The leak can be traced back to researcher Michael Lynn, who
investigated the software in the course of his employment with
Atlanta-based Internet Security Systems (ISS), and then went public
with his findings at a Black Hat conference in Las Vegas on
Wednesday.
The presentation had originally received the backing of ISS, but
by Wednesday the firm had removed its support, and Lynn resigned
from the firm in order to give the talk.
According to reports, the presentation, which has been well
received in the internet community, not only discussed a known flaw
in the software, but also described various ways of expanding the
exploitation of the vulnerability – information that, since Cisco
is the world’s largest maker of routers, the devices that direct
internet communications, could have a big impact.
Lynn has been hailed a hero by some, warning of future problems
with the routers and giving users a chance to protect their
systems.
But Cisco and ISS view the presentation differently, and have
taken legal action.
On Thursday Cisco and ISS were awarded an injunction against
Lynn and the Black Hat conference organisation, prohibiting both
parties from disseminating any details of the presentation.
The injunction also forbids Lynn from making further use of, or
disclosing, any of the research contained in the presentation.
However, according to the BBC, details of the talk have already
made their way onto the internet and, despite a flurry of
cease-and-desist letters, the information is spreading.
Hackers are already working on exploits for the flaw, reports
Reuters.
