The invite-only party last night that Cisco held at a nightclub for Black Hat conference attendees was crashed by security researcher Michael Lynn, who last year was sued by Cisco for revealing a serious flaw in Cisco routers. (Details of the eyewitness account.)
Along with some friends, Michael Lynn, who now works for Cisco rival Juniper Networks, evaded the security checks Cisco had put in place for the party, which included a name check and legal identification. Lynn and his friends, declaring "Cisco owes us a drink," gleefully posed in front of a Cisco sign inside the Pure Nightclub. Once aware the Lynn entourage had crashed the party, Cisco employees took it in stride. (More details on how Lynn got in.)
“We’re here to let security researchers know we want to work with them,” said Jeff Platon, Cisco’s Vice President of Security Solutions Marketing, with some diplomacy.
In his former job as security researcher at Internet Security Systems, Michael Lynn incurred the wrath of both ISS and Cisco at last year’s Black Hat conference as he defied them in going ahead with a planned talk to reveal a buffer overflow vulnerability in Cisco gear.
Cisco and ISS had sought to cancel the talk, even destroying informational material that had already been prepared for attendees.
Lynn, who quit his job at ISS to disclose the Cisco software flaw, was sued by Cisco and ISS, though the lawsuits were resolved within the week with help from attorney Jennifer Granick.
Last night, Lynn said he was enjoying working for Juniper and had moved on from doing vulnerability analysis to assisting Juniper in product design and development across its product line. “Sometimes it’s letting them know what to do, sometimes it’s more of a matter of not doing something,” Lynn commented.
Also at the Cisco party was Gerhard Eschelbeck, CTO at Webroot which makes antispyware software. When asked whether Webroot would stick to being just spyware or branch out into antivirus as well, Eschelbeck said the company was considering a broader strategy that would encompass “malware” malicious code in general.
Eschelbeck said Webroot is considering acquiring an antivirus firm in future announcements on that score were likely to be forthcoming.