Digital Edition

SYS-CON.TV
Cisco in Security Maelstrom; Posts Alert About Cisco.com "Vulnerability"
Company Says It Was "Made Aware of a Vulnerability of a Search Tool On Cisco.com That Could Expose Passwords for Registered User

"Cisco's number one priority and focus," the company notes on Cisco.com, "is on the success of our customers. We are committed to helping customers with securing their network environment through best practice sharing, innovative and resilient network products, technologies, and services."

So it was an unfortunate new twist in the maelstrom surrounding the security giant, still immired in the Michael Lynn controversy, when the San Jose-based company posted a security alert yesterday on its Web site:

The security alert read as follows:

SAN JOSE, Calif., August 3, 2005:

Cisco Systems, Inc. was made aware of a vulnerability of a search tool on Cisco.com that could expose passwords for registered users.

Registered users of Cisco.com consist of employees, customers, partners, and other third-party users.

Cisco has since researched this issue and has taken the necessary steps to correct it.

Cisco is taking precautionary measures to protect our registered Cisco.com users, including resetting registered user passwords.

Because of a large number of requests, registered Cisco.com users may experience delays in receiving the new passwords.

The vulnerability in our search tool was brought to our attention by a third party security research organization.

We would like to thank them for contacting us so we could take appropriate action to protect our customers, partners and employees.

Cisco Systems is investigating the incident and will work with outside agencies as appropriate.

This incident does not appear to be due to a weakness in Cisco products or technologies.

The company was quick to write its customers and partners to tell them that all passwords had been reset, calling the problem "an issue that may cause minor inconvenience."

Such hacking, while almost inevitable in the wake of the Mike Lynn incident last week, serves no constructive purpose whatsoever and is certain to be roundly condemned by the wider technology community.

About Jeremy Geelan
Jeremy Geelan is Chairman & CEO of the 21st Century Internet Group, Inc. and an Executive Academy Member of the International Academy of Digital Arts & Sciences. Formerly he was President & COO at Cloud Expo, Inc. and Conference Chair of the worldwide Cloud Expo series. He appears regularly at conferences and trade shows, speaking to technology audiences across six continents. You can follow him on twitter: @jg21.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Bruce Schneier has said: 'We know that the public-relations department handles their security vulnerabilities, and not the engineering department.' Maybe he's right?




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple ...
Everyone wants the rainbow - reduced IT costs, scalability, continuity, flexibility, manageability, ...
SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st I...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use ...
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22n...
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT...
DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 20...
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with e...
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point wh...
DXWorldEXPO LLC announced today that ICOHOLDER named "Media Sponsor" of Miami Blockchain Event by Fi...
Today, we have more data to manage than ever. We also have better algorithms that help us access our...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, ...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: D...
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held Novemb...
CI/CD is conceptually straightforward, yet often technically intricate to implement since it require...
The now mainstream platform changes stemming from the first Internet boom brought many changes but d...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (No...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018,...
SYS-CON Events announced today that IoT Global Network has been named “Media Sponsor” of SYS-CON's @...