Psychic or what? Didn't I mention this just a few days ago?
Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it's Cisco again
Right on cue, Cisco on Wednesday patched a security vulnerability in some of its network switches that can be exploited by miscreants to commandeer the IT equipment and spy on people. This comes immediately after panic this week over a hidden Telnet-based diagnostic interface was found in Huawei gateways. Although that …
COMMENTS
-
-
Monday 6th May 2019 18:11 GMT BigBear
"they do not favour the Americans"
@Anonymous Coward
"they do not favour the Americans"
Perhaps I'm just stupid (and I'm setting myself up). How do "they do not favour the Americans"?
Are we still talking about networking gear?
Remember, Huawei stubbornly refused to remove their telnet backdoor until Vodafone made a huge stink about it. Cisco issued fixes for their problems immediately.
I'm willing to assume that Cisco does not intend their equipment to have backdoors. I expect, given its Chinese government connections, that Huawei does intend its equipment to have backdoors.
Even if Cisco equipment has NSA-supported backdoors, that's the United States NSA, not the Peoples' Republic of China — a major threat to, if not enemy of, the United States. I don't like having either scarfing up our data. But the former is far better than the latter. Encryption is the way to go.
-
Monday 6th May 2019 18:18 GMT The_Idiot
Re: "they do not favour the Americans"
"Even if Cisco equipment has NSA-supported backdoors, that's the United States NSA, not the Peoples' Republic of China — a major threat to, if not enemy of, the United States."
Right. Because the United States are well known not to be a threat to any of their 'allies' under the current (or potentially previous) regimes. They don 't use economic action as a form of political coercion, don't act against those (European or otherwise) allies, don't try to enforce their good at the expense of others. Got it, sir. Right. If it's good for the US, it's good for - um, the US. And everybody else should accept that as 'good enough', yes?
Sigh.
-
Monday 6th May 2019 18:59 GMT BigBear
Re: "they do not favour the Americans"
I'm not favoring US coercion or any other unseemly behavior, and specifically not NSA backdoors, which I clearly stated. Perhaps I'm naive, but I doubt that Cisco installs backdoors at the NSA's request. Nevertheless, better the NSA than the PRC. The PRC is more evil than you might imagine — far more so than the US.
And yes, I am speaking for what benefits the US, specifically. Our allies can always build their own networking equipment. If that's not economical for them, they're still better off with Cisco than Huawei.
-
Tuesday 7th May 2019 12:23 GMT Anonymous Coward
Re: "they do not favour the Americans"
they're still better off with Cisco than Huawei
Based on what criteria? It has been universally acknowledged that Huawei's 5G gear is streets ahead of what Cisco has to offer. It appears the real US request is "believe our unsubstantiated BS and please don't buy anything until we have caught up" - which is pretty much where we started this discussion.
The problem y'all have over in the Ustated Knights (to quote an old Belgian comedian) is that you are too used to people believing your BS that you're not able to handle it when someone calls you on it. Instead of allowing people to gather their own facts (like the current competition has done), you double down on the BS and add some threats, and that is pissing people off even more than Trump already has. The Fart of the Deal may list that as a negotiating tactic, but it doesn't exactly build long term relationships.
It's time you guys wake up to the fact that good trade relies on trust, and trust is FAR easier to harm than it is to build.
-
Friday 17th May 2019 23:09 GMT Two Lips
Re: "they do not favour the Americans"
"Nevertheless, better the NSA than the PRC."
You must be joking. Have you heard of Edward Snowden? Have you heard of Noam Chomsky? We don't see China meddling militarily, economically, politically in more than 200 countries affairs for more than half a century. No, only one country is guilty of that.
"they're still better off with Cisco than Huawei."
Get off your patriotic bike Tex. Huawei are streets ahead of ALL the competition, Americans are not even in the race. Huawei will be the networking monopoly globally within the next ten years. No wonder all Americans are shitting themselves. it has nothing to do with espionage either.
-
-
-
-
-
Thursday 2nd May 2019 07:31 GMT Evil Auditor
I consider myself not too gullible regarding conspiracy crap but I'm more than willing to have a go.
rather odd to see the US administration lean on its allies to ditch Huawei gear apparently out of fears of Chinese snooping via backdoors
There's nothing odd. It's not that the others' backdoors are so bad. The true evil is that our (i.e. US origin) backdoors aren't disseminated as is intended.
-
-
Thursday 2nd May 2019 09:47 GMT Anonymous Coward
Re: Keys
Yeah, that's who we should trust with our communication security instead of the evil (but clearly a tad more competent) Chinese.
Not bloody likely. The Americans have been a risk since the 1940s when they learned from the Brits just how valuable it was to intercept communication.
-
Thursday 2nd May 2019 13:23 GMT Aodhhan
Re: Keys
Hey genius...
American's were intercepting communications and conducting counter-intelligence during the American Revolutionary war. If you need a history lesson, this is when the USA handily beat Great Britain.
One of the most well known stories was following and capturing Benedict Arnold.
Intercepting communications and manipulating communications is one of the reasons the USA was able to kick the crap out of an overwhelming force--which had better training and more resources.
There is plenty of books and other resources outlining George Washington's deployment of spies, both locally and in England.
What's interesting is your display in ignorance and lack of gratitude for a country which saved the UK in the 1940s. The USA sacrificed more than 400,000 lives, and provided nearly a billion pounds in cash to assist in rebuilding so you can be a complete idiot today.
Yet, I'm willing to bet, you get upset if someone doesn't notice and/or appreciate you at your job.
-
Thursday 2nd May 2019 13:36 GMT John Stirling
Re: Keys
Your history as stated is a little lopsided - but that's fair enough - you appear to be from the USA, and it isn's far off. We do definitely owe you historic thanks for being on our side for most of the wars of the 20th Century. I like to think we've stood by you during yours. You have a fine document forming your country, one of the best ever written. In many respects yours is a wonderful country. But the plutocracy is working hard to take it over, and I do not understand why the overwhelming majority of ordinary Americans appear to be complicit in being sold down the river by dishonest ruthless bastards who are not loyal to them.
Those criticising 'America' are mostly not criticising America, but the plutocratic bastards trying to steal it from you.
-
Thursday 2nd May 2019 16:19 GMT Anonymous Coward
Re: Keys
>But the plutocracy is working hard to take it over
Technically the plutocracy is working hard to take it back again - the Senate was never conceived by the Founding Fathers as democratic - it's only been an elected legislative chamber since the early 20th century.
>.... and I do not understand why the overwhelming majority of ordinary Americans
https://www.youtube.com/watch?v=BxeZbuTCcMY&t=1447s
-
Thursday 2nd May 2019 13:51 GMT Anonymous Coward
Re: Keys
"What's interesting is your display in ignorance and lack of gratitude for a country which saved the UK in the 1940s. The USA sacrificed more than 400,000 lives, and provided nearly a billion pounds in cash to assist in rebuilding so you can be a complete idiot today."
mmm, I think you need to read more history. and no the fucking americans did not win the war it was a group effort of a lot of countries, it's just that for some reason you lot think you did.
You only started helping after pearl harbour, before you didn't give a shit.
and we fucking paid it all back with interest (http://news.bbc.co.uk/1/hi/uk/6215847.stm).
not forgetting we fucking gave you the computer and rockets and jet engines. (mainly due to our useless politicians being fucking stupid!)
-
Thursday 2nd May 2019 15:39 GMT Gene Cash
Re: Keys
> mmm, I think you need to read more history
In American school (at least 40 years ago) history stops at the Revolutionary war, and did a shit job of that. It's even worse now, AFAICT.
There's almost no mention of anything European. I found out Rome invaded Britain only from reading I did myself. And despite being personally interested in WW-II, I didn't find out the shocking amount of Soviet casualties until 5-6 years ago.
-
Friday 3rd May 2019 13:59 GMT CrazyOldCatMan
Re: Keys
I found out Rome invaded Britain only from reading I did myself
Pah! They did nothing for us!
Apart from roads. And aqueducts. Oh, and a standardised currency and weights. And red wine.
the shocking amount of Soviet casualties
To be fair, quite a few of those were done by the Soviets themselves with their combat tactics.. And shooting their own troops.
-
Monday 6th May 2019 11:47 GMT BigBear
Re: Keys
@Gene Cash
I assume that you're referring to your mandatory US History class which, by definition, would not include anything European. It's very unfortunate that yours was so limited. I graduated from high school 46 years ago and was fortunate enough to attend a well-funded public high school. Our US History class started several centuries before our Revolutionary War but, unfortunately, reached only to the start of WW II before the school year was over.
At that time, our school did not offer any world or European history classes, but that was pretty typical. My parents both lived through the depression and WW II, so I've spent considerable time learning about WW II on my own — it's truly fascinating and gut-wrenching.
-
Thursday 2nd May 2019 18:03 GMT Anonymous Coward
Re: Keys
> You only started helping after pearl harbour, before you didn't give a shit.
We didn't give a shit because we can't be held responsible for cleaning up after every single periodic bout of Euro-Idiocy. Read: idiotic Euro-Wars that serve no purpose other than genociding your own civilian population.
If Indiana went to war with Wisconsin because their respective governors didn't like each other, you wouldn't give a shit either.
-
-
-
Friday 3rd May 2019 07:19 GMT DavCrav
Re: Keys
"And how exactly is it any of your business what we do in Yemen?"
That isn't even an argument. You're just a massive moron/troll.
International conflicts are necessarily of international interest. Even national conflicts that cause mass violations of human rights are of international concern.
-
Friday 3rd May 2019 11:19 GMT Anonymous Coward
Re: Keys
> You're just a massive moron/troll.
Awesome.
Other than ad-hominem attacks and knee-jerk reactions based on unfiltered impulses, is there anything of value that you can possibly add to any discussion?
What does the US presence in Yemen have anything to do with backdoors in Cisco routers, and how is this relevant to the UK and their decision to allow Huawei kit on their 5G networks?
