FYI I got an email that my CCO account's password was reset last night. Not sure how widespread this issue was, but I called my account contact and verified that this is a valid email, and that my password needed to be reset. Just a heads up. -Joe Blanchard
My PW to CCO did not work this morning either. I am on hold with the TAC right now.... Joe Blanchard wrote:
FYI
I got an email that my CCO account's password was reset last night. Not sure how widespread this issue was, but I called my account contact and verified that this is a valid email, and that my password needed to be reset.
Just a heads up.
-Joe Blanchard
On Wed, Aug 03, 2005 at 09:30:58AM -0400, Dan Armstrong wrote:
My PW to CCO did not work this morning either. I am on hold with the TAC right now....
From the Cisco website: IMPORTANT NOTICE: * Cisco has determined that Cisco.com password protection has been compromised. * As a precautionary measure, Cisco has reset your password. To receive your new password, send a blank e-mail, from the account which you entered upon registration, to cco-locksmith@cisco.com. Account details with a new random password will be e-mailed to you. * If you do not receive your new password within five minutes, please contact the Technical Support Center. * This incident does not appear to be due to a weakness in Cisco products or technologies. -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Once upon a time, Jared Mauch <jared@puck.nether.net> said:
From the Cisco website:
IMPORTANT NOTICE:
<snip>
* This incident does not appear to be due to a weakness in Cisco products or technologies.
Does this mean that CCO is not a Cisco product or technology? Odd that lots of people are trying to download new IOS images and then CCO locks them out. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Don't worry this will all get fixed. Just take it as a break from work for a few hours and enjoy the day. Personally I would like to do some downloading but will enjoy the fact I am forced not to work in such a hectic world. Kim -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Chris Adams Sent: Wednesday, August 03, 2005 10:23 AM To: nanog@merit.edu Subject: Re: OT: Cisco.com password reset. Once upon a time, Jared Mauch <jared@puck.nether.net> said:
From the Cisco website:
IMPORTANT NOTICE:
<snip>
* This incident does not appear to be due to a weakness in Cisco
products or technologies. Does this mean that CCO is not a Cisco product or technology? Odd that lots of people are trying to download new IOS images and then CCO locks them out. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
No, it means that the password scheme of whatever the web-site uses to allow access or not is not directly a Cisco product. It means it's something that could happen to anyone. One could have a great network of great products and all it takes is one small door to remain open someplace in a seemingly unrelated issue to bring down the house. Bummer on the IOS download part, but that would be crappy timing, not necessarily a correlation! Scott -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Chris Adams Sent: Wednesday, August 03, 2005 10:23 AM To: nanog@merit.edu Subject: Re: OT: Cisco.com password reset. Once upon a time, Jared Mauch <jared@puck.nether.net> said:
From the Cisco website:
IMPORTANT NOTICE:
<snip>
* This incident does not appear to be due to a weakness in Cisco
products or technologies. Does this mean that CCO is not a Cisco product or technology? Odd that lots of people are trying to download new IOS images and then CCO locks them out. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Adams wrote:
Odd that lots of people are trying to download new IOS images and then CCO locks them out.
I really really like to give people the benefit of the doubt, but I am having a hard time with this one. Where are the security people at Cisco? If I was a "bad guy" my dream shot would be a vulnerable IOS release mixed with customers being unable to download the fixed release! Tell me that they didn't think this through... -Jeff - -- ============================================================================= Jeffrey I. Schiller MIT Network Manager Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room W92-190 Cambridge, MA 02139-4307 617.253.0161 - Voice jis@mit.edu ============================================================================ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC8TVN8CBzV/QUlSsRAiB7AKDja0ue6BvU+1ChLF2MsJnh64/AxgCeOdq0 7T910b4dDaXeBOrTy7gA9Rg= =l5HF -----END PGP SIGNATURE-----
On Wed, 3 Aug 2005, Dan Armstrong wrote:
My PW to CCO did not work this morning either. I am on hold with the TAC right now....
When I tried to access my CCO account this morning I got a page with instructions to email cco-locksmith@cisco.com to get a new password. I did this from the email address registered to me on CCO and promptly received a new password to my email address which worked properly after that. -- Mikael Abrahamsson email: swmike@swm.pp.se
On Wed, 3 Aug 2005, Mikael Abrahamsson wrote:
On Wed, 3 Aug 2005, Dan Armstrong wrote:
My PW to CCO did not work this morning either. I am on hold with the TAC right now....
