Language Selection

English French German Italian Portuguese Spanish

Ripple effect from Cisco Router Presentation

Filed under
Legal

Cisco and Internet Security Systems (ISS) are taking action against websites that provide too much detail about a presentation that security expert Michael Lynn gave on Wednesday at the Black Hat security conference about a vulnerability in Cisco's IOS operating system.

Lawyers for ISS have sent a cease and desist order to the internet provider where Richard Forno of Infowarrior.org posted a PDF document containing the slides of Lynn's presentation.

"My ISP has been contacted by attorneys," Forno told vnunet.com at 4 PM on Friday. "I'm waiting to see the legal document."

Later that day he removed the document from his website and replaced it with a fax from an ISS attorney, demanding that he took the document offline.

Full Story.

The FBI is investigating a computer security researcher for criminal conduct after he revealed that critical routers supporting the internet and many networks have a serious software flaw that could allow someone to crash or take control of them.

Mike Lynn, a former researcher at Internet Security Systems, said he was tipped off late Thursday night that the FBI was investigating him for violating trade secrets belonging to his former employer, ISS.

The FBI declined to discuss the case. But Lynn's lawyer, Jennifer Granick, confirmed that the FBI told her it was investigating her client.

"The investigation has to do with the presentation," she said, "but what crime that could possibly be is unknown because they haven’t found any (evidence against him)."

"There's no arrest warrant for (Lynn) and there are no charges filed and no case pending," Granick said. "There may never be. But they got a complaint and as a result they were doing some investigation."

Full Story.

More in Tux Machines

Tidelift Backed by Former Red Hat Chairman and CEO Matthew Szulik

  • Open source startup Tidelift snags $15 mln Series A
    Boston-based Tidelift, an open source startup, has secured $15 million in Series A funding. General Catalyst, Foundry Group and former Red Hat Chairman and CEO Matthew Szulik led the round. In conjunction with the funding, Larry Bohn, managing director at General Catalyst, Ryan McIntyre, co-founder and managing director at Foundry Group and Szulik have all joined Tidelift’s board of directors.
  • Tidelift raises $15M to find paying gigs for open-source developers maintaining key projects
    Tidelift wants to give open-source developers a way to earn some money for contributing to important open-source projects and while helping the companies that are using those projects in key parts of their business, and it just raised $15 million to build those connections. General Catalyst, Foundry Group, and former Red Hat CEO Matthew Szulik co-led the Series A founding round into the Boston-based startup, the first time the 17-person company has taken financing, said Donald Fischer, co-founder and CEO of Tidelift. The other co-founders — Havoc Pennington, Jeremy Katz, and Luis Villa — share a wealth of open-source experience across companies like Red Hat and organizations like The Wikimedia Foundation and the Mozilla Foundation.
  • Tidelift Raises $15M Series A To Make Open Source Work Better--For Everyone

today's howto

Linux and CPU Security

  • 22 essential security commands for Linux
    There are many aspects to security on Linux systems – from setting up accounts to ensuring that legitimate users have no more privilege than they need to do their jobs. This is look at some of the most essential security commands for day-to-day work on Linux systems.
  • CVE-2018-3639: Spectre Variant 4 Vulnerability Affects the Linux Kernel
    A Spectre variant 4 vulnerability has been identified in the Linux kernel and represents a very dangerous threat to all affected machines. All system administrators are urged to apply the latest updates as soon as possible to mitigate any possible impact.
  • Spectre Number 4, STEP RIGHT UP!
    In the continuing saga of Meltdown and Spectre (tl;dr: G4/7400, G3 and likely earlier 60x PowerPCs don't seem vulnerable at all; G4/7450 and G5 are so far affected by Spectre while Meltdown has not been confirmed, but IBM documentation implies "big" POWER4 and up are vulnerable to both) is now Spectre variant 4. In this variant, the fundamental issue of getting the CPU to speculatively execute code it mistakenly predicts will be executed and observing the effects on cache timing is still present, but here the trick has to do with executing a downstream memory load operation speculatively before other store operations that the load does not depend on. If the CPU is convinced to speculatively execute down this victim path incorrectly, it will revert the stores and the register load when the mispredict is discovered, but the loaded address will remain in the L1 cache and be observable through means similar to those in other Spectre-type attacks.

Microsoft EEE and FUD Against FOSS and GNU/Linux (or GPL)