Router flaw sparks battle

摘要

Las vegas — Researcher Michael Lynn quit his job at Internet Security Systems last week, then defied ISS and Cisco by revealing that unpatched Cisco routers can be hacked by a buffer-overflow exploit. Until then, corporate network managers were largely unaware of the risk. Cisco and ISS had known for months. And it's feared that hackers knew, too, as Chinese bulletin boards are said to have contained at least some knowledge of the vulnerability. The confluence of events — all coming to a head last week at the Black Hat security conference — has reignited the long-smoldering debate over what constitutes responsible disclosure of security risks. Cisco insists that Lynn acted both irresponsibly and illegally, and obtained a court order barring him and show organizers from further disclosures.