Slashdot Mirror


Cisco Products Have Backdoors

Cbs228 writes "A Cisco Security Advisory released yesterday admits that "A default username/password pair is present in all releases of the Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software. A user who logs in using this username has complete control of the device. This username cannot be disabled." Can we really trust closed-source vendors, such as Cisco, to develop secure products that are free of backdoors?"

4 of 555 comments (clear)

  1. Open Source by MBAFK · · Score: 1, Flamebait

    Being able to read the code can stop this from happening.

  2. No, by 2names · · Score: 0, Flamebait
    truly an American Idiot.

    "...I just can't take the money, bitches and fame anymore...-BLAM!!!..."

    What a jackassed coward.

    --
    "I'm just here to regulate funkiness."
  3. Re:Well, that depends. by freebase · · Score: 0, Flamebait

    Can anyone know enough about everything to have the ability to make an assessment on their own? I think not.

    If you rely on a third party assessment, you're still trusting someone else's claim to knowledge and integrity. Either way, you either trust your vendors or you don't.

    This is not the first backdoor in network gear. In fact, this isn't, from a risk perspective, that massive an issue in a well designed network.

    The backdoor allows access to the WLSE or HSE itself, not nec. to the devices it manages. Proper security (ACLs - why would you allow anyone coming in wirelessly to connect to your wireless management device?- etc) limits this risk significantly.

    I'm really tired of people getting part of the story, or not thinking things through before they go off the deep end.

    --
    Sig??? I don't need no stinkin Sig!
  4. Re:Well, that depends. by JPriest · · Score: 0, Flamebait
    Wow, if only Cisco products were as secure as Bind, sendmail, or some of the many problematic open source ftp servers.

    And PS, it is a good thing is can be spotted by a newbie C coder, because for most OSS, that is exactly who will be looking at it.

    --
    Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.