Ok, I know I haven’t posted for eons, but I’ve been busy doing other stuff. But now I must act. Those little cherubs of marketers at networking giant Juniper … oh, no them, sorry, I meant former network giant Cisco have been running marketing campaigns in order to educate us about how secure their systems are.
The trouble is, they’re not. Not in the slightest.
The adverts for ’self defending’, ’self healing’ and ’self abusing’ (ok, I made that last one up) have been fun to watch but clearly live in the realms of make believe. That fantastical interweb run by pixies and fairies must run on this gear because the Cisco are now implying that their adverts are unhackable, and (so I’ve heard) now telling us so.
This of course would be great if it was true. As a cisco user and professional security bod myself I’d be dancing a merry dance all the way to the dole queue (job center for you non brits) if it was. But of course, as pointed out by some chums it isn’t. A trip to Full disclosure tells us that the very technology being punted out is vulnerable to a default password issue.
Armed with this info I did the only decent thing and complained to the Advertising Standards Agency, and I encourage you to do the same. Here’s the complaint I sent off. If you’d like to complain to the ASA, please click here to go to the necessary form.
Cisco has run a campaign promoting their self-defending network products, and have been making claims that they are ‘un hackable’. As a security professional with years of experience in the field I can tell you that nothing is ‘un hackable’. I find the Cisco adverts misleading. As a user of Cisco products I’ve written tools over the years to assist in the security assesment of Cisco products. Just before christmas I wrote a tool that allows a user to execute commands on routers through a potential back door in their web interface. Furthermore, on January 11th 2006 they acknowledge a vulnerability in the very ‘un hackable’ technology they’ve been promoting. This vulnerability is a default password, a typical act of stupidity on the part of the vendor. The advisory can be seen here.
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041288.html.
Any attempts by Cisco to improve the security of their products are commendable, especially given their track record, which can be seen here: http://www.securityfocus.com/cgi-bin/index.cgi?o=0&l=30&c=12&op=display_list&vendor=Cisco&version=&title=
I feel that the advertisement campaign had bordered on misleading and that Cisco should avoid terms like ‘un hackable’, ’self defending’ and be forced to add a warning that the security of a given network is determined by the skill, effort and approach taken by a team of professionals implementing it and not due to the adoption of an individual product. The campaign is as misleading as a high-glucose energy bar claiming to be healthy, and should be viewed as such.
I’ll post more as I get responses back. In the meantime, here’s a joke:
Q. What do ‘food doctor’ Gillian McKeith and Cisco have in common?
A. Neither are qualified to tell you what’s good for you.
Update: There’s an interesting comment on a ZDNet article from last year.
If they even succeed in building a network that can adapt itself to block attacks and exploits, all that will happen is someone will develop an exploit or attack that forces the network to “adapt” into a state where it ends up causing a DOS for the devices on that network.
More to follow as news comes in…
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.