Cisco Update
Jimmy Hess
mysidia at gmail.com
Fri Jul 6 04:11:48 UTC 2012
On 7/5/12, Joe Greco <jgreco at ns.sol.net> wrote:
> It'll get real interesting when Cisco's cloud database is breached and
> some weakness in the password encryption is discovered.
[snip]
Will the users' passwords even matter, if a compromise of the
database allows an intruder to make a system-wide change to end users'
equipment, such as delivering a compromising configuration change, or
a "patched" firmware update that deactivates cloud service and
turns them all into botnet nodes under exclusive control of the
compromiser ?
Hopefully Cisco thought that stuff out, but password encryption
weaknesses at least are easily addressed by forcing all users to reset
pw, and requiring a proof of physical access to the unit.
--
-JH
More information about the NANOG
mailing list