[167861] in North American Network Operators' Group
Re: NSA able to compromise Cisco, Juniper, Huawei switches
daemon@ATHENA.MIT.EDU (Jeff Kell)
Mon Dec 30 23:55:20 2013
Date: Mon, 30 Dec 2013 23:54:59 -0500
From: Jeff Kell <jeff-kell@utc.edu>
To: <nanog@armoredpackets.com>, <nanog@nanog.org>
In-Reply-To: <52C242C5.70905@armoredpackets.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 12/30/2013 11:06 PM, [AP] NANOG wrote:
> As I was going through reading all these replies, the one thing that
> continued to poke at me was the requirement of the signed binaries and
> microcode. The same goes for many of the Cisco binaries, without direct
> assistance, which is unclear at this point through the cloud of smoke so
> to speak, it would be difficult to load this code post implementation or
> manufacturing.
Signed binaries?? Surely you jest...
Try download *anything* from Cisco TAC these days with a new browser and
latest Java and see how many exceptions you have to make to get an
"allegedly" legitimate copy of "anything".
If you don't like it, open a TAC case, and count the number of
exceptions you have to make to get to THAT point as well. And of course
they'll want you to upload a "show tech" first thing, and see how many
MORE exceptions you have to make to get that to work.
Geez, just open ASDM today I have to honor Java exceptions.
We're all getting far too conditioned for the "click OK to proceed"
overload, and the sources aren't helping.
Jeff
