Bloomberg Anywhere Remote Login Bloomberg Terminal Demo Request


Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.


Financial Products

Enterprise Products


Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000


Industry Products

Media Services

Follow Us

Bloomberg Customers

Black Hats redux

Posted by: Steve Hamm on August 3, 2005

I’ve been able to track down some additional info concerning this Cisco/Black Hat dustup. My posting of last Friday elicited a bunch of comments. Almost all negative. My reference to security expert Michael Lynn being fired by his employer, Internet Security Systems, appears to be wrong. I must have garbled info I grabbed off of Web news reports. My apologies. I changed the reference in the original posting to say he apparently quit.

I have been in touch with Cisco, and they said the other facts I recounted in the blog posting were correct. Of course, some of my critics have taken me to task for taking Cisco’s side, so word that Cisco confirms my take on the incident would only confirm their suspicions. In fact, while not beholden to the company, I do agree with Cisco that it is dangerous to expose details of vulnerabilities in crucial Internet technology to a public that includes many malicious hackers. Here’s Cisco’s side of the story.

I’m still hoping to speak to Michael Lynn. I have feelers out.

Reader Comments


August 3, 2005 5:27 PM

I just read that Ciscos website was breached. Their portal password security was compromised and millions are scramblig for help from what I read. It looks like they have problems.


August 3, 2005 9:37 PM

Dear Steve,

yes, it is important that companies are informed about exploits in their software/hardware but the problem is that in this case Cisco did not act appropriately on this information. Take a look at any of the news stories and you will find that that was the case -- back in April Cisco was informed. So if a company does not act appropriately should users and customers accept this inaction? No way. I don't know what your view is on security, but I'd rather know something is wrong than to be in the dark about it. Plus, if you have seen the presentation you might realize that it actually makes it extremely difficult to exploit the vulnerability.

Sometimes it is ok to admit to be wrong ...

Post a comment



Bloomberg Businessweek writers Peter Burrows, Cliff Edwards, Olga Kharif, Aaron Ricadela, and Douglas MacMillan, dig behind the headlines to analyze what’s really happening throughout the world of technology. Tech Beat covers everything from tech bellwethers like Apple, Google, and Intel and emerging new leaders such as Facebook to new technologies, trends, and controversies.



BW Mall - Sponsored Links

Buy a link now!