November 9, 2005 - Implications of the Lynn Cisco Research, and Moving Forward
by Jeff Moss
Did you notice that the original issue of the Black Page is missing? I removed it at the request of Mike Lynn and ISS when they were sorting out what Mike's presentation was going to include. It was getting close to the show, and I was getting conflicting signals from ISS. A common theme we will see in this saga.
In general, though, our security community is very good at sharing information, maybe the very best. This is an important skill, especially in today's times. It was like trying to put a genie back in the bottle. Pandora's box was open, and everyone wanted a look.
This update to the BlackPage will catch us up with what has happened in the ISS and Cisco vs. Mike Lynn and Black Hat case, and I hope to set the record straight. I have also asked for comment from other security experts, and that will be included as separate BlackPage entries.
First off it is important to understand that the mission of the Black Hat Briefings is to provide the most up-to-date and vendor neutral information needed to improve security of our applications and networks. If content is neutered, how can we make informed decisions on what the risks are? Unbiased information is the most valuable and I believe that is one reason why Mike ultimately dropped his back-up speech on VoIP security issues and gave his presentation, despite all odds.
I have been dealing with lawyers for over three months since the stipulated permanent injunction was filed hours before the conference started. Now the legal battles have come to an end for Black Hat, Cisco and ISS. After acquiring and forensically wiping all information from Black Hat regarding Michael Lynn and his presentation as required by Judge White, Cisco and ISS have finally dismissed its lawsuit against Black Hat. Mike is at an end of the civil matters as well. I think the song Attorney Kurt Opsahl from the EFF wrote must have worked!
The legal landmines have been deactivated, and the money purge has stopped. While Black Hat is still under a Permanent Restraining Order to not disseminate video of Mike's presentation or to spread his presentation material containing proprietary Cisco source, I can live with that because we no longer have any copies. I couldn't violate the terms if I tried. Looking on the bright side, if that is possible, it was a very interesting learning experience for all involved. The Cisco lawyers were very professional and all about getting down to business. If lawyers are a form of the modern day warrior, then my Cisco opponents behaved honorably. I plan to write about some of the business lessons learned in a future BlackPage entry.
Black Hat has and always will bring new research to those defending digital information. The security community wont be easily intimidated, and Black Hat will continue to act as a platform for the security community for years to come.
However, the larger issue of this episode is not about Black Hat. It is about the industry and the state of the global infrastructure. The actions of the ISS and Cisco lawyers has had a profound impact on the security research community. Their actions reverberate beyond that of Black Hat and Michael Lynn, and impact security researchers worldwide, and more importantly, the security surrounding the infrastructure and the customers of insecure technology worldwide.
What happens next? It is important to start with the correct facts, then move forward. The security community can always look to Black Hat for straight information, and here are some important facts:
Now that we are all on the same page, let's move forward and try to fix the larger issue surrounding security research. The security research disclosure loop is broken, and has been for years. Security researchers and corporations need to work together better or this story will happen over and over. Here are a few ideas on how to make this happen:
I've been asked if Black Hat plans to do anything differently in the future because of this episode. My answer is an absolute no. It will be business as usual for Black Hat and the way we select speakers. I see no viable alternative. Am I to have people waiting at the edge of each stage with a hook to snag a presenter off stage the second they deviate from their printed materials? What if they dodge?
Look to upcoming issues of the Black Page to further discuss this topic. I am inviting experts I respect to contribute, including Michael Lynn, Linton Wells, Raven Alder, Jennifer Granick, Paul Proctor, and others.
Some of the latest “solutions” to common security problems are proving to hurt as much as they help, if you blindly trust them. The consequences of this blind trust are the focus of this BlackPage. In this issue, we take a look at two countermeasures that could work against you. David Maynor shares his findings on the ineffectiveness of highly regarded buffer overflow solution implemented in the latest “secure” CPUs. Alex Wheeler, Mr. Anti-Anti-Anti Virus, focuses on the world’s largest mandated security countermeasure revealing that an A/V client could be your biggest hole... read more
Blackmail and Bribery War Stories
Bribery and blackmail are two great ways to get what you want. This is probably why the techniques are highly regarded and often used by governments and crime rings throughout the world. If you’re had the pleasure of meeting Bob Morris, you know the NSA has given him more than enough stories to tell. Also on today’s Black Page, Renaud Bidou will take you the front lines of a 48-hour digital blackmail battle... read more
The Black Page is always looking for concise and interesting comments from researchers and experts about issues that affect the security community. Contact us here to learn more about submission rules