Juniper Hires 'Black Hat' Speaker
Reached at work late yesterday, Lynn confirmed he is that Michael Lynn but said he wasn't permitted to divulge when he was hired, or for what job.
A Juniper spokeswoman likewise wouldn't give details, citing a company policy against discussing employee assignments.
Lynn's celebrity stems from a July talk at the Black Hat Briefings conference, where he demonstrated that it's possible to gain unauthorized control over a Cisco router. Lynn claimed at the time that Cisco and his employer, (Nasdaq: ISSX), had threatened to sue if he gave the talk. He did so anyway, quitting his job beforehand. (See Cisco Faces Security Flap.)
Cisco says it had already patched the flaw and stopped issuing the OS version that made it possible. (See Cisco Reveals 'Black Hat' Flaw.) Cisco sued for a restraining order preventing Lynn from further disclosing his research; Lynn eventually agreed to a settlement in the matter.
The incident touched a nerve with hackers, many of whom believe it's best to divulge as much information as possible about security vulnerabilities, so users can better understand the danger they face. By contrast, many companies prefer to keep a discoverd vulnerability secret until a patch or a fix is available.
— Craig Matsumoto, Senior Editor, Light Reading