ARTS & FARCES internet

Michael Lynn was a security researcher for Internet Security Systems (ISS) until last week when he resigned. Having provided Cisco with a report that clearly outlined a security flaw in its router operating system last April, Lynn was reportedly frustrated with the networking giant’s slow response and decided the right thing to do was to expose a core vulnerability in the internet’s infrastructure. And that’s just what he did at the Black Hat security conference.

In a conference session, Lynn demonstrated how one could exploit a known security flaw on Cisco routers, in effect taking them over and potentially disrupting traffic on the internet, by executing arbitrary code on the Cisco equipment. Lynn told the session attendees that he had quit his job at ISS after the company decided to cancel the previously scheduled session. Session notes for Lynn’s presentation, “The Holy Grail: Cisco IOS Shellcode and Remote Execution,” were removed from the conference proceedings, reportedly by Cisco employees. “I feel I had to do what’s right for our country and the national infrastructure,” said Lynn, addressing the Black Hat conference attendees. “It has been confirmed that bad people are working on this [compromising Cisco’s IOS router operating system]. The right thing to do here is to make sure that everyone knows that it’s vulnerable.”

Internet Security Systems representatives told CNET that Lynn’s presentation was cancelled because “it wasn’t ready yet.” That’s apparently not the full story. “[A] source close to the Black Hat organization said that it wasn’t ISS and Lynn who wanted to cancel the presentation, but Cisco,” according to the CNET report. “The research is very important, and the underlying work is important, but we need to work with Cisco to determine the full impact,” ISS chief technology officer Chris Rouland told the online technology news publication.

Straight out of a Carl Hiaasen novel, a Miami politician, accused of money laundering and soliciting a male prostitute shoots himself on the “polished terrazzo floor” of The Miami Herald‘s lobby. That “polished terrazzo floor” bit must be the New York Times’ idea of adding color to the story.

But you know that can’t be the whole story, this being Miami and all. Herald columnist Jim DeFede secretly taped a telephone conversation with the politician, Arthur Teele Jr. That might be against Florida law. According to the New York Times, “all parties must consent to the recording or disclosure of the contents of any wire, oral or electronic communication.” Except for business calls. In 1991, a federal appeals court ruled that recording business calls without the other party’s consent was legal.

Here’s where it gets weird and will almost certainly make it into a Hiassen work sooner rather than later. The Miami Herald fires DeFede, but only after permitting him to transcribe the tape. The Herald then, according to Abby Goodnough’s account in the New York Times, “published portions of the conversation as described by Mr. DeFede.”

Here’s the money quote from the Herald‘s executive editor, Tom Fiedler:

“We expect our people to act in a highly ethical way, and Jim admitted that he had crossed that line, and I really didn’t see an alternative,” Mr. Fiedler said. “If we have that expectation and someone fails to abide by it, knowingly fails to abide by it, regardless of that person’s talent it means they can no longer be a part of The Herald.”

There’s lot’s of hand-wringing and whining going on in corporate media circles, but for all the wrong reasons. It’s highly unethical for the columnist to record a source without his knowledge. But it’s just peachy keen fine for the columnist’s employer to publish that conversation. That kind of twisted logic doesn’t work anywhere. Not even in Miami.

It should be abundantly clear by now that the coming judicial appointment wars will not be waged between the left and the right. Rather these battles will be fought between the pro-corporate-rights and the pro-community-rights contingents. If there’s any doubt, it should be extinguished by Timothy O’Brien and Jonathan Glater’s profile of the government investigation into the Milberg Weiss law firm in today’s New York Times.

Milberg Weiss is the US’s premiere class-action law firm, winning decades-worth of multimillion-dollar judgments against corporations. Last year William Lerach left Milberg Weiss to start a new firm in San Diego; Melvyn Weiss retained control of the New York firm bearing his name. There’s no doubt that both principals are the kind of lawyers Americans love to hate, but there’s also no doubt that lawyers like Weiss and Lerach work to ensure corporate accountability and deter corporate crime (Milberg Weiss, for example, is probably best known for its litigation against Enron).

Make no mistake that the government’s investigation into Milberg Weiss is politically motivated. President Bush has made tort reform a centerpiece of his legislative agenda and earlier this year signed a law making class-action lawsuits in state courts more difficult to file. In early 2002, federal prosecutors began subpoenaing law firms that had worked with Milberg Weiss, just as the Enron scandal was reaching the public eye. Last May, Milberg Weiss brought a federal suit against Halliburton Company, charging the corporation with defrauding investors by manipulating and falsifying financial statements between 1998 and 2001; Vice President Cheney was Halliburton’s chief executive officer during three of those four years. Millberg Weiss is also a benefactor of the Democratic Party, ringing up more than US$400,000 in political contributions during the 2004 election cycle.

Perhaps reflecting the weakness of the government’s case, federal prosecutors have asked both Lerach and Weiss to waive statute-of-limitations requirements. Both have refused.

This probably wasn’t the first shot fired in the judicial appointment wars, but it’s certainly one of the loudest.

I desperately wish my hometown had a world-class newspaper, but as long as Knight Ridder owns the franchise, smart money says it’s not going to happen. Accordingly, I stopped reading the daily years ago. Here’s a perfect example why. I would quote the money graf, but I find it too despicable.

I had a whole rant worked out, but Charles Laszewski, one of the three Pioneer Press writers worth reading, did it far better in an open letter on Romenesko’s non-blog blog:

“With your column, you have spat on the copy of the brave men and women who are doing their best in terrible conditions. More than 20 reporters have died in Iraq from around the world. You have insulted them and demeaned them, and to a much lesser degree, demeaned the reporters everywhere who have been threatened with bodily harm, who have been screamed at, or denied public records, just because they wanted to present the closest approximation to the truth they could.

“I am embarrassed to call you my colleague.”

Last summer, Texas transplant surgeons made a diagnostic mistake and transplanted a kidney from a brain-dead donor they believed died from a crack cocaine overdose into a relatively healthy end-stage-renal disease (permanent kidney failure) patient. Turns out the organ donor had rabies and the transplant recipient—along with the three other organ recipients from that donor—subsequently died of rabies. The doctors looked no further than the donor’s crack habit and never suspected rabies or anything else. “He’d recently smoked crack cocaine. He’d hemorrhaged around the brain. He’d died. That was all we needed to know,” said Dr. Goran Klintmalm, chairman and chief of the Baylor Regional Transplant Institute at Baylor University Medical Center in Gretchen Reynolds’ piece in today’s New York Times magazine.