Check out AT&T's FREE camera phones
August 3, 2005 7:36 AM PDT
Cisco warns customers of site breach
Last modified: August 3, 2005 12:44 PM PDT
- Related Stories
-
More legal threats over Cisco flaws
July 29, 2005 -
Cisco details controversial router flaw
July 29, 2005 -
Cisco hits back at flaw researcher
July 27, 2005
The company said Cisco.com has been compromised and that customers need to change their passwords.
"It has been brought to our attention that there is an issue in a Cisco.com search tool that could expose passwords for registered users," the company warned.
"As a result, to protect our registered Cisco.com users, we're taking the proactive step of resetting Cisco.com passwords. Needless to say, we're investigating the incident, which does not appear to be due to a weakness in our security products and technologies or with our network infrastructure."
The company also stressed on its site that the incident appears unrelated to flaws in Cisco products.
Hackers around the world have been racing to find a vulnerability in Cisco equipment since it was described by security researcher Michael Lynn at the Black Hat conference in Las Vegas last week. Cisco and Lynn's former employer, Internet Security Systems, took legal action against the researcher following the presentation.
Cisco said the vulnerability was brought to the company's attention by a third-party security research organization and that no personal customer information had been compromised.
"We would like to thank them for contacting us so we could take appropriate action to protect our customers, partners and employees," a company representative said. "Cisco Systems is investigating the incident, and will work with outside agencies as appropriate."
Regarding the breach, one industry watcher said: "I think this has the possibility of having a significant impact on corporations and the intellectual property of Cisco."
But others disagree. Michael Maddison, director of enterprise risk services at Deloitte Touche Tohmatsu, said that "it's more likely to be a vulnerability in Web applications than Cisco equipment. That's my opinion--we see vulnerabilities in Web pages all the time."
Dan Ilett of Silicon.com reported from London. CNET News.com's Marguerite Reardon contributed to this report.
See more CNET content tagged:
Cisco Systems Inc.,
incident,
vulnerability,
password,
researcher
- Ain't that a kick in the butt.
- After having security experts tell the world that Cisco routers aren't safe they get hacked. I'm guessing it probably happened because of the C&D order.
- Reply to this comment View reply
