Juniper hires Black Hat hacker


Juniper hires Black Hat hacker

Antony Savvas

Juniper Networks has hired a hacker who exposed serious security vulnerabilities in rival Cisco’s routers, and who was sued as a result.

Juniper has taken on Michael Lynn, who at this year’s Black Hat hacking fest in Las Vegas exposed flaws in Cisco’s routers.

At the time, Lynn worked for Internet Security Systems (ISS), and gave his presentation against the wishes of his employer. He was forced to leave his job as a result and was then sued by both ISS and Cisco.

Cisco went to court to prevent full details of the vulnerability being disclosed, as it had not prepared a firm patch for the flaw. As part of the settlement in the legal actions Lynn agreed not to discuss the content of his presentation.

His presentation included information linked to a potential flaw in Cisco’s Internetwork Operating System (IOS), the OS used in most of Cisco’s main router products.

Lynn said his presentation was designed to help users guard against potential flaws in their network hardware.

Last week, Cisco released a patch for its IOS software which prevents the type of threat Lynn covered at Black Hat.

The update fixes a heap-overflow vulnerability in IOS, which potentially affects large parts of the internet’s backbone, as well as networks at enterprises, since Cisco’s routers are used by a large number of ISPs.

The SANS Institute, an international internet security body, described the flaw as “critical”.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy