back to article Miscreants sweep internet for unpatched Cisco kit, fears over bugged Chinese parts, Roger Stone nabbed...

This week we saw Hadoop hacks, Exchange exploits, and Deadpool besting scammers. Here's some more computer security news to round off your week... Alarms sounded over incoming Cisco attacks Earlier this week, Cisco cleaned up a series of security flaws in its routers. Now, admins are being urged to apply those fixes as soon …

  1. Version 1.0 Silver badge

    Same old, same old...

    Anyone notice a common thread in these reports every week? It seems to me that we're failing in everything and learning no lessons - moral behavior, honesty, real quality control? I guess someone is working on an app so that we can run these things on our phones in the belief that it will change the world ... and make them lots of money.

    "Once is an accident. Twice is a coincidence. Three times is an enemy action." - Goldfinger

    1. Snake

      Re: Three times is an enemy action...

      I prefer the quote from quoted by Patrick Bedard, Car and Driver Magazine's editor, that his father told him:

      "There is no such thing as an 'accident'. An accident is premeditated carelessness."

    2. Nolveys Silver badge
      Terminator

      Re: Same old, same old...

      I think that part of the problem is the focus on cybersecurity. More time and resources should be spent securing things that aren't cyborgs.

  2. chivo243 Silver badge
    Coat

    One falling Stone

    can cause an avalanche. I wonder if this was lost on everybody at the FBI?

  3. macjules Silver badge
    Devil

    It should be noted that WikiLeaks has categorically denied the emails came from Russia.

    Poor Assange. Those prospects of leaving the Ecuador embassy are just receding farther and farther.

    1. _LC_
      Megaphone

      Re: It should be noted that WikiLeaks has categorically denied the emails came from Russia.

      The remarkable thing is that nobody seems to mind that Sanders was cheated of his candidacy/presidency. This is the only thing that is clearly proven. Clinton & co. betrayed the democratic voters. They faked the primary elections. The press does not seem to be bothered by this FACT. But why? ;-)

      1. Anonymous Coward
        Anonymous Coward

        Re: It should be noted that WikiLeaks has categorically denied the emails came from Russia.

        Or that a disgruntled Sanders supporter, named Seth Rich died right after Assange got those emails, you know, the ones that the timestamps (checked by ex NSA program manager William Binney) showed were copied at USB2 full speed - faster than the link to any Russian hacker could be....investigation of that was as perfunctory as say "no reasonable prosecutor would" or some foundation collecting millions that never made it to Haiti - but did to a daughter's wedding, or quite a long list of other issues like whether selling uranium to a foreign power was OK because it couldn't be shipped (other than that loophole that allowed it to be shipped that any responsible Sec State would know about).

        See, in the US we have selective enforcement, not a nation of laws - we have the laws but they don't mean much anymore unless you're small time.

        1. Big John Silver badge

          Re: It should be noted that WikiLeaks has categorically denied the emails came from Russia.

          I've repeated these same sentiments here many times, but all I get is heavy downvoting.The readers of ElReg don't want to hear anything about Seth Rich because it contradicts their cherished fable about Russians hacking the DNC, which feeds into the fable about Trump being Putin's BFF.

          1. BigSLitleP

            Re: It should be noted that WikiLeaks has categorically denied the emails came from Russia.

            Probably because you have no evidence to back up any of your statements, while people are sitting in jail becuase of the Russian side of the investigation. It's almost like one side has evidence and the other side is chanting "lock her up!"

            1. _LC_
              Stop

              Re: It should be noted that WikiLeaks has categorically denied the emails came from Russia.

              What about Clinton & co. cheating Sanders and democratic voters. I think the evidence is overwhelming. It has even been confirmed by the culprits. Yet, nothing happened.

              How come?

              1. Big John Silver badge

                Re: It should be noted that WikiLeaks has categorically denied the emails came from Russia.

                > "I think the evidence is overwhelming. It has even been confirmed by the culprits. Yet, nothing happened."

                What does it matter? They and their cohorts are not in jail, so they must be innocent.

          2. Geoffrey W Silver badge

            Re: It should be noted that WikiLeaks has categorically denied the emails came from Russia.

            RE: "The readers of ElReg don't want to hear anything about Seth Rich because it contradicts their cherished fable"

            Sigh. Here we go again. I'm fed up of arguing about this so I'll just post a couple of links. Read them or don't. I no longer care if you and your ilk want to be stubbornly ignorant.

            https://www.snopes.com/news/2017/05/25/seth-rich-conspiracy-theory

            https://www.snopes.com/fact-check/seth-conrad-rich

            1. Big John Silver badge

              Re: It should be noted that WikiLeaks has categorically denied the emails came from Russia.

              I just read your link (again) and again it fails to prove or disprove anything. Yet Snopes hews strongly to the Democrat Party line that the Russians hacked the DNC computers, despite the fact that the DNC refused any independent entity permission to examine their computers, not even the FBI. Further, there is the matter of the email timestamps, which are somehow never mentioned in the Snopes article.

              I assume you are aware that those emails had timestamps (made during the last copy operation) which were far too close together in time to have happened over any remote network connection. Only a direct connection such as a copy to a thumb drive could produce timestamps so close together in time. Yet we are asked to swallow this anomaly whole, that is, on the rare occasion the timestamps are even acknowledged by the "Russians did it" crowd.

              So, how do you explain it? Another link perhaps? That aside, I prefer to accept reality and therefore suspect Seth Rich did indeed steal those damning emails from his place of work once it became clear the DNC was colluding with Mrs. Clinton to cheat Bernie out of the nomination. Then they found out about it and offed him, but it was too late; Their dirty laundry had already escaped and the rest is history.

            2. _LC_

              Re: It should be noted that WikiLeaks has categorically denied the emails came from Russia.

              Why are you trying to make it about Seth Rich? What about Sanders and his voters getting cheated? They simple ignored their votes and dictated a different result.

              Isn't that supposed to be one of the greatest crimes in a democracy?

  4. Ken Moorhouse Silver badge

    Re: bugged Chinese rail cars

    Won't they need to check the sleepers too?

    1. sanmigueelbeer Silver badge

      Re: bugged Chinese rail cars

      Won't they need to check the sleepers too

      Offer tinfoil hats before stepping into the carriage?

      I've got a better idea: Buy American (made products not buy a lawmaker)

      1. Ken Moorhouse Silver badge

        Re: buy a lawmaker

        Freudian slip?

  5. Lee D Silver badge

    "You don't have to be authenticated, you just have to be able to reach the router's web-based management portal."

    And why would you have that visible remotely over a plain Internet connection, or indeed internally unless you're on an administrative VLAN?

    It's the ridiculous logistical arrangements that companies decide to use that cause security problems, much more than the fact that someone may have found a small hole?

    It's time we made systems that *ACTIVELY* prevented their poor implementation. Like refusing to expose administrative web consoles on any Internet-facing connection, enforcing administrative action only over a physical separated console cable (like we always used to do!), refusing to activate service until passwords have been changed from the default, etc.

    1. sanmigueelbeer Silver badge
      Thumb Down

      You don't have to be authenticated, you just have to be able to reach the router's web-based management portal.

      I would expect this kind of sh1tty code (easily exploitable) and wrapped in an equally cheap-n-nasty IoT product from some eastern Asian country.

      I was not expecting this sort of code exploit to be in an expensive product made by a multi-billion dollar company called Cisco. Makes me think out aloud if Cisco actually sub-contracted the code from some the same east Asian country (and not bother checking)?

      Another thing, Cisco own Talos. So Cisco (and Talos) didn't bother checking on their own product and it took an outside security firm to spot this?

      Is it April 1 already?

      1. Anonymous Coward
        Anonymous Coward

        Given Huwaei's previous "borrowing" of Cisco source code complete with spelling mistakes...we should be seeing a similar problem from them shortly.

        1. Anonymous Coward
          Anonymous Coward

          Joking aside, I see they've been charged in the US with technology theft today...makes you wonder how much they have stolen and not be caught for...

  6. W.S.Gosset Bronze badge

    Chinese-bugged rail-cars -- not as silly as it sounds

    > this latest episode of infosec scrutiny might be a bit much even for Washington, DC.

    > A report from NextGov examines how Senators have become concerned that the planned overhaul of the District's metro rail system with new carriages could put national security at risk.

    Not as silly as it sounds.

    Bear in mind, France's security service got sprung big time many many moons ago (40yrs?), having bugged every Air France plane's seats, monitoring passenger lists, and keeping the recordings of anyone of interest.

    And it's a LOT cheaper & simpler to do, nowadays.

    And could Washington DC be considered potentially a riper richer area of interest than most?...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019