-
-
Friday 3rd May 2019 16:37 GMT Anonymous Coward
Re: Keys
> throwing around insults and crying like a baby
I have not thrown around any insults directed at anyone, and I'm not crying. Incidentally, I've been called quite a few adjectives that I would never have used myself. But that's OK, I can deal with it.
And I'm quite entertained by the sub-basement level of debating that some of the participants here engage in.
> Please leave.
Sez the very brave Anonymous Coward.
I ain't going anywhere, pal.
-
Saturday 4th May 2019 05:49 GMT Geoffrey W
Re: Keys
OHHH! Goody! Here's another one to add to my list of Americans to entertain myself with on the weekend. Bombastic Bob, Big John, ST,...hmmm...you really need a better nick. ST doesn't conjure up Yosemite Sam like the others do. Come on dude, you can do better than this. You haven't mentioned the second amendment yet.
-
-
-
-
-
-
-
-
Friday 3rd May 2019 11:33 GMT Anonymous Coward
Re: Keys
> The Chinese are generally regarded as the ones who fucking gave the world rockets, back in the 13th century.
I don't recall the Chinese sending rockets in space or landing on the Moon in the 13th Century, but maybe I missed it. Do you have a reference?
Perhaps you are confusing rockets with fireworks.
> [ ... ] much of modern rocketry is based on the work of former Nazis.
So the Nazis got their rockets from the 13th Century Chinese?
-
-
Friday 3rd May 2019 15:43 GMT Sgt_Oddball
Re: Keys
And the Scottish gave Von Braun the idea... multi stage at that.
-
-
-
-
Thursday 2nd May 2019 15:47 GMT Anonymous Coward
Re: Keys
"for a country which saved the UK in the 1940s"
Literally the only people who come out with this utter utter bullshit are Americans - how surprising.
It's the ultimate display of stupidity, which has unfortunately been written in to countless films, books and so on years later as well.
WW2 was a group effort involving different countries. No country saved another country, and even as someone in Britain I despise that line about Britain saving France, as if literally everyone there did fuck all.
No one specific country or individual has ever won a war. Stop being so fucking narrow minded.
-
-
Sunday 5th May 2019 17:40 GMT Anonymous Coward
Re: Keys
> That's because the US has the best propaganda humanity has ever devised.
British understatement? You do yourselves a disservice.
https://www.theguardian.com/uk/2006/aug/19/military.secondworldwar
> "Stephenson called his methods "political warfare", but the remarkable fact about BSC was that no one had ever tried to achieve such a level of "spin", as we would call it today, on such a vast and pervasive scale in another country. The aim was to change the minds of an entire population: to make the people of America think that joining the war in Europe was a "good thing" and thereby free Roosevelt to act without fear of censure from Congress or at the polls in an election."
As a neutral observer, I always find this puts an interesting spin on the "Great and wonderful US comes in to save the day" story... There was no good will from the country at all. They had to be tricked into it.
-
Sunday 5th May 2019 21:27 GMT Lars
Re: Keys
"They had to be tricked into it."
Well. the British took their time too, to be tricked into it, all while Hitler had started his game. And when Hitler declared war on the USA and started to torpedo ships I doubt any tricks were needed anymore.
But the enthusiasm to go and fight yet another war in Europe wasn't that high among Americans before that and Pearl Harbor.
Too bad there was more enthusiasm both in the US and Britain regarding Iraq, not that anybody was asked about it.
-
-
Thursday 2nd May 2019 17:43 GMT Anonymous Coward
Re: Keys
provided nearly a billion pounds in cash to assist in rebuilding so you can be a complete idiot today.
Ah yes, I was wondering why we only managed to repay all of it around 2010. Not so generous and magnanimous after all then. So, you're essentially stating that their spying is acceptable because at some point they did a mercenary job around here (which, by the way did not actually help as much as the Soviets - just in case you want to compare the number of lives lost)?
Interesting reasoning, though. Does that mean that any visit of a SWAT unit in the US also installs monitoring, or is that now taken care of by Google Home and Amazon Alexa?
Enquiring minds want to know.
-
Thursday 2nd May 2019 23:41 GMT Anonymous Coward
Re: Keys
> Enquiring minds want to know.
- The UK defaulted on its inter-allied debts to the US in 1934. Yup, we - the big bad US lost money. And we didn't even complain about it that much. What's a few beelion (in today's money) between friends.
- The UK defaulted on WWI bonds as well - the British War Loan. The coupon was cut to 3.5% from 5%. Sir Neville Chamberlain chalked it up to patriotism. Oddly, in other parts of the world it's called a default. A lot of people lost money.
- After WWII, the UK had to repay its debts to Canada as well. You owed them money too. The last UK payment on its Canadian debt was made in 2006.
-
-
Thursday 2nd May 2019 19:56 GMT DavCrav
Re: Keys
"If you need a history lesson, this is when the USA handily beat Great Britain."
Interesting that you got a shoeing for everything else but not this lie.
Look it up. Britain by most standards won the American Revolutionary War. a global conflict between the British and French/Spanish/Dutch Empires, with a side event in the US. Britain lost some bits of the US, but gained India.
