Re: NSA able to compromise Cisco, Juniper, Huawei switches

[Jeff Kell <jeff-kell () utc edu>]

On 12/30/2013 11:06 PM, [AP] NANOG wrote:
> As I was going through reading all these replies, the one thing that
> continued to poke at me was the requirement of the signed binaries and
> microcode.  The same goes for many of the Cisco binaries, without direct
> assistance, which is unclear at this point through the cloud of smoke so
> to speak, it would be difficult to load this code post implementation or
> manufacturing. 

Signed binaries??  Surely you jest...

Try download *anything* from Cisco TAC these days with a new browser and
latest Java and see how many exceptions you have to make to get an
"allegedly" legitimate copy of "anything". 

If you don't like it, open a TAC case, and count the number of
exceptions you have to make to get to THAT point as well.  And of course
they'll want you to upload a "show tech" first thing, and see how many
MORE exceptions you have to make to get that to work.

Geez, just open ASDM today I have to honor Java exceptions.

We're all getting far too conditioned for the "click OK to proceed"
overload, and the sources aren't helping.

Jeff