Cisco Products Have Backdoors
Cbs228 writes "A Cisco Security Advisory released yesterday admits that "A default username/password pair is present in all releases of the Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software. A user who logs in using this username has complete control of the device. This username cannot be disabled." Can we really trust closed-source vendors, such as Cisco, to develop secure products that are free of backdoors?"
Being able to read the code can stop this from happening.
"...I just can't take the money, bitches and fame anymore...-BLAM!!!..."
What a jackassed coward.
"I'm just here to regulate funkiness."
Can anyone know enough about everything to have the ability to make an assessment on their own? I think not.
If you rely on a third party assessment, you're still trusting someone else's claim to knowledge and integrity. Either way, you either trust your vendors or you don't.
This is not the first backdoor in network gear. In fact, this isn't, from a risk perspective, that massive an issue in a well designed network.
The backdoor allows access to the WLSE or HSE itself, not nec. to the devices it manages. Proper security (ACLs - why would you allow anyone coming in wirelessly to connect to your wireless management device?- etc) limits this risk significantly.
I'm really tired of people getting part of the story, or not thinking things through before they go off the deep end.
Sig??? I don't need no stinkin Sig!
And PS, it is a good thing is can be spotted by a newbie C coder, because for most OSS, that is exactly who will be looking at it.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.