Slashdot Mirror
Cisco Products Have Backdoors
Cbs228 writes "A Cisco Security Advisory released yesterday admits that "A default username/password pair is present in all releases of the Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software. A user who logs in using this username has complete control of the device. This username cannot be disabled." Can we really trust closed-source vendors, such as Cisco, to develop secure products that are free of backdoors?"
admin/password.
I had but a simple dream, to destroy all humans.
"Mr. Potato Head! Back doors are not secrets!"
" Can we really trust closed-source venders, such as Cisco, to develop secure products that are free of backdoors?"
Yes. Lord, next you'll be asking about patents.
3COMengineers/Areweenies
What do you bet the id set is joshua/pencil?
Kinetic stupidity has a new brand leader: Allen Zadr.
Can't Cisco just download it to the devices themselves? They do have the password to every box, after all.
-Patrick
"They never stop thinking about new ways to harm our country and our people, and neither do we."
Greetings, Professor Falken.
Shall we play a game?
You probably shouldn't click this.
Cisco has an evil backdoor that works (initially) at the ethernet level. You send several specially crafted frames to a MAC on the local segment or special packets to the outside interface and the unit will open up a back connection to Cisco. The PIX and ACLs in their router products will not log these or otherwise alert you to their existence. Once the connection is made, Cisco can mirror selected bits of your LAN traffic. Being that most of the internet's traffic flows over Cisco products...
Some history:
In 1928 an American inventor (Henry P. Acket) was working on a method to send extremely low voltage electrical impulses over wires as a covert means of communications. He succeeded in that he was able to use the telephone companies' wires to speak to friends without paying a telephone tax. Early on, his friend Charles Isco was able to put a backdoor in the vacuum tubes with nothing more than a few drops of solder, some tin and flux. Charles showed Acket this and provided some wax cylinders of Acket's supposedly private conversation.
The FBI heard of this and took all their patent-pending information. Acket and Isco were paid the then huge sums of $1M and $500K respectively to shut up.
Fast forward to the 60's.
Early in 1963, J. Edgar Hoover was perusing the FBI archives when he spotted these plans from 35 years prior. He didn't believe it but one of his technical people played Hoover a tape recording made with a successor of the equipment. The tape was of Hoover making dinner reservations at Le Grande Fiste, a homosexual dinner club. Hoover went through the roof. He destroyed all the paperwork and equipment. After months of extreme drug therapy which rendered the technician nearly incoherent, Hoover had him framed for a crime we are all familiar with. The technician's name? Lee Harvey Oswald.
Ahh.. the technology survived
In the 1980s some people from Stanford University were going through recordings of Oswalds. Playing them backwards they could hear the terms "Black Helicopters", "Area 51" and "Backdoor Device". The truly learned already know about black helicopters and Area 51.. but what was this "Backdoor Device" Oswalds was rambling about? Those investigators, Len Bosack and Sandy Lerner, went on to form Cisco.
If you look inside any Cisco product you'll find a small vacuum tube with hacked in piece of tin, some solder and flux.
I present this information at grave risk to myself.
Happy Easter! This is not a backdoor, this is an easter egg...
Holy f@ck I'm an idiot.
I got to this point:
The technician's name? Lee Harvey Oswald.
Before realizing something was wrong with this post.
Casual Games/Downloads
>Just like we can't trust closed-source e-voting software [when] it comes to our republic (the U.S.:), we can't trust close-source vendors whose systems power our infrastructure...that, without, the world would cease to function as it does today.
Taliban leader speaking:
OK troops, here's what we'll do; we will sub-contract from the Pakistanis that are sub-contracting from the Indians that are sub-contracting from the Americans that are outsourcing their I.T. operations, and when WE are the ones coding everything for the Americans, we slip in trojans, viruses and everything else we can think of to screw with their heads!
Once they are all helpless because they've outsourced all the jobs that require an education, we show up and sell them all Edsel automobiles and when they've all killed themselves on the road, we simply take over the country.
Simple.
I don't know the meaning of the word 'don't' - J
I only made it to (Score:3, Funny) before I decided it was likely bogus...
Cisco doesn't make mistakes, they define new industry de-facto standards. Expect Juniper to issue a press-release shortly about some of their products having a backdoor as well. They're always followers.
That fix, be-it an actual removal of the userid/password, or a paranoid password change, is just as installable, either way.
no. it just changes the user/password pair to another one, only know to Cisco until somebody hacks it.... ;-)
:level 3 tech casts silver modem at level 2 bug.
:level 2 bug takes damage.
Whoever modded this offtopic has the sense of humour of a brick.
See, what he is explaining is that due to Ciscos inherent stupidity at adding an override all password, their track record, that was once the shit, is now just shit. Get it???
Too much Art Bell, I guess....
Wow...You missed Henry P. Acket??? Henry Packet.....
Wally: You are the wind beneath my wings.
Dilbert: Next week I'll tell him the packet must be lost in the "ether" net.
A.C., I could fly higher than an eagle...
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
If you look inside any Cisco product you'll find a small vacuum tube
before cluing in that I have not see a vacuum tube in years.
I'd be impressed if you were posting to Slashdot from a Cisco router...
May we never see th