nanog mailing list archives

Re: Cisco Update

From: Jimmy Hess <mysidia () gmail com>
Date: Thu, 5 Jul 2012 23:11:48 -0500

On 7/5/12, Joe Greco <jgreco () ns sol net> wrote:

It'll get real interesting when Cisco's cloud database is breached and
some weakness in the password encryption is discovered.

[snip]

Will the users' passwords even matter,  if a compromise of the
database allows an intruder to make a system-wide change to end users'
equipment, such as delivering a compromising configuration change,  or
a  "patched"  firmware update   that deactivates cloud service and
turns them all into botnet nodes  under exclusive control of the
compromiser ?

Hopefully Cisco thought that stuff out,  but   password encryption
weaknesses at least are easily addressed by forcing all users to reset
pw,  and requiring a proof of physical access to the unit.

--
-JH

Current thread:

RE: Cisco Update, (continued)
- - - RE: Cisco Update David Hubbard (Jul 05)
    - Re: Cisco Update Grant Ridder (Jul 05)
    - Re: Cisco Update Joe Greco (Jul 05)
    - Re: Cisco Update Jeff Johnstone (Jul 05)
    - Re: Cisco Update Ray Soucy (Jul 05)
    - Re: Cisco Update Andriy Bilous (Jul 05)
    - RE: Cisco Update Keith Medcalf (Jul 05)
    - RE: Cisco Update Keith Medcalf (Jul 05)
    - Re: Cisco Update Joe Greco (Jul 05)
    - Re: Cisco Update Jeff Johnstone (Jul 05)
    - Re: Cisco Update Jimmy Hess (Jul 05)
    - Re: Cisco Update Randy Bush (Jul 05)
    - Re: Cisco Update Joe Greco (Jul 07)
    - Re: Cisco Update Jeroen van Aart (Jul 11)
    - Re: Cisco Update Tyler Haske (Jul 11)
- Re: Cisco Update Leo Bicknell (Jul 05)
- Re: Cisco Update Thomas D Nadeau (Jul 05)
- Re: Cisco Update Cameron Byrne (Jul 05)
  - Re: Cisco Update goemon (Jul 06)
    - Re: Cisco Update Hank Nussbacher (Jul 06)
- Re: Cisco Update Edward Salonia (Jul 05)