Cisco flaw presentation spreads across the Web

Cisco's lawyers are sending out cease-and-desist notices to Web sites that have published a controversial presentation by ex-Internet Security Systems (ISS) employee Michael Lynn that exposes the potential dangers of a flaw in the network giant's router operating system.

The presentation, which was due to be given by Lynn at the Defcon conference in Las Vegas last week, was cancelled after legal threats from Cisco and ISS. The parties resolved the matter on Thursday last week.

The 1.9MB presentation was published on Cryptome.org and infowarrior.org late last week. The latter has since replaced it with a copy of the cease and desist notice. However, an increasing number of other Web sites are now making available Lynn's presentation to whomever cares to read or download it.

A Cisco spokesperson told ZDNet UK sister site ZDNet Australia that the company is taking the matter seriously and dismissed any potential risks resulting from the flaw as "speculative".

"We are going to take every measure available to protect our customers and the integrity of the Internet — we will be taking any actions that we see necessary. We are not aware of any active exploitations impacting customer networks. We strongly recommend that customers take the necessary actions to upgrade their software to the latest available versions," the spokesperson said.

Security expert Richard Forno, founder of the infowarrior.org Web site, said that Cisco's "heavy-handed tactics" have helped publicise the vulnerability. He slammed the network giant for "preserving its commercial interest" rather than improving overall security.

"Improvements to Internet security will not become a reality as the result of questionable secrecy or from commercial lawsuits… Security through obscurity doesn't work, and neither does security through lawyering [sic]. These practices make the Internet more, not less, vulnerable,' said Forno.

Security guru Bruce Schneier also attacked Cisco's behaviour, calling the company "thugs". He also suggested that Cisco's customers will not be impressed that the company tried to hide the truth.

"I can't believe that they [Cisco] thought they could have censored the information by their actions, or even that it was a good idea… Cisco's customers want information. They don't expect perfection, but they want to know the extent of problems and what Cisco is doing about them. They don't want to know that Cisco tries to stifle the truth," wrote Schneier in a blog posting.

Even if hackers manage to develop malware that can exploit the flaws described in Lynn's presentation, they are unlikely to threaten the general health of the Internet, according to Ty Miller, a security specialist at Pure Hacking.

"The Internet is a huge multi-vendor environment, which generally indicates that single vulnerabilities will not allow an attacker to gain, in Michael Lynn's words, 'World Domination'," said Miller.

However, Miller warned that organisations with a "single vendor architecture" are most at risk: "Zero-day attacks against newly found vulnerabilities in network devices could have a large impact when companies or governments have single-vendor architectures. This is because an individual vulnerability could be exploited, on each network device, to gain control of an entire network architecture."

Munir Kotadia reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.