[attrition] ISS serves takedown notice for Cisco briefing (fwd)

security curmudgeon jericho at attrition.org
Sat Jul 30 04:01:54 EDT 2005


Get a copy while you still can! =)

http://cryptome.org/lynn-cisco.zip

---------- Forwarded message ----------
From: Richard Forno <rforno at infowarrior.org>
To: Infowarrior List <infowarrior at g2-forward.org>
Cc: Dave Farber <dave at farber.net>, Bruce Schneier <schneier at counterpane.com>,
     Declan McCullagh <declan at well.com>
Date: Fri, 29 Jul 2005 22:59:45 -0400
Subject: [infowarrior] - ISS serves takedown notice for Cisco briefing


This evening, I received a cease-and-desist (e.g., takedown) notice from
attorneys representing Internet Security Systems (ISS).  Having received and
reviewed their letter, I have removed the file containing Michael Lynn's
controversial Blackhat presentation. A copy of the notice can be found at:
http://www.infowarrior.org/users/rforno/lynn-cisco.pdf

Looking back at this week's events, my sense is that had the two companies
involved (Cisco and ISS) said nothing about this briefing, it's quite likely
that few if any people or news outlets would've given it more than a passing
thought like so many other vulnerabilities being reported this week in Vegas
-- after which, it likely would have gotten caught up in the "noise" of
regular security community chatter.  But as a result of their heavy-handed
tactics this week, both Cisco and ISS have ended up publicizing a serious
vulnerability quite significantly and thusly re-ignited the discussion over
how the Internet security community handles vulnerability disclosure and
product updates. By serving takedown notices in response to such situations,
a company demonstrates clearly that it is more concerned with preserving its
commercial interest in intellectual property than fostering community
awareness and knowledge pertaining to critical internet security issues.

Improvements to internet security will NOT become a reality as the result of
questionable secrecy or from commercial lawsuits that serve to mask the
more substantial and fundamental problems within the information security
industry and Internet community at large.  Security through obscurity
doesn't work, and neither does security through lawyering. These practices
make the Internet more, not less, vulnerable.

I will close with a note of appreciation to my web hosting provider for
their understanding and assistance in resolving this situation promptly and
satisfactorily for all concerned tonight.  As for me, it's now time to enjoy
the weekend.

-Rick
Infowarrior.org



You are a subscribed member of the infowarrior list. Visit
www.infowarrior.org for list information or to unsubscribe. This message
may be redistributed freely in its entirety. Any and all copyrights
appearing in list messages are maintained by their respective owners.


More information about the attrition mailing list