Cisco Meraki Loses Customer Data in Engineering Gaffe

Cisco has admitted to losing customer data during a configuration change its enginners applied to its Meraki cloud managed IT service. From a report: Specific data uploaded to Cisco Meraki before 11:20 am PT last Thursday was deleted after engineers created an erroneous policy in a configuration change to its US object storage service, Cisco admitted on Friday. The company did say that the issue has been fixed, and while the error will not affect network operations in most cases, it admitted the faulty policy “but will be an inconvenience as some of your data may have been lost.” Cisco hasn’t said how many of its 140,000+ Meraki customers have been affected. The deleted data includes custom floor plans, logos, enterprise apps and voicemail greetings found on users’ dashboard, systems manager and phones. The engineering team was working over the weekend to find out whether the data can be recovered and potentially build tools so that customers can find out what data has been lost.

Read more of this story at Slashdot.


Slashdot

Cisco Systems Will Be Auditing Their Code For Backdoors

An anonymous reader writes: In the wake of the discovery of two backdoors on Juniper’s NetScreen firewall devices, Cisco Systems has announced that they will be reviewing the software running on their devices, just in case. Anthony Grieco, a Senior Director of the Security and Trust Organization at Cisco, made sure to first point out that the popular networking equipment manufacturer has a “no backdoor” policy.

According to Anthony Grieco, a Senior Director at Cisco’s Security and Trust Organization, “Although our normal practices should detect unauthorized software, we recognize that no process can eliminate all risk. Our additional review includes penetration testing and code reviews by engineers with deep networking and cryptography experience.” The reviewers will be looking for backdoors, hardcoded or undocumented account credentials, covert communication channels and undocumented traffic diversions.

Read more of this story at Slashdot.


Slashdot

Apple Partners With Cisco To Boost Enterprise Business

An anonymous reader writes: Apple and Cisco announced a partnership aimed at helping Apple’s devices work better for businesses. Cisco will provide services specially optimized for iOS devices across mobile, cloud, and on premises-based collaboration tools such as Cisco Spark, Cisco Telepresence and Cisco WebEx, the companies said in a statement. “What makes this new partnership unique is that our engineering teams are innovating together to build joint solutions that our sales teams and partners will take jointly to our customers,” Cisco Chief Executive Chuck Robbins said in a blog post.

Read more of this story at Slashdot.


Slashdot

Bruce Schneier On Cisco ROMMON Firmware Exploit: “This Is Serious”

When Bruce Schneier says of a security problem “This is serious,” it makes sense to pay attention to it. And that’s how he refers to a recently disclosed Cisco vulnerability alert about “an evolution in attacks against Cisco IOS Classic platforms. Cisco has observed a limited number of cases where attackers, after gaining administrative or physical access to a Cisco IOS device, replaced the Cisco IOS ROMMON (IOS bootstrap) with a malicious ROMMON image.” Schneier links to Ars Technica’s short description of the attack, whicih notes The significance of the advisory isn’t that the initial firmware can be replaced. As indicated, that’s a standard feature not only with Cisco gear but just about any computing device. What’s important is that attackers are somehow managing to obtain the administrative credentials required to make unauthorized changes that take control of the networking gear.

Read more of this story at Slashdot.


Slashdot

Cisco Developing Royalty Free Video Codec: Thor

An anonymous reader writes: Video codec licensing has never been great, and it’s gotten even more complicated and expensive in recent years. While H.264 had a single license pool and an upper bound on yearly licensing costs, successor H.265 has two pools (so far) and no limit. Cisco has decided that this precludes the use of H.265 in open source or other free-as-in-beer software, so they’ve struck out on their own to create a new, royalty-free codec called Thor. They’ve already open-sourced the code and invited contributions. Cisco says, “The effort is being staffed by some of the world’s most foremost codec experts, including the legendary Gisle Bjøntegaard and Arild Fuldseth, both of whom have been heavy contributors to prior video codecs. We also hired patent lawyers and consultants familiar with this technology area. We created a new codec development process which would allow us to work through the long list of patents in this space, and continually evolve our codec to work around or avoid those patents.”

Read more of this story at Slashdot.


Slashdot