Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco Warns of Stolen Web Site Passwords

Posted by samzenpus on from the are-you-you dept.

An anonymous reader writes "Cisco warned customers today that someone had broken in and stolen an untold number of passwords and usernames that its customers and employees use to login at Cisco.com, according stories at News.com and Washingtonpost.com. Cisco says the problem is unrelated to flaws in its hardware, but both stories note that Cisco's latest troubles are likely fallout from their legal battles with researcher Mike Lynn, who last week revealed major flaws in Cisco routers. There is also a growing thread at Nanog where network admins are complaining of not being able to get new passwords."

9 of 165 comments (clear)

  1. Thanks, Cisco.... by SamMichaels · · Score: 4, Insightful

    ...especially since you require everyone to register in order to get ANY info or ANY software or ANY drivers.

  2. SecureID by superpulpsicle · · Score: 1, Insightful

    This is one company that need to invest in a secureID system that changes password every 30 seconds.

  3. Cisco Trouble for the Past Week by pyite · · Score: 4, Insightful

    I've had nothing but CCO trouble for the past week. That combined with random problems have been frustrating. The lovely order of events:

    1) A SUP (well, MSFC) dies in one of our 6000s. I try to open a TAC case.
    2) I try to login to CCO. It doesn't really work. I login, but it tells me I'm not logged in. After a bunch of clicking and such, I can open a TAC case.
    3) Since Cisco can't get its Smartnet act together, I need to jump through hoops to get the right contract on my account, again.
    4) Finally open a case. Tech diagnoses immediately as an MSFC bug. Sends me a new SUP.
    5) After a day of messing with the new SUP and wondering if I'm crazy, I decide they've sent me a DOA SUP.
    6) Tech agrees, sends me a new SUP.
    7) Try to use the RMA POWR tool to print mailing labels for the pair of bad SUPs fails. The tool has been down for three days now. Completely down.
    8) Try to login to CCO for something else today and run into the password problem. Combine that with their password reset tool not working and I'm *very* *very* annoyed.

    *Sigh* Guess all companies have bad weeks, but this is particularly sucky for Cisco.

    --

    "Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman

  4. Get your stories straight... by homerskid · · Score: 3, Insightful
    If you are reporting news, try to get the story correct: No passwords were compromised, Cisco took a proactive stance to remedy something that had the possibility of occuring.
    "It has been brought to our attention that there is an issue in a Cisco.com search tool that could expose passwords for registered users,"

    This also had nothing to do with Lynn, even though the media would like to tie them together. It was brought to Cisco's attention by a completely separate company.
  5. No site should ever store passwords by vicaya · · Score: 3, Insightful

    It's appalling that a major company (a major tech company with security product offerings in this case!) website would store passwords in cleartext. Passwords (even usernames) should always be stored in strong one-way hashes like sha-1, so that even if they're stolen, they're close to useless.

  6. Re:Cisco: "Thugs". by demachina · · Score: 2, Insightful

    "Cisco corporate officers arranged to have Bruce Schneier call them "thugs"

    This one is pretty easy to explain. though its kind of a long proof, follow along.

    You may recall John Chambers, Cisco CEO, a while ago said:

    "What we're trying to do is outline an entire strategy of becoming a Chinese company"

    The people running China are now in fact no longer Communist. There is a prerequisite that there be state ownership of Capital to be Communist/Socialist. When China started transferring control of capital to private individuals, mostly highly place members of the party and their relatives, it did in fact transform from being Communist China to Fascist China.

    Under Fascism you have a repressive one party state but you can have private ownership of capital. The party just usually makes sure most of it wealth is in the hands of favored party members and the party liberally intervenes in the economy to pick the winners and losers. This is exactly the political and economic model you have in China today.

    So if you've followed this far:

    - The Chinese are now Fascists
    - Fascists are Thugs
    - Cisco is a "Chinese company"

    Cisco = thugs

    Bruce was stating the obvious.

    --
    @de_machina
  7. oh this is rich... from the eWeek article by ashpool7 · · Score: 2, Insightful
    However, experts say that while the security holes are unpatched and undisclosed, they put companies and individuals at risk. "We're making reverse engineering code illegal, but criminals don't follow the law. They reverse engineer code and find the holes," said Paller.


    So, in that case, how in the hell is making reverse engineering illegal helping anyone?

  8. Re:Plain Text Passwords by pnatural · · Score: 2, Insightful

    When will programmers learn that there is NO good reason to keep passwords in plain text?

    In my 20+ years programming experience, I've never seen a programmer that wanted to store a plain-text password. Rather, each time I've seen it done, it was a business-type making it a requirement.

  9. Re:Raises the debate of usefulness of registering by scottv67 · · Score: 2, Insightful

    "Interesting"? Wow! The mods are generous today.

    What about the case where you have to register for a website to VERIFY THAT YOU ARE A CUSTOMER WITH AN ACTIVE SUPPORT CONTRACT?

    I use my CCO login to download software that I should not have access to *unless* I have a valid support contract in place. I don't expect Cisco to give away new versions of software and firmware for free. Those "products" should go only to the people who are paying for them.