Why Xena is hacked off
Big news in the realm of astronomy was last month’s surprise announcement that our solar system may have a tenth planet. We say ‘may have’ because there is some dispute as to whether the new body qualifies as a planet or is just a very big asteroid.
Big news in the realm of astronomy was last month’s surprise announcement that our solar system may have a tenth planet. We say ‘may have’ because there is some dispute as to whether the new body qualifies as a planet or is just a very big asteroid. The scientists who discovered the ‘planet’ however, seem quite confident, having gone as far as to give it a name: Xena, after the TV series starring Lucy Lawless. “We have always wanted to name something Xena,” one of the astronomers was quoted as saying, which perhaps tells us more about the astronomers than it does about the new ‘planet’.
While the name Xena did seem to capture the public’s imagination, what was less widely reported was that the discovery was only revealed after a hacker broke into a secure web site containing details about it and threatened to release the information. The astronomers had wanted to wait for longer as they hoped to have resolved the thorny issue of whether Xena is or isn’t a planet before its existence was made public. However, the hacker forced their hand.
While we could all probably have waited to find out that there may be another planet in our immediate vicinity (it isn’t as if it is actually going anywhere, it takes 560 Earth years just to orbit the Sun), the key here is that we do know about it because of the actions of a hacker. Because he threatened to blow the whistle on Xena’s existence, people were forced to act.
Back on Earth, and in the IT domain, there has been another dispute about hackers and whistle-blowing, this one involving Cisco and attempts to publicise a vulnerability in its router products. This time the whistle-blower wasn’t a hacker: rather, somebody who was concerned about the threat posed by hackers. However, Michael Lynn could be forgiven right now if he feels the distinction hasn’t been clearly made. The security researcher felt compelled to quit his job with security firm Internet Security Systems (ISS) in order to give a talk at the Black Hat security conference in Las Vegas, US, last month. There, he demonstrated that it is possible to hack Cisco routers, an issue of serious concern as these are the devices that direct traffic across the internet itself. Lynn claims the flaw could bring the internet to its knees and took the step of quitting his job at ISS because it had agreed with Cisco that he should not show the presentation.
For its part, Cisco has taken a variety of measures to stop Lynn, including legal action claiming that he had obtained his information by illegal methods. Lynn had decompiled Cisco’s software for his research and by doing so violated its intellectual property rights, the company is claiming.
“ISS and Cisco’s actions with Mr Lynn and Black Hat were not based on the fact that a flaw was identified, rather that they chose to address the issue outside of established industry practices,” a Cisco spokesperson claimed. Following the presentation Lynn has reached an agreement with Cisco and ISS, in which he appears to have agreed not to repeat his presentation or spread any further information about the flaw. Cisco employees reportedly ripped copies of Lynn’s presentation from the conference programme, and Black Hat handed over its video recording of his talk. Cisco claims the flaw has been fixed in more recent versions of its router software and there is no need for concern. But its heavy-handed actions are likely to have won it few friends in the security community, leaving concerns that future vulnerabilities will go unreported. And that it is going to have a bigger impact on all of us than how many rocks there are out in space.