When I tried to access my CCO account this morning I got a page with instructions to email cco-locksmith@cisco.com to get a new password. I did this from the email address registered to me on CCO and promptly received a new password to my email address which worked properly after that.
Yeah, I tried that. Didn't work in my case. - SLS ------------------------------------------------------------------------ Scott L. Stursa 850/644-2591 Network Security Analyst stursa@mailer.fsu.edu OTI Enterprise Security Group Florida State University - No good deed goes unpunished -
stursa@mailer.fsu.edu (Scott Stursa) wrote:
When I tried to access my CCO account this morning I got a page with instructions to email cco-locksmith@cisco.com to get a new password. I did this from the email address registered to me on CCO and promptly received a new password to my email address which worked properly after that.
Yeah, I tried that. Didn't work in my case.
Neither did it in mine (multiple accounts hooked on one email address is what cco-locksmith complained about). I have sent the appropriate email to cco-team, but heaven knows when they will process it. I give them a day before escalating; I'm pretty sure they're currently pushing staff into the cco-team so the requests can be served. What bothers me is that some people got notifications while others got none - any idea on why (I didn't get any)? Yours, Elmar. -- "Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren." (PLemken, <bu6o7e$e6v0p$2@ID-31.news.uni-berlin.de>) --------------------------------------------------------------[ ELMI-RIPE ]---
On Wed, 3 Aug 2005, Elmar K. Bins wrote:
What bothers me is that some people got notifications while others got none - any idea on why (I didn't get any)?
The notice I saw (purely on accident) - and the same that was quoted by Jared Mauch - is/was shown when you hit no/cancel on the HTTP auth window... My understanding from a cisco guy who's working with us on some issues, is that they were given prior notice - but as far as I can tell, non-cisco-internal people weren't. - d. -- Dominic J. Eidson "Baruk Khazad! Khazad ai-menu!" - Gimli ------------------------------------------------------------------------------- http://www.the-infinite.org/
On Wed, Aug 03, 2005 at 04:07:55PM +0200, Elmar K. Bins wrote:
stursa@mailer.fsu.edu (Scott Stursa) wrote:
When I tried to access my CCO account this morning I got a page with instructions to email cco-locksmith@cisco.com to get a new password. I did this from the email address registered to me on CCO and promptly received a new password to my email address which worked properly after that.
Yeah, I tried that. Didn't work in my case.
Neither did it in mine (multiple accounts hooked on one email address is what cco-locksmith complained about). I have sent the appropriate email to cco-team, but heaven knows when they will process it.
I give them a day before escalating; I'm pretty sure they're currently pushing staff into the cco-team so the requests can be served.
What bothers me is that some people got notifications while others got none - any idea on why (I didn't get any)?
I've talked to "People" at cisco before about email handling stuff, it takes them a lot of effort to make lists such as 'cust-security-announce' deliver quickly. I've had some experience tweaking large lists as well, it takes a significant amount of effort to deliver to 2k users quickly. Cisco has a lot more than that registered, and I suspect the delivery is a bit more complicated with all the dns/resolver load going after all the possible customer domains they have. To give you a rough idea (cisco-nsp for example is a list I host and is delivered fairly quickly by most peoples standards..) smtp to cisco-nsp for 2655 recips, completed in 341.639 seconds Now imagine if instead of 2655 users it was 1-1.5million, that puts it at 53 hours in my rough guestimate. (assuming i know what i'm talking about, and the higher number of 1.5m). It took a fair amount of tweaking to get this down to something reasonable, including some customization to shift some of the heavy lifting. I'd expect Cisco to fix most of the accounts in the first 48 hours is my real guess, then the time will come down to 24. Probally due to the sheer volume of cases. Hopefully you already have your software you need for now... - jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
On Wed, Aug 03, 2005 at 10:26:21AM -0400, Jared Mauch wrote:
I've talked to "People" at cisco before about email handling stuff, it takes them a lot of effort to make lists such as 'cust-security-announce' deliver quickly. I've had some experience tweaking large lists as well, it takes a significant amount of effort to deliver to 2k users quickly. Cisco has a lot more than that registered, and I suspect the delivery is a bit more complicated with all the dns/resolver load going after all the possible customer domains they have.
To give you a rough idea (cisco-nsp for example is a list I host and is delivered fairly quickly by most peoples standards..) smtp to cisco-nsp for 2655 recips, completed in 341.639 seconds
Now imagine if instead of 2655 users it was 1-1.5million, that puts it at 53 hours in my rough guestimate. (assuming i know what i'm talking about, and the higher number of 1.5m).
