|
Juniper Hires Black Hat Speaker |
|
|
|
|
Tuesday, 08 November 2005 |
Michael Lynn, the researcher who quit his job to give a presentation on a Cisco Systems Inc. (Nasdaq: CSCO - message board) security weakness, has landed on his feet, working for Cisco rival Juniper Networks Inc. (Nasdaq: JNPR - message board).
Reached at work late yesterday, Lynn confirmed he is that Michael Lynn but said he wasnt permitted to divulge when he was hired, or for what job.
A Juniper spokeswoman likewise wouldnt give details, citing a company policy against discussing employee assignments.
Lynns celebrity stems from a July talk at the Black Hat Briefings conference, where he demonstrated that its possible to gain unauthorized control over a Cisco router. Lynn claimed at the time that Cisco and his employer, Internet Security Systems Inc. (Nasdaq: ISSX - message board), had threatened to sue if he gave the talk. He did so anyway, quitting his job beforehand. (See Cisco Faces Security Flap.)
Cisco says it had already patched the flaw and stopped issuing the OS version that made it possible. (See Cisco Reveals Black Hat Flaw.) Cisco sued for a restraining order preventing Lynn from further disclosing his research; Lynn eventually agreed to a settlement in the matter.
The incident touched a nerve with hackers, many of whom believe its best to divulge as much information as possible about security vulnerabilities, so users can better understand the danger they face. By contrast, many companies prefer to keep a discoverd vulnerability secret until a patch or a fix is available. |