By Kim Zetter
LAS VEGAS -- A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit.
Michael Lynn, a former research analyst with Internet Security Systems, quit his job at ISS Tuesday morning before disclosing the flaw at Black Hat Briefings, a conference for computer security professionals held annually here.
The security hole in Cisco IOS, the company's "infrastructure operating system" that controls its routers, was patched by Cisco in April, Lynn said, and the flawed version is no longer available for download. But Cisco didn't want the information disclosed until next year when a new version of the operating system would be out of beta testing and ready for distribution.
Routers are devices that direct information through a network. Cisco products account for the majority of routers that operate the backbone of the internet and many company networks.
Lynn likened IOS to Windows XP, for its ubiquity.
By Kim Zetter
LAS VEGAS -- The FBI is investigating a computer security researcher for criminal conduct after he revealed that critical routers supporting the internet and many networks have a serious software flaw that could allow someone to crash or take control of them.
Mike Lynn, a former researcher at Internet Security Systems, or ISS, said he was tipped off late Thursday night that the FBI was investigating him for violating trade secrets belonging to his former employer.
Lynn resigned from ISS Wednesday morning after his company and Cisco threatened to sue him if he spoke at the Black Hat security conference in Las Vegas about a serious vulnerability he found while reverse-engineering the operating system in Cisco routers. He said he conducted the reverse-engineering at the request of his company, which was concerned that Cisco wasn't being forthright about a recent fix it had made to its operating system.
Lynn spoke anyway, discussing the flaw in Cisco IOS, the operating system that runs on Cisco routers, which are responsible for transferring data over much of the internet and private networks.
Although Lynn demonstrated for the audience what hackers could do to a router if they exploited the flaw, he did not reveal technical details that would allow anyone to exploit the bug without doing the same research he did to discover it.