On 7/5/12, Joe Greco <jgr...@ns.sol.net> wrote:
> It'll get real interesting when Cisco's cloud database is breached and
> some weakness in the password encryption is discovered.
[snip]

Will the users' passwords even matter,  if a compromise of the
database allows an intruder to make a system-wide change to end users'
equipment, such as delivering a compromising configuration change,  or
a  "patched"  firmware update   that deactivates cloud service and
turns them all into botnet nodes  under exclusive control of the
compromiser ?

Hopefully Cisco thought that stuff out,  but   password encryption
weaknesses at least are easily addressed by forcing all users to reset
pw,  and requiring a proof of physical access to the unit.

--
-JH

Reply via email to