Juniper Networks has hired a hacker who exposed serious security vulnerabilities in rival Cisco’s routers, and who was sued as a result.
Juniper has taken on Michael Lynn, who at this year’s Black Hat hacking fest in Las Vegas exposed flaws in Cisco’s routers.
At the time, Lynn worked for Internet Security Systems (ISS), and gave his presentation against the wishes of his employer. He was forced to leave his job as a result and was then sued by both ISS and Cisco.
Cisco went to court to prevent full details of the vulnerability being disclosed, as it had not prepared a firm patch for the flaw. As part of the settlement in the legal actions Lynn agreed not to discuss the content of his presentation.
His presentation included information linked to a potential flaw in Cisco’s Internetwork Operating System (IOS), the OS used in most of Cisco’s main router products.
Lynn said his presentation was designed to help users guard against potential flaws in their network hardware.
Last week, Cisco released a patch for its IOS software which prevents the type of threat Lynn covered at Black Hat.
The update fixes a heap-overflow vulnerability in IOS, which potentially affects large parts of the internet’s backbone, as well as networks at enterprises, since Cisco’s routers are used by a large number of ISPs.
The SANS Institute, an international internet security body, described the flaw as “critical”.