Perhaps Cisco should hire some spammers to consult for them. Those folks certainly don't seem to have a ~7-8 mail/sec limitation. :) -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Today at 16:07 (+0200), Elmar K. Bins wrote:
Date: Wed, 3 Aug 2005 16:07:55 +0200 From: Elmar K. Bins <elmi@4ever.de> To: nanog@merit.edu Subject: Re: OT: Cisco.com password reset.
stursa@mailer.fsu.edu (Scott Stursa) wrote:
When I tried to access my CCO account this morning I got a page with instructions to email cco-locksmith@cisco.com to get a new password. I did this from the email address registered to me on CCO and promptly received a new password to my email address which worked properly after that.
Yeah, I tried that. Didn't work in my case.
Neither did it in mine (multiple accounts hooked on one email address is what cco-locksmith complained about). I have sent the appropriate email to cco-team, but heaven knows when they will process it.
I had the same response after mailing the locksmith. I, too, mailed the requisite info to cco-team, and have been expecting to wait. Someone suggested trying again (might have even been this list), and I did so just a short while ago .... and voilà! I sent a followup note to cco-team, so hopefully they don't RE-change my password and disable my account now that I've successfully gained access. ;-) - Christopher ======================
I give them a day before escalating; I'm pretty sure they're currently pushing staff into the cco-team so the requests can be served.
What bothers me is that some people got notifications while others got none - any idea on why (I didn't get any)?
Yours, Elmar.
--
"Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren." (PLemken, <bu6o7e$e6v0p$2@ID-31.news.uni-berlin.de>)
--------------------------------------------------------------[ ELMI-RIPE ]---
Same here. I didnt get a notice that it was reset, but I cannot login ---Mike At 09:30 AM 03/08/2005, Dan Armstrong wrote:
My PW to CCO did not work this morning either. I am on hold with the TAC right now....
Joe Blanchard wrote:
FYI I got an email that my CCO account's password was reset last night. Not sure how widespread this issue was, but I called my account contact and verified that this is a valid email, and that my password needed to be reset.
Just a heads up.
-Joe Blanchard
On Wed, 3 Aug 2005, Joe Blanchard wrote:
FYI
I got an email that my CCO account's password was reset last night. Not sure how widespread this issue was, but I called my account contact and verified that this is a valid email, and that my password needed to be reset.
Just a heads up.
Happened to me as well. - SLS ------------------------------------------------------------------------ Scott L. Stursa 850/644-2591 Network Security Analyst stursa@mailer.fsu.edu OTI Enterprise Security Group Florida State University - No good deed goes unpunished -
Another "me too" here. However, it appears that there is a hiccup with my account. According to the note, there's more than one CCO account associated with my email addy (which is strange since I only know of one) so now I'm on hold with Cisco Live to see if I can get it all worked out. What a mess. Scott Stursa wrote:
On Wed, 3 Aug 2005, Joe Blanchard wrote:
FYI
I got an email that my CCO account's password was reset last night. Not sure how widespread this issue was, but I called my account contact and verified that this is a valid email, and that my password needed to be reset.
Just a heads up.
Happened to me as well.
- SLS
------------------------------------------------------------------------ Scott L. Stursa 850/644-2591 Network Security Analyst stursa@mailer.fsu.edu OTI Enterprise Security Group Florida State University
- No good deed goes unpunished -
On Wed, 3 Aug 2005, Robert Hayden wrote:
Another "me too" here. However, it appears that there is a hiccup with my account. According to the note, there's more than one CCO account associated with my email addy (which is strange since I only know of one)
Yes, that's what it said in my case; likewise, it makes no sense. Obviously there's a problem; hopefully an explanation will soon be provided. Even better if it could be resolved without everyone having to re-register. - SLS (digging through his files to find the account number) ------------------------------------------------------------------------ Scott L. Stursa 850/644-2591 Network Security Analyst stursa@mailer.fsu.edu OTI Enterprise Security Group Florida State University - No good deed goes unpunished -
People claim that accounts were compromised, thats why they are resetting them all, looks like Lynn's friends have made their moves for revenge. On 8/3/05, Joe Blanchard <joej@rocknyou.com> wrote:
FYI
I got an email that my CCO account's password was reset last night. Not sure how widespread this issue was, but I called my account contact and verified that this is a valid email, and that my password needed to be reset.
