Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco Warns of Stolen Web Site Passwords

Posted by samzenpus on from the are-you-you dept.

An anonymous reader writes "Cisco warned customers today that someone had broken in and stolen an untold number of passwords and usernames that its customers and employees use to login at Cisco.com, according stories at News.com and Washingtonpost.com. Cisco says the problem is unrelated to flaws in its hardware, but both stories note that Cisco's latest troubles are likely fallout from their legal battles with researcher Mike Lynn, who last week revealed major flaws in Cisco routers. There is also a growing thread at Nanog where network admins are complaining of not being able to get new passwords."

4 of 165 comments (clear)

  1. Thanks, Cisco.... by SamMichaels · · Score: 4, Insightful

    ...especially since you require everyone to register in order to get ANY info or ANY software or ANY drivers.

  2. Cisco Trouble for the Past Week by pyite · · Score: 4, Insightful

    I've had nothing but CCO trouble for the past week. That combined with random problems have been frustrating. The lovely order of events:

    1) A SUP (well, MSFC) dies in one of our 6000s. I try to open a TAC case.
    2) I try to login to CCO. It doesn't really work. I login, but it tells me I'm not logged in. After a bunch of clicking and such, I can open a TAC case.
    3) Since Cisco can't get its Smartnet act together, I need to jump through hoops to get the right contract on my account, again.
    4) Finally open a case. Tech diagnoses immediately as an MSFC bug. Sends me a new SUP.
    5) After a day of messing with the new SUP and wondering if I'm crazy, I decide they've sent me a DOA SUP.
    6) Tech agrees, sends me a new SUP.
    7) Try to use the RMA POWR tool to print mailing labels for the pair of bad SUPs fails. The tool has been down for three days now. Completely down.
    8) Try to login to CCO for something else today and run into the password problem. Combine that with their password reset tool not working and I'm *very* *very* annoyed.

    *Sigh* Guess all companies have bad weeks, but this is particularly sucky for Cisco.

    --

    "Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman

  3. Get your stories straight... by homerskid · · Score: 3, Insightful
    If you are reporting news, try to get the story correct: No passwords were compromised, Cisco took a proactive stance to remedy something that had the possibility of occuring.
    "It has been brought to our attention that there is an issue in a Cisco.com search tool that could expose passwords for registered users,"

    This also had nothing to do with Lynn, even though the media would like to tie them together. It was brought to Cisco's attention by a completely separate company.
  4. No site should ever store passwords by vicaya · · Score: 3, Insightful

    It's appalling that a major company (a major tech company with security product offerings in this case!) website would store passwords in cleartext. Passwords (even usernames) should always be stored in strong one-way hashes like sha-1, so that even if they're stolen, they're close to useless.