Vulnerability Development mailing list archives
Re: news story and router passwords
From: Jim Duncan <jnduncan () CISCO COM>
Date: Fri, 13 Oct 2000 00:56:02 -0400
Lincoln Yeoh writes:
If it's really a Cisco and they have a contract they could just contact Cisco TAC to fix things for them, instead of being held to ransom by the hacker. When a customer sent us a faulty obsolete Cisco access server - no contract, no nothing, and they bought it from someone else(!), Cisco actually sent a replacement for _free_[1] within a few days! Customer happy, we happy, TAC people happy, and no bets on what router that customer will be buying next....
Thanks for the nice comments. For what it's worth, I spent some time looking into that article and I have concluded that Cisco gear was _not_ involved. As you point out, it's all too easy to circumvent such extortion, and as far as I know, no other router maker has a team like the PSIRT with specific experience and training to deal with such an incident. If the call came into the Cisco TAC, we would have been contacted. If Cisco gear is involved, and a defect in hardware, software, or documentation either caused or catalyzed that incident, I'm sure this list will let us know. Hopefully privately, but let us know anyhow. And don't believe what you read in the papers unless it makes sense. Newspaper reporters make mistakes too, just like readers and PSIRT Incident Managers. :-) Jim -- Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc. <http://www.cisco.com/warp/public/707/sec_incident_response.shtml> E-mail: <jnduncan () cisco com> Phone(Direct/FAX): +1 919 392 6209
Current thread:
- news story and router passwords, (continued)
- news story and router passwords Vitaly Osipov (Oct 12)
- Re: news story and router passwords Talisker (Oct 12)
- Re: news story and router passwords Mathias Wegner (Oct 13)
- Re: news story and router passwords Ralph Moonen (Oct 12)
- Re: news story and router passwords Lincoln Yeoh (Oct 12)
- Re: news story and router passwords Mark Teicher (Oct 13)
- Re: news story and router passwords Talisker (Oct 13)
- Re: news story and router passwords Mark Teicher (Oct 14)
- Re: news story and router passwords Talisker (Oct 14)
- Re: news story and router passwords Mark Teicher (Oct 14)
- Re: news story and router passwords Jim Duncan (Oct 13)
- Re: Cisco 678 exploit Damir Rajnovic (Oct 12)
- Re: Cisco 678 exploit Joe (Oct 12)
- Re: Cisco 678 exploit Damir Rajnovic (Oct 12)