Editor’s note: Internet Security Systems issued a statement Friday following the granting of an injunction against further release of the Cisco security discussion at the Black Hat conference in Las Vegas. A Federal Court granted the injunction.
ATLANTA -Internet Security Systems (Friday) announced the company has been granted a permanent injunction against former employee, Michael Lynn, and the Black Hat conference organization. ISS sought the injunction following Lynn’s unauthorized presentation of ISS intellectual property, research that he obtained while employed by ISS. The research was presented on July 27, 2005 at the Black Hat USA conference after Lynn had tendered his resignation.
The injunction, issued (Thursday) by the US District Court in San Francisco, bars both Lynn and Black Hat from disseminating, in any form, the presentation given at the conference. It also forbids Lynn from making further use of, or disclosing, any of the research contained in the presentation. Prior to the start of the conference, Lynn had informed the Black Hat organizers that he would not be presenting at the show because ISS determined that further research needed to be conducted on the topic to be presented.
ISS believes this permanent injunction will be effective in preventing further misappropriation of ISS’ proprietary research. The information presented by Lynn was not a disclosure of a new vulnerability or flaw with the Cisco IOS software but a description of possible ways to expand exploitations of known security vulnerabilities affecting Cisco’s routers.
ISS provides protection for these Cisco IOS vulnerabilities, and recommends that all customers apply applicable ISS product updates. These updates from ISS have been available to customers since January of this year and are available from the ISS Download Center at: www.iss.net/downloard
Cisco customers should take steps to ensure that the latest Cisco IOS updates are applied to all Cisco devices. Information on Cisco vulnerability advisories can be found at: www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml