North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco blunders with insecure web page

  • From: Stephen J. Wilcox
  • Date: Thu Apr 25 06:21:15 2002

> >But applicants registering for the programme online discovered their
> >banking and company details were going onto an open web page. When one

Makes it sound like Cisco were publishing the private details, so they
forgot an SSL cert. big deal, its not like snooping unencrypted details on
ISP backbones is a reality anyway!

> >irate silicon.com reader called the Cisco helpdesk, he was informed
> >that the company was aware of the problem because several other users
> >had complained.

In fact people have much more access to the information when its posted in
the mail.. looks like Silicon have an axe to grind

Steve

> >Helpdesk staff recommended that users enter fake details on the web
> >and forward the real information in the post, a course of action our
> >reader regarded as an extreme waste of time.
> >
> >In a statement, Cisco said it had pulled the registration URL for 48
> >hours to install SSL (secure sockets layer) - a common way of securing
> >web pages.
> >
> >A spokesman for the company said: "I can only put it down to an
> >unfortunate oversight in corporate procedure&not a great deal of
> >people have been affected but that's no excuse."
> >
> >The registration site had been running for 10 days before it was taken
> >down on Monday. Cisco said just 100 people had registered in that
> >time.
> 
>