Cisco wireless LAN vulnerability could open ‘back door’ – Network World.
Ok, really? Come on, you must be bluffing. People ask me all the time why I don’t pursue a Cisco Certification path in my career. Here is why. This is the company that has foisted such slogans as
- “Changing the way we work, live, play, and learn.” (1996)
- “The Worldwide Leader in Networking for the Internet”(1997-2002)
- “Empowering the Internet generation.” (1998-2002)
- “The fastest way to increase your Internet Quotient.” (1999-2001)
- “This is the Power of the Network. now.” (2003)
- “Discover a new world of Productivity.” (2003)
- “The Network Works. No Excuses.” (????)
- “Data Center 3.0″ (????)
- “Welcome to the Human Network” (????)
- “The Network is the Platform” (????)
- “The Self-Healing Network” (????)
I mean really. John Chambers should be PISSED. This is the kind of engineering I expect from a “has-been” company, or a really STUPID startup. However, if Cisco would have embraced the “hacker community” instead of shunning it, perhaps Cisco’s technical expertise and prowess would be still employed at Cisco, instead of being at Juniper Networks, CheckPoint, Microsoft, and others.
I’ve been saying this for years, but perhaps it’s now the clearest time for someone at Cisco to listen. Get back to your core competency; Routing. Everything else you try to do is a distraction. Come on, do you really think that I’m going to build a data center with Cisco blade servers? (Who? Cisco? Servers? What?) Pluuuheeese. Stop trying to do everything, and do ONE THING RIGHT.
I refuse to believe that Cisco didn’t know about the above vulnerability when they purchased the product (We all know that Cisco doesn’t invent stuff anymore, unless it’s trying to patent someone else’s fix for a broken protocol), but really, I’m sure that a cost-benefit-analysis was done on the vulnerability, and it wasn’t “important” enough to fix at the time that they purchased, re-badged, and shipped out the “new” lightweight access points.
Any idiot with 1/2 a brain and has spent more than 30 minutes working on Wireless networks knows that you don’t send anything in the clear that you don’t want subverted, so really Cisco, how did this happen?
How about you reach out to the information security industry, (the same one that you claim to belong to), and ask for help? There are many researchers who would be willing to help you, as long as you’ll sign a waiver to never sue…
Finally, I’m happy to be working on my Juniper certifications. They aren’t perfect either, but at least they don’t sue researchers to not release vulnerabilities that you refuse to fix. Oh, and they have a much faster platform.
That’s my 2¢, YMMV.
(Note, the comments above represent my personal opinion, and in no way are related to any positions I may have held in the past, present or with future companies. These opinions are mine, and mine alone, and are not representative of any company, service, system, software, hardware, automobile, table, chair, any person (dead or alive), or anything. If you want to try to sue someone, please sue yourself.)
