Michael Lynn

Michael Thomas Lynn (born September 6, 1980) is an American computer security expert currently employed by Juniper Networks. Lynn graduated from Trinity High School in Euless, Texas, and then attended the University of Texas at Austin, majoring in mathematics. He was formerly an employee of Internet Security Systems (ISS).

Cisco controversy

Lynn came to widespread attention in July 2005 following a controversy, informally known as "Ciscogate", that resulted from his research into a major security vulnerability of Cisco IOS, the operating system used on Cisco Systems routers and other networking equipment. The vulnerability concerned IOS' handling of IPv6 packets and whether or not the problem could allow the routers to be exploited remotely. Although Cisco had originally discovered and fixed the flaw in April 2005, they did not inform their users of the true nature or severity of the problem. Lynn was originally scheduled to present his findings at the Black Hat conference on July 27, 2005. The presentation had been originally approved by his employer ISS, and did not mention details of any vulnerability. It instead focused on the fact that vulnerabilities in IOS could be exploited, similar to other computer systems. Despite the fact that Lynn had taken considerable care to remove as much technical detail as possible from his presentation, in order to make it more difficult for criminals to duplicate his work, Cisco and then later ISS objected to the talk, and threatened legal action just hours before the conference. The Black Hat organizers therefore allowed a team hired by Cisco to remove the relevant sections out of all conference materials, a short video of which was soon circulated on the internet.[1] Lynn was warned by Black Hat not to give his speech and promised the organizers not to. He ostensibly [2] started an alternative talk on VoIP, which was met by booing from the audience. Lynn delivered his previously scheduled presentation despite the implications, bringing him international media attention. Though there have been conflicting reports over the timing and nature of Lynn's departure from his employer ISS [3], Lynn was told by ISS that he would be fired if he made his original presentation. Lynn then resigned voluntarily approximately one hour prior to delivering the original presentation as he had intended. Lynn was initially represented at the conference by noted Cyber law attorney Jennifer Granick. The lawsuit filed by Cisco and ISS was settled with a permanent injunction upon both Lynn and Black Hat against further disclosure of information on the exploit.[4] At the 2006 Black Hat event, Mike Lynn was invited by Cisco to attend the after Blackhat Party at PURE located inside Caesars Palace. Media reports that Mike "crashed" the party by social engineering the host are in dispute. [5] [6]

References

• Cisco acts to silence researcher - BBC News story (July 28, 2005)
• Researcher Resigns Over New Cisco Router Flaw - Slashdot story (July 28, 2005)
• Lynn Settles With Cisco, Investigated By FBI - Slashdot story (July 29, 2005)
• Router Flaw Is a Ticking Bomb - interviewed by Kim Zetter for Wired News (August 1, 2005)
• Juniper hires former ISS researcher Michael Lynn - by Robert McMillan (November 7, 2005)
• An Insider's View of 'Ciscogate' - Jennifer Granick on the Cisco controversy (August 5, 2005)
• Exploiting Cisco with FX - technical interview about Lynn's exploit and what can be done when attacking IOS (August 31, 2005)

External links

• Abaddon's blog at MemeStreams
• [7] Cisco announcement of vulnerability that Lynn discovered