- Michael Lynn
-
Michael Thomas Lynn 
Michael Lynn at the Siebel Center at UIUC, 2011Born September 6, 1980
United StatesResidence Illinois Education Mathematics, University of Texas at Austin; Computer Science University of Illinois at Urbana-Champaign Occupation Computer Security Employer Juniper Networks Known for Ciscogate controversy Michael Thomas Lynn (born September 6, 1980) is an American computer security expert currently employed by Juniper Networks and known for his presentation on vulnerabilities in Cisco IOS at Black Hat and the controversy with Cisco Systems that followed. He was formerly an employee of Internet Security Systems (ISS).
Contents
Education
Lynn attended Trinity High School in Euless, Texas, and then attended the University of Texas at Austin, majoring in mathematics. As of 2009, he attends the University of Illinois Urbana-Champaign working on a degree in computer science.
Cisco controversy
Lynn came to widespread attention in July 2005 following a controversy, informally known as "Ciscogate", that resulted from his research into a major security vulnerability of Cisco IOS, the operating system used on Cisco Systems routers and other networking equipment. The vulnerability concerned IOS' handling of IPv6 packets and whether or not the problem could allow the routers to be exploited remotely. Although Cisco had originally discovered and fixed the flaw in April 2005, they did not inform their users of the true nature or severity of the problem.
Lynn was originally scheduled to present his findings at the Black Hat conference on July 27, 2005. The presentation had been originally approved by his employer ISS, and did not mention details of any vulnerability. It instead focused on the fact that vulnerabilities in IOS could be exploited, similar to other computer systems.
Despite the fact that Lynn had taken considerable care to remove as much technical detail as possible from his presentation, in order to make it more difficult for criminals to duplicate his work, Cisco and then later ISS objected to the talk, and threatened legal action just hours before the conference. The Black Hat organizers therefore allowed a team hired by Cisco to remove the relevant sections out of all conference materials, a short video of which was soon circulated on the internet.[1]
Lynn was warned by Black Hat not to give his speech and promised the organizers not to. He ostensibly[2] started an alternative talk on VoIP, which was met by booing from the audience. Lynn delivered his previously scheduled presentation despite the implications, bringing him international media attention. Though there have been conflicting reports over the timing and nature of Lynn's departure from his employer ISS,[3] Lynn was told by ISS that he would be fired if he made his original presentation. Lynn then resigned voluntarily approximately one hour prior to delivering the original presentation as he had intended. Lynn ended the talk by asking about possibilities for new employment from the audience. He was hired by Juniper Networks a few months later.[4][5]
Lynn was initially represented at the conference by noted Cyber law attorney Jennifer Granick. The lawsuit filed by Cisco and ISS was settled with a permanent injunction upon both Lynn and Black Hat against further disclosure of information on the exploit.[6]
At the 2006 Black Hat event, Mike Lynn was invited by Cisco to attend the after Blackhat Party at PURE located inside Caesars Palace. Media reports that Mike "crashed" the party by social engineering the host are in dispute.[7][8]
References
- ^ http://www.makezine.com/blog/archive/2005/08/video_of_ciscoi.html
- ^ http://news.zdnet.co.uk/internet/security/0,39020375,39211011,00.htm
- ^ Schneier, Bruce (29 July 2005). "Cisco Harasses Security Researcher". http://www.schneier.com/blog/archives/2005/07/cisco_harasses.html. Retrieved 4 August 2011.
- ^ Kim Zetter (2009-06-30). "ATM Vendor Halts Researcher’s Talk on Vulnerability". Wired. http://www.wired.com/threatlevel/2009/06/atm-vendor-halts-talk/. Retrieved 2009-07-12.
- ^ Robert McMillan (2005-11-07). "Juniper hires former ISS researcher Michael Lynn". Computerworld. http://www.computerworld.com/networkingtopics/networking/story/0,10801,105992,00.html. Retrieved 2009-07-12.
- ^ http://newsroom.cisco.com/dlls/2005/corp_072805.html
- ^ http://blogs.securiteam.com/index.php/archives/536
- ^ http://www.networkworld.com/community/?q=node/6569
External links
- Cisco acts to silence researcher - BBC News story (July 28, 2005)
- Researcher Resigns Over New Cisco Router Flaw - Slashdot story (July 28, 2005)
- Lynn Settles With Cisco, Investigated By FBI - Slashdot story (July 29, 2005)
- Router Flaw Is a Ticking Bomb - interviewed by Kim Zetter for Wired News (August 1, 2005)
- An Insider's View of 'Ciscogate' - Jennifer Granick on the Cisco controversy (August 5, 2005)
- Exploiting Cisco with FX - technical interview about Lynn's exploit and what can be done when attacking IOS (August 31, 2005)
- Abaddon's blog at MemeStreams
- [1] Cisco announcement of vulnerability that Lynn discovered
Categories:- 1980 births
- Living people
- People associated with computer security
- People from the Dallas – Fort Worth Metroplex
Wikimedia Foundation. 2010.
