.com.com/Cisco+hits+back+at+flaw+researcher/2100-1002-5807551.html?part=dht&tag=ntop&tag=nl.e703

For internetnews.com’s coverage of the story, see: www.internetnews.com/security/article.php/3523731

For The AP report, see: biz.yahoo.com/ap/050728/cisco_security_crackdown.html?.v=6
______________________________________________________________________________________

Note: Due to editing problemms, some paragraphs were duplicated in an earlier version of this story.

Rick Smith is managing editor of Local Tech Wire.