NSA able to compromise Cisco, Juniper, Huawei switches

Jeff Kell jeff-kell at utc.edu
Tue Dec 31 04:54:59 UTC 2013


On 12/30/2013 11:06 PM, [AP] NANOG wrote:
> As I was going through reading all these replies, the one thing that
> continued to poke at me was the requirement of the signed binaries and
> microcode.  The same goes for many of the Cisco binaries, without direct
> assistance, which is unclear at this point through the cloud of smoke so
> to speak, it would be difficult to load this code post implementation or
> manufacturing. 

Signed binaries??  Surely you jest...

Try download *anything* from Cisco TAC these days with a new browser and
latest Java and see how many exceptions you have to make to get an
"allegedly" legitimate copy of "anything". 

If you don't like it, open a TAC case, and count the number of
exceptions you have to make to get to THAT point as well.  And of course
they'll want you to upload a "show tech" first thing, and see how many
MORE exceptions you have to make to get that to work.

Geez, just open ASDM today I have to honor Java exceptions.

We're all getting far too conditioned for the "click OK to proceed"
overload, and the sources aren't helping.

Jeff




More information about the NANOG mailing list