So congratulations: the Spanish, French and Dutch and US forces manage to beat Britain in one part of the world. Well done.
-
This post has been deleted by its author
-
Friday 3rd May 2019 09:06 GMT Loatesy
Re: Keys
This is grossly off-topic. However, for what its worth the American War of Independence wasn't strictly speaking a war, it was an insurrection. No war was declared as it was British citizenry fighting British government edicts.
There is a reason why the first American 'government' was called The Continental Congress.
The sad truth is the British Government of the day just didn't take the issue seriously enough, as they were also busy fighting Napoleon. Pretty much the same reason why Churchill gave immediate succour to the Soviet Union in 1941; "If Herr Hitler invaded hell itself I would at least give a favourable reference to the Devil in This House", and Roosevelt committed to a Germany-first policy.
If only we knew then what we know now, how different would history be? Its so easy for those using hindsight to justify the past while using today's standards of behaviour to judge the losers.
PS Churchill was right, BTW, but only just!
-
-
Friday 3rd May 2019 13:55 GMT CrazyOldCatMan
Re: Keys
this is when the USA handily beat Great Britain
With a very large amount of assistance from the French (I find most US people are ignorant of that fact).
country which saved the UK in the 1940s
What - you mean the Soviet Union? Once Hitler decided to do a Napoleon v2 he was always going to lose. Or do you mean by providing equipment under Lend Lease? The Lend Lease that we only finished paying for recently? Sure, the US helped, but we paid through the nose for it.
The USA sacrificed more than 400,000 lives
And how many of those were in the Pacific Theatre? Yes, the US assisted in the European Theatre but only with great reluctance and long, long after the major risk of invasion had passed.
The US was certainly of great assistance - but the Allies would have eventually won without them since Germany was incredibly resource-constrained and couldn't have sustained the war long-term. Victory would have taken a great deal longer though and so lives were saved.
-
Monday 6th May 2019 17:32 GMT BigBear
Re: Keys
@CrazyOldCatMan
"the Allies would have eventually won without them since Germany was incredibly resource-constrained and couldn't have sustained the war long-term"
Much of the reason for Germany's resource constraints was the strategic bombing of the Romanian oil fields and the German ball-bearing factories that only USAF long-range bombers could reach. Furthermore, while the USSR was like an unstoppable tank that may have been able to roll over Germany — even without US help, I believe that in such a case, the Soviets might well have kept rolling right through Europe as well, as the "spoils of war". (Probably would have left Britain alone, however.)
That would hardly be "winning" WW II. The allies needed the US to ensure that Europe remained free from the Nazis and the USSR. Probably the stupidest, most arrogant decision Hitler ever made was to invade the USSR, turning that prodigious, relentless war machine into its enemy.
While the US populace is embarrassingly ignorant in its widespread belief that the US "won" WW II in Europe. I disagree that the USSR "won" it either (or you Europeans wouldn't have liked the results). The war would have taken far longer, both Germany and the Soviets were working on atomic weapons — no one knows what would have happened had the US not entered the European theatre.
The US contributed vast amounts of cash, engineering, and manufacturing capacity to build equipment at an unprecedented rate; the British contributed unequalled intelligence, code-breaking, radar, and world-class deception techniques. Both contributed brilliant generals to plan and coordinate battle plans. France and other occupied countries contributed critical intelligence and brave resistance fighters who sabotaged German equipment and critical infrastructure. The USSR contributed its own large manufacturing capacity and seemingly endless population of soldiers willing to sacrifice for the homeland. Blood is not all that counts, however. Every country contributed in important ways. The key countries were each critically important.
Had the USSR remained a German ally, the allies could not have prevailed. Thank goodness that Hitler was a madman.
On an earlier topic: The US and Soviet troops arrived at the outskirts of Berlin roughly simultaneously. The USSR was understandably eager to seek revenge and happily sacrifice its men to capture the city. The US was all too willing to stand by and let the Soviets do the dirty work, then negotiate our way into getting more than 50% of Berlin as Western territory.
While the Soviets were engaged in savage street-by-street battles in Berlin, the US was rounding up German scientists and engineers and offering them safe passage to the US, easy permanent resident status, government jobs, etc. It was brilliant, as you Brits, would say.
-
-
Friday 3rd May 2019 15:22 GMT Jamie Jones
Re: Keys
In the context of the whole story, I read his mention of the Brits snooping as a critical thing.
But even if your take was right, it's hardly a big issue... Don't equate critisisms of your administration from outsiders as criticisms of your mom.
Feel free to criticise all the bullshit that goes on in the UK, and even, maybe, get a bit of history wrong.
Even if we don't agree, I promise we won't jump down your throat out of insecurity, nor come out with likes such as "if it wasn't for us, you'd all be speaking Spanish" etc., or state that yoy only joined the war after Pearl Harbour. No, that sort of petty shite is bollocks.
-
Friday 3rd May 2019 16:55 GMT Jeffrey Nonken
Re: Keys
"...this is when the USA handily beat Great Britain."
