back to article Cisco probes self for Juniper-style backdoors, silently mouths: 'We're doing this for yooou'

In the wake of the Juniper firewall backdoor scandal, Cisco is reviewing its source code to make sure there are no similar nasty surprises lurking within. "Our development practices specifically prohibit any intentional behaviors or product features designed to allow unauthorized device or network access, exposure of sensitive …

  1. Anonymous Coward
    Anonymous Coward

    Well, they could publish their code

    But then someone might actually find vulnerabilities that need patching.

  2. spot

    and the binaries too?

    Just checking the source code is a bit inadequate, Cisco might make the effort to decompile the key areas in their binaries too, which is where the Juniper stuff was detected. I've not seen anyone yet claim the Juniper problem was apparent in the source code.

  3. eldakka
    FAIL

    "These include, but are not limited to undisclosed device access methods or 'backdoors', hardcoded or undocumented account credentials, covert communication channels, or undocumented traffic diversion."

    So, as long as it's a documented backdoor, covert communication channel or traffic diversion process it's ok?

    So it could be a secret document, not available to customers, not even to their staff generally but restricted to a few key senior management and developers, and that's ok?

    What about "PUBLICALLY (or at least customer) documented ....."

    1. streaky
      Black Helicopters

      Well that's cynical..

  4. Your alien overlord - fear me

    That was my take on the mealy mouthed blurb - if the NSA/Cisco is an authorised backdoor it's fine.

    Also, I've clients with 827 ADSL routers on 10 year old firmware. There must have been at least a dozen firmware upgrades available when it was available to buy. Are Cisco going to check all obsolete firmware code?

  5. streaky

    Pentests

    hiring penetration testers

    How is it possible Cisco don't have a permanent red team anyway? If I ran a tech business the size of Cisco with their budget it'd be day one job: put together a red team that operates completely independently of the rest of the org that reports outside the normal chain of command, sees the source but can't modify it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like