From: Lee (ipgirl@gmail.com)
Date: Thu Aug 04 2005 - 08:41:24 GMT-3
Adding to its recent security woes, Cisco Systems Inc. has reset user
passwords on its Website in response to a potential vulnerability.
Partners and customers attempting to log on to Cisco.com today were greeted
by a notice saying all passwords had been reset by Cisco. The reason: a flaw
on the site that could have been used to expose those passwords.
Cisco has determined that Cisco.com password protection has been
compromised. As a precautionary measure, Cisco has reset your password,"
states one of the logon notices. "This incident does not appear to be due to
a weakness in Cisco products or technologies."
Users on the North American Network Operators' Group (NANOG) mailing list
were reporting little success today in getting their new passwords. "Because
of a large number of requests, registered Cisco.com users may experience
delays in receiving the new passwords," the Cisco warning helpfully points
out.
Cisco has corrected the flaw, which was in the search engine used on the
Cisco site and doesn't appear to stem from Cisco's routers or its
Internetwork Operating System (IOS) software, a Cisco spokesman says. The
problem was disclosed by "a third-party research organization," he says.
Cisco is describing the password reset as a precautionary measure. "We don't
believe there have been any active exploitations" of the vulnerability, the
spokesman says.
Speculation on the NANOG mailing list is that the password resets are
related to last week's Black Hat Briefings controversy, where researcher
Michael Lynn showed that it's possible to take over a Cisco router that's
running IOS. But Cisco doesn't believe there's a connection, the spokesman
notes (see Cisco Faces Security Flap and Cisco Reveals 'Black Hat' Flaw).
At the same time, it seems likely that the Lynn case has sparked new
interest in hacking Cisco's network to get at some IOS code, something that
has previously been accomplished (see Cisco's IOS Code 'Compromised', Cisco
Code Hacker Arrested, and Black Market Offers Cisco's PIX). "We're fully
aware there's increased activity, so we've taken every measure to protect
our networks," the spokesman says.
Lynn has settled with Cisco and his former employer, Internet Security
Systems Inc., agreeing not to discuss the matter any further.
Meanwhile, Websites posting what appears to be Lynn's presentation claim
they're being hit with cease-and-desist orders from DLA Piper Rudnick Gray
Carey, a law firm representing ISS. One such site, infowarrior.org, has
replaced the presentation with a copy of the cease-and-desist letter from
the firm. Attorney Andrew Valentine, who purportedly sent the letter, did
not return a call for comment.
- Craig Matsumoto, Senior Editor, Light Reading
----- Original Message -----
From: "Neo Shi" <neoshi@gmail.com>
To: <ccielab@groupstudy.com>
Sent: Thursday, August 04, 2005 12:04 PM
Subject: CCO Password Reset
> Hi list:
> Bad News:
>
> The company said Cisco.com <http://Cisco.com> has been compromised and
> that
> customers need to change their passwords.
>
> "It has been brought to our attention that there is an issue in a
> Cisco.com<http://Cisco.com>search tool that could expose passwords for
> registered users," the company
> warned.
>
> "As a result, to protect our registered Cisco.com <http://Cisco.com>
> users,
> we're taking the proactive step of resetting Cisco.com
> <http://Cisco.com>passwords. Needless to say, we're investigating the
> incident, which does not
> appear to be due to a weakness in our security products and technologies
> or
> with our network infrastructure."
>
> The company also stressed on its site that the incident appears unrelated
> to
> flaws in Cisco products.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:18 GMT-3