On 7/5/12, Joe Greco <jgr...@ns.sol.net> wrote: > It'll get real interesting when Cisco's cloud database is breached and > some weakness in the password encryption is discovered. [snip]
Will the users' passwords even matter, if a compromise of the database allows an intruder to make a system-wide change to end users' equipment, such as delivering a compromising configuration change, or a "patched" firmware update that deactivates cloud service and turns them all into botnet nodes under exclusive control of the compromiser ? Hopefully Cisco thought that stuff out, but password encryption weaknesses at least are easily addressed by forcing all users to reset pw, and requiring a proof of physical access to the unit. -- -JH
