Digital Edition

SYS-CON.TV
Cisco in Security Maelstrom; Posts Alert About Cisco.com "Vulnerability"
Company Says It Was "Made Aware of a Vulnerability of a Search Tool On Cisco.com That Could Expose Passwords for Registered User

"Cisco's number one priority and focus," the company notes on Cisco.com, "is on the success of our customers. We are committed to helping customers with securing their network environment through best practice sharing, innovative and resilient network products, technologies, and services."

So it was an unfortunate new twist in the maelstrom surrounding the security giant, still immired in the Michael Lynn controversy, when the San Jose-based company posted a security alert yesterday on its Web site:

The security alert read as follows:

SAN JOSE, Calif., August 3, 2005:

Cisco Systems, Inc. was made aware of a vulnerability of a search tool on Cisco.com that could expose passwords for registered users.

Registered users of Cisco.com consist of employees, customers, partners, and other third-party users.

Cisco has since researched this issue and has taken the necessary steps to correct it.

Cisco is taking precautionary measures to protect our registered Cisco.com users, including resetting registered user passwords.

Because of a large number of requests, registered Cisco.com users may experience delays in receiving the new passwords.

The vulnerability in our search tool was brought to our attention by a third party security research organization.

We would like to thank them for contacting us so we could take appropriate action to protect our customers, partners and employees.

Cisco Systems is investigating the incident and will work with outside agencies as appropriate.

This incident does not appear to be due to a weakness in Cisco products or technologies.

The company was quick to write its customers and partners to tell them that all passwords had been reset, calling the problem "an issue that may cause minor inconvenience."

Such hacking, while almost inevitable in the wake of the Mike Lynn incident last week, serves no constructive purpose whatsoever and is certain to be roundly condemned by the wider technology community.

About Jeremy Geelan
Jeremy Geelan is Chairman & CEO of the 21st Century Internet Group, Inc. and an Executive Academy Member of the International Academy of Digital Arts & Sciences. Formerly he was President & COO at Cloud Expo, Inc. and Conference Chair of the worldwide Cloud Expo series. He appears regularly at conferences and trade shows, speaking to technology audiences across six continents. You can follow him on twitter: @jg21.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Bruce Schneier has said: 'We know that the public-relations department handles their security vulnerabilities, and not the engineering department.' Maybe he's right?




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, disc...
Having been in the web hosting industry since 2002, dhosting has gained a great deal of experience w...
All in Mobile is a mobile app agency that helps enterprise companies and next generation startups bu...
NanoVMs is the only production ready unikernel infrastructure solution on the market today. Unikerne...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the m...
Your job is mostly boring. Many of the IT operations tasks you perform on a day-to-day basis are rep...
Dynatrace is an application performance management software company with products for the informatio...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism...
Technological progress can be expressed as layers of abstraction - higher layers are built on top of...
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical ...
SUSE is a German-based, multinational, open-source software company that develops and sells Linux pr...
When building large, cloud-based applications that operate at a high scale, it’s important to mainta...
Big Switch's mission is to disrupt the status quo of networking with order of magnitude improvements...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Ser...
Yottabyte is a software-defined data center (SDDC) company headquartered in Bloomfield Township, Oak...
Serveless Architectures brings the ability to independently scale, deploy and heal based on workload...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it wil...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (No...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...