This evening, I received a cease-and-desist (e.g., takedown) notice from attorneys representing Internet Security Systems (ISS). Having received and reviewed their letter, I have removed the file containing Michael Lynn's controversial Blackhat presentation. A copy of the notice can be found at: http://www.infowarrior.org/users/rforno/lynn-cisco.pdf
Looking back at this week's events, my sense is that had the two companies involved (Cisco and ISS) said nothing about this briefing, it's quite likely that few if any people or news outlets would've given it more than a passing thought like so many other vulnerabilities being reported this week in Vegas -- after which, it likely would have gotten caught up in the "noise" of regular security community chatter. But as a result of their heavy-handed tactics this week, both Cisco and ISS have ended up publicizing a serious vulnerability quite significantly and thusly re-ignited the discussion over how the Internet security community handles vulnerability disclosure and product updates. By serving takedown notices in response to such situations, a company demonstrates clearly that it is more concerned with preserving its commercial interest in intellectual property than fostering community awareness and knowledge pertaining to critical internet security issues. Improvements to internet security will NOT become a reality as the result of questionable secrecy or from commercial lawsuits that serve to mask the more substantial and fundamental problems within the information security industry and Internet community at large. Security through obscurity doesn't work, and neither does security through lawyering. These practices make the Internet more, not less, vulnerable. I will close with a note of appreciation to my web hosting provider for their understanding and assistance in resolving this situation promptly and satisfactorily for all concerned tonight. As for me, it's now time to enjoy the weekend. -Rick Infowarrior.org You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.
