Language Selection

English French German Italian Portuguese Spanish

Cisco.com website breached - customers warned

Filed under
Security

Cisco is advising customers to update passwords for the company's web portal following a security breach reported this morning.

The company has admitted that the compromise could expose customer passwords but gave no further details of the cause of the problem.

In a press statement, Cisco said: "It has been brought to our attention that there is an issue in a Cisco.com search tool that could expose passwords for registered users.

"As a result, to protect our registered Cisco.com users, we're taking the proactive step of resetting Cisco.com passwords. Needless to say we're investigating the incident which does not appear to be due to a weakness in our security products and technologies or with our network infrastructure."

The company also stressed on its website that the incident appears unrelated to flaws in Cisco products.

Security experts, however, are unsure as hackers around the world have been racing to find a vulnerability in Cisco equipment since it was described by security researcher Michael Lynn at the Black Hat conference last week. Cisco and Lynn's former employer, Internet Security Systems, have taken legal action against the researcher following the presentation.

One industry source said: "I think this has the possibility of having a significant impact on corporations and the intellectual property of Cisco."

But others disagree. Michael Maddison, director of enterprise risk services for Deloitte, said: "I think it's more likely to be a vulnerability in web applications than Cisco equipment. That's my opinion - we see vulnerabilities in web pages all the time."

Source.

More in Tux Machines

Leftovers: Gaming

Android Leftovers

Leftovers: OSS

Systemd 222 Will Do Away With Its Accelerometer

For the past four years in systemd there's been a Udev accelerometer helper for exposing the device orientation as a property. With the upcoming systemd 222 release, that will change and instead users taking advantage of device orientation information should switch to iio-sensor-proxy 1.0+. Read more