North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Cisco, haven't we learned anything? (technician reset)
- From: Hank Nussbacher
- Date: Thu Jan 12 09:19:15 2006
On Thu, 12 Jan 2006, Gadi Evron wrote:
> In this
> (http://blogs.securiteam.com/wp-admin/post.php?action=edit&post=207) recent
> Cisco advisory, the company alerts us to a security problem
> with Cisco MARS (Cisco Security Monitoring Analysis and Response System).
> The security issue is basically a user account on the system that will
> give you root when accessed.
> Now? if Cisco knowingly put it there, shame on them. If somebody put it
> there without their knowledge? well, shame on them.
Cisco acquired Protego in Dec 2004 and thereby acquired MARS:
Cisco didn't put it in there - they bought the bug for $65M. :-)
> Okay, but how about other vulnerabilities of this type? Are there any more
> backdoors to other Cisco products?
> If not, why wouldn?t they just come out and say that?
> ?There are NO other such backdoors in our products?.
I am sure there are more. The previous one I remember was with their
and before that was:
but I don't know which company was purchased to introduce that one.
I think Cisco just doesn't check the product closely enough and trusts the
R&D coders and doesn't introduce an external security QA to the product