Re: Lynn / Cisco shellcode

[Michael J Freeman <mfreeman451 () yahoo com>]

I don't think I can agree with you that he will be
getting a whole lot of job offers. Was he under an NDA
or not? If he was, why would anyone want someone that
cannot follow simple rules? Rules are rules, period. 


--- Alex Stamos <alex () stamos org> wrote:

> Word on the street (or dingy 60's style carpet?) is
> that...
>
> a) The lawyers for Lynn/Cisco/ISS were working out a
> deal this morning 
> that would protect him from being sued, but that
> would prevent him from 
> ever talking about his findings or performing more
> research on Cisco 
> equipment EVER again. 
>
> b) ISS has been working with Cisco on this issue for
> 6 months, and Cisco 
> has been fine with the content for the majority of
> that time, and even 
> approved the slide deck he sent to BH.  Two or three
> weeks ago, the 
> Department of Homeland Security called Cisco and
> asked for the research 
> to be squashed, and that this decision was made at
> the John Chambers-ish 
> level.  ISS agreed quickly with Cisco (perhaps due
> to their large number 
> of Gov contracts) but there were some negotiations
> over what to do.  
> Apparently, Lynn made the decision to talk at the
> last minute, and 
> totally surprised ISS.
>
> Take it with a grain of salt, but that's what I
> heard from some 
> plugged-in people.
>
> My take:
>
> Winners in this saga:
>     Jeff Moss -  The complaints that BlackHat is
> getting too corporate 
> and boring should be less loud.  Plus, the word
> BlackHat is on the front 
> page of WashingtonPost.com.
>     Lynn? - Like Dan Geer, he went down in a
> spectacular style that 
> guaranteed him 50 more job offers.
>
> Losers:
>     Cisco - The words Cisco and censorship are also
> on a lot of news 
> pages.  They might be trying to clean things up PR
> wise, but their 
> initial over-reaction will make people think twice
> about responsible 
> disclosure with Cisco forever.  Better to just
> release it on IRC/SILC 
> than get sued. 
>     ISS - Those bastards burned their own employee. 
> Even if they had 
> some justification, they might as well buy the ISS
> recruiter that I've 
> seen walking around a ticket back to Atlanta.
>     Lynn? - If the deal rumor is true, his ability
> to do his job might 
> be massively impacted.  I feel for the guy, but some
> people will think 
> he sold out.  Plus, it's never fun to be threated by
> a multi-billion 
> dollar multinational.
>
>    -Alex
>
>
>
>
>
> ET LoWNOISE wrote:
>
> > I dont know but this issue isnt something like
> someone sending an email to 
> > everybody with propietary information. Even the
> bh-usa-05-speakers list 
> > specified what Lynn was going to do.
> >
> > "Michael Lynn will provide an 
> > architectural overview of IOS and explore the
> feasibility of code 
> > execution against Cisco routers."
> >
> > This things are not published and prepared one day
> before the conference, 
> > its hard to think that ISS didnt have a clue about
> what was going to 
> > happen. 
> >
> >
> >
> > On Thu, 28 Jul 2005, Steve Lord wrote:
> >
> >  
> >
> > > Mordy Ovits wrote:
> > >
> > >    
> > >
> > > > On Thursday 28 July 2005 09:14 am, Thor Larholm
> wrote:
> > > >      
> > > >
> > > > > While Lynn worked at ISS he was doing a source
> code analysis for
> > > > > Cisco.
> > > > >   
> > > > >
> > > > >        
> > > > If that's true, than the biggest loser in this
> incident is ISS.  Lynn 
> > > > may suffer, but ISS is ruined.
> > > >
> > > > Mordy
> > > >
> > > >
> > > >      
> > > I'm not sure I agree with that last sentence
> Mordy. Depending upon how 
> > > they handle it they may never see Cisco again, but
> there's a world of 
> > > difference between X-Force losing major clients
> and ISS worldwide going 
> > > down the pan, at least that's how I see it (not
> that I'd shed a tear for 
> > > ISS if they did go down the pan, but that's beside
> the point).
> > > If ISS were doing a source code analysis, I do
> hope they have the right 
> > > to sue the bejesus out of the guy. I'd also
> suggest that Cisco point the 
> > > finger at ISS, rather than Lynn as he was under
> ISS's employ at the time 
> > > he wrote the talk, even though he wasn't when he
> gave it and ultimately 
> > > ISS is liable for his breach of NDA.
> > >
> > > However, if this turns into a DMCA job or a wacky
> piracy/terrorist-type 
> > > criminal issue, it just gives me another reason
> not to return to the 
> > > U.S. and remain in my undersea lair with my
> home-grown PVR, open-source 
> > > systems and TOR-ified tin-foil-covered Internet
> connection ;)
> > > Steve
> > > _______________________________________________
> > > Dailydave mailing list
> > > Dailydave () lists immunitysec com
>
> > https://lists.immunitysec.com/mailman/listinfo/dailydave
> > >    
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave () lists immunitysec com
>
> https://lists.immunitysec.com/mailman/listinfo/dailydave
> >  
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
>


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave