6 Jul
2012
6 Jul
'12
12:11 a.m.
On 7/5/12, Joe Greco <jgreco@ns.sol.net> wrote:
It'll get real interesting when Cisco's cloud database is breached and some weakness in the password encryption is discovered. [snip]
Will the users' passwords even matter, if a compromise of the database allows an intruder to make a system-wide change to end users' equipment, such as delivering a compromising configuration change, or a "patched" firmware update that deactivates cloud service and turns them all into botnet nodes under exclusive control of the compromiser ? Hopefully Cisco thought that stuff out, but password encryption weaknesses at least are easily addressed by forcing all users to reset pw, and requiring a proof of physical access to the unit. -- -JH