Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco, haven't we learned anything? (technician reset)

  • From: Hank Nussbacher
  • Date: Thu Jan 12 09:19:15 2006

On Thu, 12 Jan 2006, Gadi Evron wrote:

> In this
> ( recent
> Cisco advisory, the company alerts us to a security problem
> with Cisco MARS (Cisco Security Monitoring Analysis and Response System).
> The security issue is basically a user account on the system that will
> give you root when accessed.
> Now? if Cisco knowingly put it there, shame on them. If somebody put it
> there without their knowledge? well, shame on them.

Cisco acquired Protego in Dec 2004 and thereby acquired MARS:

Cisco didn't put it in there - they bought the bug for $65M. :-)

> Okay, but how about other vulnerabilities of this type? Are there any more
> backdoors to other Cisco products?
> If not, why wouldn?t they just come out and say that?
> ?There are NO other such backdoors in our products?.

I am sure there are more.  The previous one I remember was with their
Riverhead purchase:

and before that was:
but I don't know which company was purchased to introduce that one.

I think Cisco just doesn't check the product closely enough and trusts the
R&D coders and doesn't introduce an external security QA to the product
being purchased.


Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.