I'm not a great student of history, being as how I'm the product of a US public education system, so I might be wrong about this -- but wasn't England a bit distracted by France at the time?
[edit] Yeah, I see a number of people have already pointed this out. Ah well, late to the party as always.
-
Saturday 4th May 2019 05:37 GMT Anonymous Coward
Re: Keys
Um, I think some past employers of mine might dispute this by a few hundred years or so - and that’s just in the English speaking sphere. Ol’Julius the Caesar had a bit of an interest in the technique too and if you think he was the first then your education is even more lacking than we thought.
And in case you missed out on the whole reality thing - hah, what am I saying, you’re American - that ‘revolution’ was an illegal and treasonous usurpation of legitimate authority by a bunch of slave owning plutocrats interested mainly in being more bloatedly plutocratic. The same interest group was responsible for the subsequent civil unpleasantness but that time they didn’t enjoy quite the same result.
-
Sunday 5th May 2019 10:26 GMT Anonymous Coward
Re: Keys
I think that before roughly the 1700s there was no such thing as a USA, so that argument suffers on pure factual grounds.
That said, true, there was a great amount of interest in intercept before, but it's only been since WW II that the systematic efforts to do so were dramatically ramped up. I suspect this had to do with (a) the discovery of the methods developed at Bletchley Park which were rather effective, (b) the ability to disguise that encrypted (then Enigma) traffic wasn't as secure, but let that illusion stand and (c) the conflict with the Soviets which speeding things up a bit more and led to ECHELON in the 1960s.
Before that it was mostly amateur hour, but past the 1940s the US started what I would call the industrial revolution in espionage and intercept with NSA et al. Google et al merely took over the job, but the lack of interest in people's rights has been established early on.
Even now there is a massive amount of deception in play with respect to intercept.
-
-
-
Monday 6th May 2019 22:06 GMT Lars
Re: Your ignorance and lack of gratitude for a country which saved the UK in the 1940s[1]
@RegGuy1
Hitler's goal was always in the east, parts of Russia and Ukraine, to use the word "lebensraum" he used (NOUN, the territory which a group, state, or nation believes is needed for its natural development.).
France was for the Treaty of Versailles and with Britain he suggested a peace treaty that was rejected.
Luckily for everybody he made many mistakes and I would claim declaring war on the USA was one of them.
And as somebody on this thread mentioned Berlin
One of the myths we have in the west is that we gave Berlin to the Russians, in reality D-day was too little too late for Berlin.
You find the numbers here:
https://www.historylearningsite.co.uk/world-war-two/world-war-two-and-eastern-europe/the-battle-for-berlin/
-
-
Monday 6th May 2019 21:07 GMT Grinning Bandicoot
Re: Keys
The Continentals did not defeat the English; they forced a German monarch into recognizing the rights of the English do not stop at Bristol or Plymouth but were extended to the Americas. Burke in Parliament spoke for American cause which was also the English cause in that it opposed the expansion the the authority of a German monarch. As for the number of killed in WW2 remember that it started hot in '39 and the US started with conveys in '41.
What you should be worrying about is the drift from Locke to that of Hobbes and his Leviathan by the descendants of those revolutionaries. Between a state sponsored espionage group and a sloppy public corporation I'll take the one that that favors Locke and Mills over one firmly opposed to such thoughts of liberty.
Watch your use of history which has more contrary events to suck one into the morass of stupid ad hominem trash
sent unchecked uncensored while POed
-
Monday 6th May 2019 23:35 GMT southen bastard
Re: Keys
the us sold arm and ammo to both sides for massive profit,
did not get involved untill they were attacaked,
then billed the uk for the service ,
mercain dont do anything THAT DOSE NOT INVOLVE PROFIT
the other five eyes countrys have suffered under mercian bulling of to long
viva the revulotion
-
Tuesday 7th May 2019 10:31 GMT Lars
Re: Keys
"then billed the uk for the service ,".
Ah please, that's more than silly, you provide food, oil and stuff for free because the British as such jolly good fellows. Seems to me that the "have the cake and eat it" is an old tradition among some Brits.
The US wasn't like the USSR where everything was owned by the state.
Incidentally the real expert on selling arms to both sides was British.
-
-
-
-
-
-
-
Thursday 2nd May 2019 08:58 GMT Anonymous Coward
Re: Buy American because it's better, right?
Donald Trump says so... Therefore it must be true then?
MAGA and all that...
Don't forget that we will soon have a load more US Owned and Operated Spypoints all over the UK. All those Tesla Model 3's (with AFAIK at least 8 cameras recording everything around the car and sending data home) that will soon hit the roads are always connected to the Mothership in the USA.
Who exactly runs that mothership (Tesla or the NSA) is another question entirely isn't it?
-
Thursday 2nd May 2019 09:51 GMT Fred Flintstone
Re: Buy American because it's better, right?
All those Tesla Model 3's (with AFAIK at least 8 cameras recording everything around the car and sending data home) that will soon hit the roads are always connected to the Mothership in the USA.
