Archive | April 8, 2004

Wow. Someone was asleep at the switch. Slashdot reports Cisco Products Have Backdoors

Cbs228 writes “A Cisco Security Advisory released yesterday admits that “A default username/password pair is present in all releases of the Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software. A user who logs in using this username has complete control of the device. This username cannot be disabled.” Can we really trust closed-source vendors, such as Cisco, to develop secure products that are free of backdoors?”

It’s a valid question. Many eyes make for shallow bugs.

An interesting article on the Witty worm, remarkable in several ways: small size (637 bytes!), speed and method of propogation (launched from a bot network, done in 45 minutes) and destructiveness. While the author writes “Let’s hope that the Witty worm was just an anomaly, an exception…,” this could also be an indication that there may be an entirely new class of malware out there: more sophisticated, better written and more destructive. Witty extinction. “Evil new ‘firsts’ in the ever-changing world of worms and viruses By Kelly Martin, SecurityFocus .” From The Register