On 7/5/12, Joe Greco <jgreco@ns.sol.net> wrote:
It'll get real interesting when Cisco's cloud database is breached and some weakness in the password encryption is discovered. [snip]
Will the users' passwords even matter, if a compromise of the database allows an intruder to make a system-wide change to end users' equipment, such as delivering a compromising configuration change, or a "patched" firmware update that deactivates cloud service and turns them all into botnet nodes under exclusive control of the compromiser ?
Hopefully Cisco thought that stuff out, but password encryption weaknesses at least are easily addressed by forcing all users to reset pw, and requiring a proof of physical access to the unit.
"and requiring a proof of physical access to the unit"? Yeah, sure, that seems likely. No, really, how bad an idea can it be to have a central database and a system that's allowed to remotely log in, configure, and update thousands of Internet-connected CPE? I mean, talk about making an attractive target. Compromise this one system and gain access to create a huge botnet. Complete list of CPE addresses and access credentials in one juicy bundle. How is it that NANOG can see this with no trouble but Cisco cannot? What's stunningly clear is that Cisco did NOT think that stuff out. You want content filtering? Boring. Been done for years, without "cloud" features. You want remote management? Boring. Been done for years, just look at DD-WRT et.al. You want configuration backup and restore? Still boring. Could have figured a slick method to do THAT "to the cloud", as an option, with per-account encryption, or config backup to local PC, or both. Automatic firmware updates? Hey, effin' great! I heartily approve of THAT idea, even of defaulting it to on. Just make sure I can also turn it off. "Forced" upgrades are not acceptable. Requiring an upgrade to happen over the public Internet is not acceptable. Make sure we have the option to upgrade manually from a local firmware file. So is a user locked out of administering the router unless it can talk to the cloud? If so, that's boneheaded in the extreme. Hey, Cisco, when my DSL with static IP finally dies and I need to switch to a provider that uses DHCP, how am I supposed to log in to my router since it can not connect to your glorious cloud? And the onerous puritanical TOS? Find and fire whoever came up with that. That's just a complete load. Did you sign an agreement not to watch porno DVD's when you bought your DVD player? It's *equipment*, Cisco. Some people will invariably use it for purposes you find to be objectionable. Geez. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.