I'd keep an eye on your WiFi access logs then - there may be a Google partnership in the works for Streetview v2 with a new round of "accidental" WiFi intercept which was "accidentally" left behind by an engineer which then dumped data into a service backend that just "accidentally" happened to be fully set up and available and "accidentally" fully compatibel with the data collection in the cars.
Did I mention that it was all an accident?
-
-
-
Thursday 2nd May 2019 09:27 GMT Anonymous Coward
Re: "just as flawed"?
You missed the best part - it only affects ACI switches. At last count, I believe Cisco had less than 10,000 customers using ACI and there were a significant number in PoC only.
Between ACI and an IPv6 management plane, the government agencies might manage to find something interesting...
Huawei are clearly the larger threat - their stuff gets used.
-
-
Thursday 2nd May 2019 23:46 GMT Anonymous Coward
Re: @AC - "just as flawed"?
In an environment concerned with security, the management plane would be protected by ACL's, multiple layers of firewalling, intrusion detection systems and likely air-gapped management.
It's a bug (more likely misconfiguration of an OS build script) that needs to be fixed - the operational risk of the issue is likely tiny.
In a less security focussed environment, these a still data centre class switches (no PoE, 10/25/40/50/100Gbps ports, above average cost per port due to buffering and other features) and without any additional devices, I would expect the switches to be protected by ACL's at a minimum.
-
-
-
Thursday 2nd May 2019 12:31 GMT phuzz
Re: "just as flawed"?
At least a potential attacker would need a valid username and password to access the telnet port*, rather than anyone being able to use the ssh flaw on any affected Cisco once they knew the hard-coded credentials.
* which they could grab unencrypted from the wire if they had access and someone actually logged in over telnet, which is why telnet is bad.
-
-
Thursday 2nd May 2019 08:20 GMT Anonymous Coward
Spooky
It’s entirely obvious that this whole “Waah-way” matter is all about the Yanks losing the ability to snoop on us via Cisco and other comprised equipment. Often it’s allegedly spiked by the CIA before it’s even sent out to the customers.
The more Waah-way kit that’s out there the more they are hampered in their “Full Spectrum Dominance” endeavours.
-
This post has been deleted by its author
-
-
-
Friday 3rd May 2019 15:18 GMT GreggS
Re: Keep moving...nothing to see here....
Facts?
There's no no more published proof that Cisco puts backdoors into it's products at the behest of the US government than there is Huawei for the Chinese. It is only the balance of probabilities that is becoming the stick with which to beat them.
-
-
-
Thursday 2nd May 2019 13:23 GMT Anonymous Coward
Next refresh, Cisco is out.
(as lead InfoSec), I just informed our network engineer that we will be seeking non cisco equipment next refresh.
So many pathetic exploits/backdoors over the last 2 years. They have lost all trust/reputation.
I wonder if this is the exploit that got Citycomp hacked.
-
-
Thursday 2nd May 2019 15:24 GMT hopkinse
"Didn't GCHQ essentially told parliament that they don't trust any networking gear from anybody or that any network could be deemed secure? An everything should be encrypted before it sent across any network?"
Is that not essentially paragraph 1 of any discussion on security that's worth its salt?!
-
Thursday 2nd May 2019 20:55 GMT Roland6
Didn't GCHQ essentially told parliament that they don't trust any networking gear from anybody or that any network could be deemed secure?
Well given the UK effectively has had no native OEM for mobile network kit for some decades, I suspect (and hope) GCHQ have had sometime to get their heads around using and depending on equipment from third-party nations in your critical infrastructure and thus how you mitigate risks.
I thus suspect they are some years ahead of their US friends.
An everything should be encrypted before it sent across any network?
I think enhanced encryption devices that satisfy GCHQ's requirements are made in the UK...
-
-
Thursday 2nd May 2019 15:27 GMT Anonymous Coward
it's better to stick to reality
1. NSA eavesdrops on US allies and enemies. It's a known fact, and it is semi-officially acknowledged by the US.
2. The UK is part of the Five Eyes agreement. Membership has its privileges. You get a lot of intelligence goodies from the US, and specifically from NSA.
3. The UK doesn't like being eavesdropped on by NSA. They prefer being eavesdropped on by China. Which is kinda weird, considering that the UK is home to the largest eavesdropping stations in the world. Menwith Hill for starters. Not the only one.
So, it looks to me like the UK has a few choices:
- Ban all Cisco equipment, ship it all to the trash compactor, and only use Huawei. That will most likely kick the UK out of the Five Eyes. It will thereafter be known as the Four Eyes. This will not stop NSA's UK eavesdropping activities, or their efficiency. Quite the opposite.
- Design and build your own UK pure of heart and true of thought routers. Kick Cisco, Juniper, Huawei out. This won't stop NSA's UK eavesdropping activities either. They'll be just as efficient as they are now, modulo different hardware/firmware/software, and different attack vectors. It might take NSA a few months to find the new exploits. They will find them. But at least there's less of a chance to be spied on by the Chinese. In the end, the UK is pretty much back to where it is right now.
