LAS VEGAS -- Attendees at The Black Hat Security Conference had plenty to say yesterday in the wake of Cisco Systems' announcement that it issued cease and desist orders to conference organizers and the security researcher who presented his findings on a serious Cisco IOS flaw patched months ago.
"The speaker worked with Cisco for the last six months on this and Cisco has had the patch for quite a while," said Wally Strzelec, an IT manager at Texas A&M. "I don't know what their beef is."
Security researcher Michael Lynn stated in his presentation that he quit his job as a researcher at Internet Security
"Seems like Cisco's trying to cover its butt," said Tom DeSmidt, a senior security engineer for satellite TV provider Echostar. "All software has flaws you can exploit. They should embrace it rather then act this way."
And Cisco may pay for the lawsuit, in more ways than one. Ken Pfeil, CSO for Capital IQ in New York, said something like this may turn clients away. "Cisco is going about this entirely the wrong way -- they're alienating their own customers," Pfeil said. "Walking around for six months with their fly hanging open and now saying 'you didn't see anything' is a bad business practice."
Sources close to the controversy say that ISS had at least four opportunities to modify the contents of the Black Hat presentation, but waited until only a few days prior to the show to request changes that would require a reprint of the Black Hat conference proceedings to the tune of nearly $20,000. ISS allegedly decided the cost wasn't worthwhile. Cisco claims it wasn't given the option of making the changes if it was concerned.
As far as the lawsuit goes, Black Hat President Jeff Moss remains unconcerned and has no intention of remaining mum as the cease and desist order demands. "Apparently Cisco is going to send us a really scary letter tomorrow," he said. "I don't like scary letters so when I get it, I'll let everyone know what's going on." Depending on the outcome, a press conference is tentatively planned for Thursday morning.
Associate Editor Amber Plante contributed to this report