Cisco network kit warning: Watch out for malware in the firmware Cisco has warned users to watch out who's got admin access to kit, because it's seen malicious ROM images in the wild. The problem is that this isn't something the Borg can just issue a patch for. Admins – with appropriate credentials, naturally – need to be able to drop new ROM images on their kit as a matter of course. "The …
Hey Cisco... This is why you need to release your updates from behind a pay wall. If admins could download updates and even the Cisco VPN client without having to go through TAC hell for access... Maybe kits like these would be a non-issue since admins would not be trying to download updates/clients from random places on the internet.
HP is in the process of making this same mistake.
This is my personal opinion, formed from my experiences. I realise other people's experience may differ.
If Cisco didn't have the maintenance agreement scenario from hell, then perhaps more of the small-mid level people looking after their kit might be able to decide what they actually need to buy, in which case paywalls might make a little sense, though I disagree in principal with paywall for support services - if you need an ongoing maintenance contract to fix bugs present at the time of purchase, it encourages people to download support software from unofficial sources.
As for their complexity... For example, if you buy a Cisco telepresence system, then you don't get a lifetime's upgrades thrown in; you don't even get 1 year's worth of upgrades thrown in. You get nada. I bought one and discovered a bug in the firmware that prevented us from using it as we wished on our network. It was fixed in a firmware released about a month after I bought the kit.
"Did you buy the software maintenance package *insert long string of serial numbers*?"
"No, I bought the maintenance package *insert different long string of serial numbers*."
"Ah. That's for SX units with a different add-on package option. That'll be £460 please."
"How about 'sold fit for purpose'?"
"Hmmm... Well, we'll let you download it this time, but that'll be it!"
If you want Webex, they make it look simple - 3 prices, 3 choices. But look closely - there's Webex training centre, Webex Meeting Centre, Webex Support Centre, Collaboration Meeting Rooms... and then if you've invested in a room system they want you to pay £1ks more for a Touch screen that integrates Outlook and Webex, plus a subscription to this add-on and...
So on and so forth.
They are a diverse company, and have a lot of products; they buy up companies that catch their eye and turn THEM into complex beasts. They have products that differ by the order of words in the title each having its own pricing and support structure. The products themselves are generally great, but the whole sales and support is an utter nightmare.
I may have misunderstood the original poster in this thread. I interpreted "release updates from behind a paywall" to mean, "put the releases behind a paywall", when I should have interpreted it as "not put your update releases behind a paywall".
My apologies, therefore, for the down vote. I've changed my thumbs down to a thumbs up.
Mark 85 said it first. This is a physical access exploit that takes money, clout, and expertise (i.e., nation states, organized crime).
So then basically Cisco is giving away state secrets by advertizing that they've seen this exploit, right?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
