[July 29, 2005]

Internet Security Systems Granted Permanent Injunction Against Former Employee and Black Hat Conference Organization

ATLANTA --(Business Wire)-- July 29, 2005 -- Internet Security Systems (ISS) (NASDAQ: ISSX) today announced the company has been granted a permanent injunction against former employee, Michael Lynn, and the Black Hat conference organization. ISS sought the injunction following Lynn's unauthorized presentation of security research he conducted while employed by ISS. The research was presented on July 27, 2005 at the Black Hat USA conference after Lynn had tendered his resignation.

The injunction, issued by the US District Court in San Francisco, bars both Lynn and Black Hat from disseminating, in any form, the presentation given at the conference. It also forbids Lynn from making further use of, or disclosing, any of the research contained in the presentation. Prior to the start of the conference, Lynn had informed the Black Hat organizers that he would not be presenting at the show because ISS determined that further research needed to be conducted on the topic to be presented.

ISS believes this permanent injunction will be effective in preventing further misappropriation of its proprietary research. The information presented by Lynn was not a disclosure of a new vulnerability or flaw with the Cisco IOS software but a description of possible ways to expand exploitations of known security vulnerabilities affecting Cisco's routers.

ISS provides protection for these Cisco IOS vulnerabilities, and recommends that all customers apply applicable ISS product updates. These updates are now available from the ISS Download Center at: http://www.iss.net/download. All Cisco customers should take steps to ensure that the latest Cisco IOS updates are applied to all Cisco devices. Cisco updates since April do provide protection.

Information on Cisco vulnerability advisories can be found at: http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml

The foundation of ISS' "preemptive" approach to Internet security is its X-Force(R) research and development team. ISS stops more threats because it knows more - by discovering, researching and testing software vulnerabilities and collaborating with government agencies, industry consortiums and software developers. According to Frost & Sullivan (April 2005), ISS discovered more than 51 percent of the Internet's high-risk vulnerabilities from 1998 to 2005. By contrast, its closest competitor discovered just over 12 percent during the same period. ISS maintains in-depth knowledge of the techniques hackers use to create attacks. With this powerful combination of resources, ISS creates effective defenses before attacks ever occur. ISS' knowledge-based approach to protection is extended across its entire Proventia Enterprise Security Platform.

About Internet Security Systems, Inc.

Internet Security Systems, Inc. (ISS) is the trusted expert to global enterprises and world governments, providing products and services that protect against Internet threats. An established world leader in security since 1994, ISS delivers proven cost efficiencies and reduces regulatory and business risk across the enterprise. ISS products and services are based on the proactive security intelligence conducted by ISS' X-Force(R) research and development team - the unequivocal world authority in vulnerability and threat research. Headquartered in Atlanta, Internet Security Systems has additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.

Internet Security Systems is a trademark and X-Force is a registered trademark of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners.

[ Back To TMCnet.com's Homepage ]

Discussions: