Boing Boing: Michael Lynn's controversial Cisco security presentation

Mailman List Mirror (Read Only)
1

Over on Boing Boing:

[snip]

Here's a PDF that purports to be Michael Lynn's presentation on Cisco's critical vulnerabilities ("The Holy Grail: Cisco IOS Shellcode And Exploitation Techniques"), delivered at last week's Black Hat conference. Lynn's employer, ISS, wouldn't let him deliver the talk (they'd been leant on by Cisco), so Lynn quit his job, walked onstage and delivered it anyway. (See yesterday's post and Scheneier's take for more). 1.9MB PDF Link

[snip]

http://www.boingboing.net/2005/07/29/michael_lynns_contro.html

I think these guys better prepare for the "slashdot effect"...

:slight_smile:

- ferg

2

The guys at cryptome.org have a long history of archiving documents that others in the business have found to be embarrassing, such as the CyberPatrol stuff. They have an archive of Lynn's PDF at <http://cryptome.org/lynn-cisco.zip>. Personally, I'd trust their version a lot more than BoingBoing.

  I'm sure that lots of other mirrors will now pop up, too.

3

BTW, the original slides are supposed to be at <http://www.infowarrior.org/users/rforno/lynn-cisco.pdf>. However, what's there now is currently a place-holder, although it does tell you that if you're looking for the original PDF file that you can still access that at <http://www.infowarrior.org/users/rforno/lynn-cisco1.pdf>.

  All three of the copies of the slides I've downloaded so far have the same MD-5 hash, namely 559942447c88086fa1304c38f9d0242c. I'll try to dig up some SHA-1, SHA-1, and SHA-256 implementations to compare/contrast the different files.

4

The PDFs at infowarrior.org have been replaced with a letter from ISS's
lawyers requesting the paper be removed (with the attached Injunction).

I guess it means we are all safe now.

5

I guess at this point ISS realizes their reputation is so deep in the
shitter that nothing they do could make it worse.

-Dan

6

Give it a week. :slight_smile:

(It's obvious that the people calling the shots in this circus have either
never heard of "Skylarov", "deCSS", or "@Stake/Dan Geer", or have decided to
out-do those. In either case, I'm willing to bet a large pizza with everything
on it that Monday morning will bring a whole new set of PR miscues into play.. :wink:

ObNANOG: the PDF now up on infowarrior also includes:

"Defendant Michael Lynn shall also:

13. Identify any websites (if any) 1) where he posted directly or indirectly
the ISS presentation, his slides from the Black Hat 2005 USA July 27, 2005
presentation or decompiled Cisco code; or 2) where he is aware such information
is posted. If such postings were made directly or indirectly by him, he shall have
such postings taken down by 5:00 p.m., July 28, 2005 PDT."

I'm sure Monday will see subpoenas for Apache logs..... :slight_smile:

7

> I guess at this point ISS realizes their reputation is so deep in the
> shitter that nothing they do could make it worse.

Give it a week. :slight_smile:

(It's obvious that the people calling the shots in this circus have either
never heard of "Skylarov", "deCSS", or "@Stake/Dan Geer", or have decided to
out-do those. In either case, I'm willing to bet a large pizza with everything
on it that Monday morning will bring a whole new set of PR miscues into play.. :wink:

It'll be interesting to see them trying to suppress all the downloads
that have been made by people outside the U.S.

Steinar Haug, Nethelp consulting, sthaug@nethelp.no