Michael Thomas Lynn | |
---|---|
Michael Lynn at the Siebel Center at UIUC, 2011 |
|
Born | September 6, 1980 United States |
Residence | Illinois |
Education | Mathematics, University of Texas at Austin; Computer Science University of Illinois at Urbana-Champaign |
Occupation | Computer Security |
Employer | Juniper Networks |
Known for | Ciscogate controversy |
Michael Thomas Lynn (born September 6, 1980) is an American computer security expert currently employed by Juniper Networks and known for his presentation on vulnerabilities in Cisco IOS at Black Hat and the controversy with Cisco Systems that followed. He was formerly an employee of Internet Security Systems (ISS).
Contents |
Lynn attended Trinity High School in Euless, Texas, and then attended the University of Texas at Austin, majoring in mathematics. As of 2009, he attends the University of Illinois Urbana-Champaign working on a degree in computer science.
Lynn came to widespread attention in July 2005 following a controversy, informally known as "Ciscogate", that resulted from his research into a major security vulnerability of Cisco IOS, the operating system used on Cisco Systems routers and other networking equipment. The vulnerability concerned IOS' handling of IPv6 packets and whether or not the problem could allow the routers to be exploited remotely. Although Cisco had originally discovered and fixed the flaw in April 2005, they did not inform their users of the true nature or severity of the problem.
Lynn was originally scheduled to present his findings at the Black Hat conference on July 27, 2005. The presentation had been originally approved by his employer ISS, and did not mention details of any vulnerability. It instead focused on the fact that vulnerabilities in IOS could be exploited, similar to other computer systems.
Despite the fact that Lynn had taken considerable care to remove as much technical detail as possible from his presentation, in order to make it more difficult for criminals to duplicate his work, Cisco and then later ISS objected to the talk, and threatened legal action just hours before the conference. The Black Hat organizers therefore allowed a team hired by Cisco to remove the relevant sections out of all conference materials, a short video of which was soon circulated on the internet.[1]
Lynn was warned by Black Hat not to give his speech and promised the organizers not to. He ostensibly[2] started an alternative talk on VoIP, which was met by booing from the audience. Lynn delivered his previously scheduled presentation despite the implications, bringing him international media attention. Though there have been conflicting reports over the timing and nature of Lynn's departure from his employer ISS,[3] Lynn was told by ISS that he would be fired if he made his original presentation. Lynn then resigned voluntarily approximately one hour prior to delivering the original presentation as he had intended. Lynn ended the talk by asking about possibilities for new employment from the audience. He was hired by Juniper Networks a few months later.[4][5]
Lynn was initially represented at the conference by noted Cyber law attorney Jennifer Granick. The lawsuit filed by Cisco and ISS was settled with a permanent injunction upon both Lynn and Black Hat against further disclosure of information on the exploit.[6]
At the 2006 Black Hat event, Mike Lynn was invited by Cisco to attend the after Blackhat Party at PURE located inside Caesars Palace. Media reports that Mike "crashed" the party by social engineering the host are in dispute.[7][8]