+1 NSA states very clearly this is baked in and ³widely deployed². Either Cisco is not very happy with their government overlords today, or they are having long meetings at those oversized conference tables trying to figure out what to tell everyone. I¹m curious about the implications to the US DoD STIG¹s that are put out, as I¹m fairly sure they do not mention there is a backdoor that anyone who knows how to knock can access. My other question is.. How are they identifying unique ASA and PIX? Is there a fingerprint mechanism that tells it what¹s going on? I¹d think there would be quite a few admins out there with really weird syslog entries?? Randy is right here.. Cisco has some Œsplainin to do - we buy these devices as ³security appliances², not NSA rootkit gateways. I hope the .cn guys don¹t figure out what¹s going on here, I¹d imagine there are plenty of ASA¹s in the .gov infrastructures. //warren PS - I mentioned .cn specifically because of the Huawei aspect, in addition to the fact that it has been widely publicized we are in a ³cyber war² with them. On 12/31/13, 12:07 PM, "Randy Bush" <randy@psg.com> wrote:
There's a limit to what can reasonably be called a *product* vulnerability.
right. if the product was wearing a low-cut blouse and a short skirt, it's not.
it's weasel words (excuse the idiom). shoveling kitty litter over a big steaming pile.
let me insert a second advert for jake's 30c3 preso, https://www.youtube.com/watch?v=b0w36GAyZIA
randy