- Accept the status quo: a few Cisco
backdoorsaccidental bugs here and there, a little US eavesdropping now and then and in-between, but the UK gets to stay in the Five Eyes. Membership has its privileges. And no Chinese slurping.There are no white knights in this story. Just a lot of grandstanding, pretense and posturing.
-
Thursday 2nd May 2019 19:20 GMT Skwosh
Re: it's better to stick to reality
Surely if the UK decides to use some less expensive though probably equally vulnerable Huawei gear in its peripheral pond-life public networks then your super duper cleverer-than-anyone-else NSA will be able easily to continue snooping on us via the Huawei gear and indeed if the horrid Chinese are similarly clever then they are almost certainly already snooping on us via the non Chinese (and apparently vulnerability rich) gear we are using already anyway. I suspect the reality is that this would just be a shift on the dial of relative convenience for the respective agencies rather than some sort of dramatic new difference of kind. It would just mean the NSA would probably have to work a little bit harder and the Chinese would probably have to work a little less hard in order to get the kind of information they are both almost certainly already slurping daily from the UK anyway. Narrowly then I suppose it should come down to how much value the US gets from the UK being in the five eyes and if that value outweighs the extra inconvenience to the US of having to hack peripheral networks in the UK running on gear made by non US friendly manufacturers (useful practice - no?) but I think there are probably much wider economic issues and also all manner of longer term geo-political shit to be considered which is much more likely to be the true substance of this row.
-
Friday 3rd May 2019 01:10 GMT Anonymous Coward
Re: it's better to stick to reality
> [ ... ] how much value the US gets from the UK being in the five eyes and if that value outweighs the extra inconvenience to the US of having to hack peripheral networks in the UK running on gear made by non US friendly manufacturers [ ... ]
The US gets a lot from the being in the Five Eyes. No question about it.
The question for the UK is: how much value would it get by leaving the Five Eyes and pissing off the US?
I think the answer to that question can be found in Brexit.
Brexit looked like a Really Good Idea in June 2016 to a very slim majority of Brits. Does it look the same now?
Other than meaningless Brexit slogans peddled by politicians, what precisely was so wrong with the UK being and staying in the EU? It worked OK for 40+ years.
-
Friday 3rd May 2019 10:31 GMT Skwosh
Re: it's better to stick to reality
The narrow question – as I said – is how much value does the US get from the UK being in the five eyes – how bad/inconvenient for the US would it be to tolerate the UK still being an eye if the UK went ahead and used Chinese gear in its peripheral networks. Ideally presumably the US would like everyone in the world and particularly everyone in the five eyes always to use gear made by on-side nations indefinitely, no matter how crap and/or expensive it is compared to the alternatives – and of course I assume the UK is considering the risks the US will throw its toys out of the pram even if that might not be the most rational thing for it to do in the short term. I have no privileged knowledge about any of this but it is clear that part of what is happening at the moment (if the comments section here is anything to go by!) is a lot of posturing and bluff calling on both sides. Surely anyone trying to take a reality based approach to understanding the world needs to understand that lots of strutting and bloviating is an important part of human decision making, particularly in the field of international relations.
Regarding Brexit – as you observed, it was a narrow outcome of a democratic process and I would assume that someone with your reality based approach understands that the point of democracy is not to make good decisions – the point of democracy is to make it possible for us to change course when it becomes clear we've made a bad decision. The election of DJT in the US was also the narrow outcome of a democratic process and it has been melodramatically argued by many (though personally I think it is a lazy argument) that DJT's America First doctrine (a clearly stated part of his campaign platform) has seriously undermined various written and un-written international trust relationships many of which date back to the end of the second world war.
The deep historical undertow here in my view is the likely slow but steady decline of US hegemony and how the US and the rest of the world is going to adapt to that. Over here we do at least have some fairly recent experience with coming to terms with declining hegemony! As I said, I have no privileged knowledge about any of this, but perhaps one way to look at it could be as a nudge in the direction of knowing when it does and does not make sense to try to use your (perhaps dwindling) power simply to try to brute force your will rather than compromising and thus perhaps gaining the skills sooner rather than later that you will eventually need to adapt to a world in which your power is more limited?
-
-
-
Friday 3rd May 2019 15:42 GMT Anonymous Coward
Re: it's better to stick to reality
and you get a lot of intelligence from gchq. stop it with your jungoistic imperialistic crap.
you seem to hate everyone here, and hate everything British, and seem determined to wind everyone up, and then you whine when you're called a troll. Please go away. fox wants their viewer back.
-
-
Thursday 2nd May 2019 16:02 GMT Anonymous Coward
Re: Domains for email
Are american companies subject to the same security reviews that have been done on Huawei.
They discovered quite a lot of crap code in the Huawei review, which is to be expected, and they are working on fixing the issues.
But do they review the source code for the firmware of all american kit too? Or do we just take it on trust
-
Thursday 2nd May 2019 18:05 GMT MR J
Netgear still haven't fixed a old bug that they had that I reported years ago.
Basically with the web interface turned off you can still ask the router to reset the admin password via the netgear website. It will forward the existing details of the router in the request and all you need is the MAC address (that the router itself has sent in plaintext!)
Been years now, but Netgear told me it wasn't an issue as people would eventually migrate away from those devices.
-
Thursday 2nd May 2019 18:47 GMT Bandikoto
Incompetence or Stupidity?
Given those who got rewarded at Cisco, it could be either.
Cisco has had secret backdoors into the gear for decades now. Every time one is found, they say "Oopsie daisy!" and issue a patch.
I doubt that any of the Cisco spin-offs are any better, given how incestuous those companies are.
-
Thursday 2nd May 2019 18:56 GMT Eduard Coli
Just as planned
Its been common knowledge for sometime that since businesses entertaining doing business in the PRC have to have a Chinese partner and the new company has to have a CPC member on the board there is rampant IP theft occurring. In cases where this does not get the IP the CPC and Chinese industry craves it is also known that those who refuse a request by a CPC member or business to look at a design that workers will strike or your plant will burn down or you will be thrown out. In their feverish race to get access to Chinese slave labor the wealthy may have given the whole show away to the Chinese.
-
Thursday 2nd May 2019 20:31 GMT Anonymous Coward
Hardcoded default SSH key pair
“Cisco has issued a free fix for software running on its Nexus 9000 series machines that can be exploited to log in as root and hijack the device .. due to a default SSH key pair hardcoded into the software”
Either they're hiring underachievers to write the software or they're lying to us or else they've dumbed CS cources down so much that the code-monkeys don't know how to write secure systems, as someone on Reddit put it:
‘there is "mass incompetence" in tech right now that would "scare the shit out of us" if we saw it first hand like he did.’
-
Thursday 2nd May 2019 21:00 GMT Anonymous Coward
It doesn't seen rather odd at all that the US and the security establishments of her allies do not want Huawei involved with 5G, main trunking backhaul or any major aggregation points.
China has made public it wants to be the preeminent power globally, and that may well mean we are coming to some sort of showdown.
If China is the vendor for your critical national infrastructure it will A) know how your network is laid out B) it will have many of the IP addresses of the critical nodes C) will be able to coerce countries into towing its line because D) with the knowledge of all of the above, fatally compromising the network is orders of magnitude easier.
Even allowing Huawei into the Radio Access Network for 5G is too risky.
-
Friday 3rd May 2019 09:03 GMT Anonymous Coward
The difference is Cisco & the others are just incompetent in not testing correctly.
Others are working for state agencies, i've dealt with some of these agencies, the ones that insist you connect a "bridge" box over your firewall, that they have access to, so that they can enter into your private corporate network.
Don't do it & they will disconnect your Network & telephone connections, refuse to renew you business licenses & the visas for your staff,
Cisco does not have that power, this is not about bugs in software.
-
Saturday 4th May 2019 09:54 GMT JaitcH
The US Just Doesn't Want To Admit It Is A Second Rate Nation With A Massive International Debt
Long ago the US had it all: money, opportunity, talent, leadership, manufacturing and a vision.
Now look at it. Reduced to borrow more money, opportunity slipping away to Europe and the Far East along with talent, elect an inveterate liar, massive tranches of manufacturing transferred (so corporate profits soar) and technical shortsightedness. The country can't even feed itself. And it has to rent seats on Russian rockets to reach the International Space Station!
The only thing the US excels in in is spying, spying on most every communications system extant. What is the purpose of having an NSA spy office in Cambodia, especially now it has it's own InterNet feed, rather than via VietNam. And making sure the few networking systems it leak like Harry Belafonte's famous bucket.
Don't laugh, Britain doesn't even make machine screws.
-
Monday 6th May 2019 10:05 GMT Reg Reader 1
Re: The US Just Doesn't Want To Admit It Is A Second Rate Nation With A Massive International Debt
There are also the issues of Chinese labour being near forced labour in many instances, working at pennies on the dollar in comparison with what a European or North American would need to earn a living. Some of these developing economies can afford nukes and space missions but not to educate, feed, or have healthcare for much their populations. I think the developed economies need to reevaluate trade and manufacturing relationships. The Corporatists used Globalization to break Unions and increase profits while moving jobs off shore; moved away from businesses having pensions for employees to a stock market gamble and reduced employment opportunities in developed economies. This has stripped a lot of wealth of the middle class that was built up from the end of the second world war through present but it appears to me that since the IT stock market burst at the dawn of this millennia that middle classes are contracting in developed nations.
So, aside from potential snooping there real financial issues, as well.
-
-
Sunday 5th May 2019 15:07 GMT Lars
A few things to remember.
While there has been a lot of the silly Anglo/American bickering about who did what, and why, and when, let's not forget the facts.
Britain was in need of help, asked for help and received help not only from the Commonwealth countries but crucially from the USA. The American help was immense not only during the war but very much for Europe, after the war too, starting with the Nuremberg trials and especially due to the Marshall plan.
While I am not amused by the smell coming out of the White House today I believe, as the optimistic pessimist I am, it's only temporary.