Re: news story and router passwords

[Jim Duncan <jnduncan () CISCO COM>]

Lincoln Yeoh writes:
> If it's really a Cisco and they have a contract they could just contact
> Cisco TAC to fix things for them, instead of being held to ransom by the
> hacker. When a customer sent us a faulty obsolete Cisco access server - no
> contract, no nothing, and they bought it from someone else(!), Cisco
> actually sent a replacement for _free_[1] within a few days! Customer
> happy, we happy, TAC people happy, and no bets on what router that customer
> will be buying next....

Thanks for the nice comments.

For what it's worth, I spent some time looking into that article and I
have concluded that Cisco gear was _not_ involved.

As you point out, it's all too easy to circumvent such extortion, and
as far as I know, no other router maker has a team like the PSIRT with
specific experience and training to deal with such an incident.  If the
call came into the Cisco TAC, we would have been contacted.

If Cisco gear is involved, and a defect in hardware, software, or
documentation either caused or catalyzed that incident, I'm sure this
list will let us know.  Hopefully privately, but let us know anyhow.

And don't believe what you read in the papers unless it makes sense.
Newspaper reporters make mistakes too, just like readers and PSIRT
Incident Managers. :-)

        Jim


--
Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc.
<http://www.cisco.com/warp/public/707/sec_incident_response.shtml>
E-mail: <jnduncan () cisco com>  Phone(Direct/FAX): +1 919 392 6209