« Patry on the Senate Commerce Committee on Grokster |
Main
| What Does "Copyfight" Mean? »
July 29, 2005
Hammers and Mercury Again
Posted by Alan Wexelblat
... or, doesn't anyone EVER learn? Or, Internet... censorship... damage. It's not possible that this could surprise any sentient being. But here's the headline:
Lynn presentation leaks onto Net
Well, no kidding. For those not following this gem, the Lynn in question is researcher Michael Lynn. The presentation is a talk Lynn prepared on known exploits against Cisco routers. Apparently this is stuff that has been known for some time and Cisco is working to fix amid a sea of misconceptions about the basic security of the hardware/software that powers much of the Internet. And what has leaked onto the Net is a PDF file that contains the presentation Lynn was scheduled to give at Black Hat in Las Vegas.
UPDATE: RickF of InfoWarrior commented that he has recieved a takedown notice and has removed the PDF. Please read his update in the Comments.)
I say "was," because earlier this week Cisco pressured Internet Security Systems (Lynn's employer at the time) into removing the presentation from Black Hat. Lynn then threatened to go ahead anyway and resigned from ISS. Cisco got an injunction; Lynn gave the presentation. Now it's getting ugly. According to blogger Brian Krebs, the FBI is involved and this is after an agreement was reached among Cisco, Lynn, ISS and the Black Hat organizers not to further distribute the material. Krebs' blog has a blow-by-blow including the agreement text. (There's also an interesting aside that at least 16 WIRED reporters were laid off this week - anyone have the story on that?)
Kieren McCarthy at Techworld hits the nail on the head, noting that Cisco has been "heavy handed" and the result has been a backfire of major proportions. The story is everywhere; the presentation is hot. Note to all you control freaks: do not, repeat DO NOT hit the blob of mercury with the hammer. Really.
Comments (4)
+ TrackBacks (0) | Category: Speech
- RELATED ENTRIES
- › Amazon is Nobody's Darling Right Now
- › Scalzi on Palmer, Success, Sponsorship Model
- › UK Academics Move to Free Up Taxpayer-Funded Research
- › May 4 is Coming Again - International Day Against DRM
- › Two Follow-ups on B&N/MSFT and Palmer
- › This is the Future of Music
- › B&N/Microsoft to Compete With Apple & Amazon
- › SCOTUS Grants Cert for Kirtsaeng v. John Wiley
1. Crosbie Fitch on July 29, 2005 7:11 PM writes...
Unless... the hammer is made of mecury and is at a temperature of -40C, and hits the blob of mercury extremely gently (which is at a temperature of -35C) in ambient conditions of -40C, such that the mecury melds with the hammer upon contact.
Permalink to Comment2. Seth Finkelstein on July 29, 2005 9:09 PM writes...
Don't underestimate the Chilling Effect, of discouraging other people who may be watching. I think it's a BIG, BIG, error to reason roughly that "They tried to stop it, they failed, GO 'NET!!!".
Rather, if there's something that's going to get out anyway, making a big fuss may only marginally increase the negatives of exposure (really, how many people care about the gory details of security research?). But there may be much discouragement to be had in conveying to the next person: "Try it, and we will come after you with everything from lawsuits to instigating an FBI investigation - do you feel lucky, hacker punks?"
I know every time I see one of these case, I'm further chilled myself regarding having been forced to abandon censorware decryption research.
Permalink to Comment3. RickF on July 29, 2005 11:51 PM writes...
This evening, I received a cease-and-desist (e.g., takedown) notice from attorneys representing Internet Security Systems (ISS). Having received and reviewed their letter, I have removed the file containing Michael Lynn's controversial Blackhat presentation. A copy of the notice can be found at:
http://www.infowarrior.org/users/rforno/lynn-cisco.pdf
Looking back at this week's events, my sense is that had the two companies involved (Cisco and ISS) said nothing about this briefing, it's quite likely that few if any people or news outlets would've given it more than a passing thought like so many other vulnerabilities being reported this week in Vegas -- after which, it likely would have gotten caught up in the "noise" of regular security community chatter. But as a result of their heavy-handed tactics this week, both Cisco and ISS have ended up publicizing a serious vulnerability quite significantly and thusly re-ignited the discussion over how the Internet security community handles vulnerability disclosure and product updates. By serving takedown notices in response to such situations, a company demonstrates clearly that it is more concerned with preserving its commercial interest in intellectual property than fostering community awareness and knowledge pertaining to critical internet security issues.
Improvements to internet security will NOT become a reality as the result of questionable secrecy or from commercial lawsuits that serve to mask the more substantial and fundamental problems within the information security industry and Internet community at large. Security through obscurity doesn't work, and neither does security through lawyering. These practices make the Internet more, not less, vulnerable.
I will close with a note of appreciation to my web hosting provider for their understanding and assistance in resolving this situation promptly and satisfactorily for all concerned tonight. As for me, it's now time to enjoy the weekend.
-Rick
Permalink to CommentInfowarrior.org
4. Seth Finkelstein on July 30, 2005 1:19 AM writes...
"... demonstrates clearly that it is more concerned with preserving its commercial interest in intellectual property than fostering community awareness and knowledge pertaining to critical internet security issues."
Bingo. They've traded the public interest for their financial benefit. But I fear that it's a tradeoff they consider worth it, since the financial costs are almost all externalized.
Permalink to Comment