Just a heads up.
-Joe Blanchard
On Wed, 3 Aug 2005, Kim Onnel wrote:
People claim that accounts were compromised, thats why they are resetting them all,
looks like Lynn's friends have made their moves for revenge.
demonstrate proof for your assertion please.
On 8/3/05, Joe Blanchard <joej@rocknyou.com> wrote:
FYI
I got an email that my CCO account's password was reset last night. Not sure how widespread this issue was, but I called my account contact and verified that this is a valid email, and that my password needed to be reset.
Just a heads up.
-Joe Blanchard
-- -------------------------------------------------------------------------- Joel Jaeggli Unix Consulting joelja@darkwing.uoregon.edu GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
No proof, just a sarcastic comment, dont get me jailed :) but really, everyone is claiming its a compromise On 8/3/05, Joel Jaeggli <joelja@darkwing.uoregon.edu> wrote:
On Wed, 3 Aug 2005, Kim Onnel wrote:
People claim that accounts were compromised, thats why they are resetting them all,
looks like Lynn's friends have made their moves for revenge.
demonstrate proof for your assertion please.
On 8/3/05, Joe Blanchard <joej@rocknyou.com> wrote:
FYI
I got an email that my CCO account's password was reset last night. Not sure how widespread this issue was, but I called my account contact and verified that this is a valid email, and that my password needed to be reset.
Just a heads up.
-Joe Blanchard
-- -------------------------------------------------------------------------- Joel Jaeggli Unix Consulting joelja@darkwing.uoregon.edu GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
Kim Onnel wrote:
On 8/3/05, Joe Blanchard <joej@rocknyou.com> wrote:
I got an email that my CCO account's password was reset last night...
People claim that accounts were compromised, thats why they are resetting them all,
looks like Lynn's friends have made their moves for revenge.
You know, don't start down this road. I don't think this is the appropriate place for that sort of statement, and I don't think you need to put Mr. Lynn in that group. I don't care what you think about his actions, but what you're implying is rude, and it implies things about him that (I don't believe) are true. Please, keep it on track, or take it off line. -- Shame on Cisco. Shame on ISS.
I dont mean anything actually, i am really supporting this brave man, some so called hackers claim that they will hunt cisco down, its in the news that some people think they should revenge. On 8/3/05, Etaoin Shrdlu <shrdlu@deaddrop.org> wrote:
Kim Onnel wrote:
On 8/3/05, Joe Blanchard <joej@rocknyou.com> wrote:
I got an email that my CCO account's password was reset last night...
People claim that accounts were compromised, thats why they are resetting them all,
looks like Lynn's friends have made their moves for revenge.
You know, don't start down this road. I don't think this is the appropriate place for that sort of statement, and I don't think you need to put Mr. Lynn in that group. I don't care what you think about his actions, but what you're implying is rude, and it implies things about him that (I don't believe) are true.
Please, keep it on track, or take it off line.
-- Shame on Cisco. Shame on ISS.
I think just about everyone's got reset. Internal and external folks from what I've heard. *shrug* On the other hand, people aren't usually good about resetting passwords, so that's one way to mitigate problems. :) Scott -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Joe Blanchard Sent: Wednesday, August 03, 2005 9:41 AM To: nanog@merit.edu Subject: OT: Cisco.com password reset. FYI I got an email that my CCO account's password was reset last night. Not sure how widespread this issue was, but I called my account contact and verified that this is a valid email, and that my password needed to be reset. Just a heads up. -Joe Blanchard
I got an email that my CCO account's password was reset last night. Not sure how widespread this issue was, but I called my account contact and verified that this is a valid email, and that my password needed to be reset.
funny, i had a similar incident o could not log on to account o sent email to locksmith o no response o retried locksmith, same non-result o tried locksmith this (gmt-10) morning and it worked randy
participants (19)
-
Chris Adams
-
Christopher Chin
-
Dan Armstrong
-
Dominic J. Eidson
-
Elmar K. Bins
-
Etaoin Shrdlu
-
Jared Mauch
-
Jeffrey I. Schiller
-
Joe Blanchard
-
Joel Jaeggli
-
Kim Graham
-
Kim Onnel
-
Mikael Abrahamsson
-
Mike Tancsa
-
Randy Bush
-
Richard A Steenbergen
-
Robert Hayden
-
Scott Morris
-
Scott Stursa