1/11/2024 0 Comments Uncoverit 2 softwareI’ll be throwing my own Cisco products in the trash when I get home from work, and I’ll definitely be raising this issue at my next company meeting. Utterly disgusted and never buying Cisco products again. I hope your shareholders are paying attention. Now it seems you may experience a sudden drop in shippable orders as well. What we do know is this: You’re a billion-dollar company that could raise a real stink if you wanted to on behalf of your customers. We have no idea whether you’re innocent, lying on behalf of the government, or lying to cover your own behinds. So forgive us if Cisco’s own round of denials rings hollow. Then we later heard that these companies got paid tens of millions of dollars in PRISM compliance costs, have DITU interception equipment on company premises, and have facilitated a sophisticated surveillance protocol with real-time multimedia capabilities. Yeah, but Google, Yahoo, Facebook, etc., did this whole playing-dumb, “never heard of it” thing with the PRISM revelations as well (Larry Page’s blog-post denial is still up and running). UPDATE 1: Customers seeking additional information may refer to the Cisco Security Response.Ĭisco Security Advisories, Responses and Notices: Ĭisco Blogs on Security and Cryptography If we learn of a security weakness in any of our products, we will immediately address it.Īs we have stated prior, and communicated to Der Spiegel, we do not work with any government to weaken our products for exploitation, nor to implement any so-called security ‘back doors’ in our products. This is central to how we earn and maintain trust.Īt this time, we do not know of any new product vulnerabilities, and will continue to pursue all avenues to determine if we need to address any new issues. Our Trustworthy Systems initiatives, Cisco Secure Development Lifecycle, Cisco Common Crypto models, and Product Security Incident Response Team (PSIRT) and Vulnerability Disclosure policies are all industry-leading examples of our commitment to our customers. We are committed to avoiding security issues in our products, and handling issues professionally when they arise. We are deeply concerned with anything that may impact the integrity of our products or our customers’ networks and continue to seek additional information. Customers can stay informed of the progress of this investigation via the previously posted Cisco Security Response.ĭecember 29th – An article was published in Der Spiegel today about the alleged capabilities of the United States National Security Agency (NSA) Tailored Access Operations (TAO) organization. The article says that TAO “exploits the technical weaknesses” of Information Technology products from numerous companies, and mentions Cisco. As a result of this new information coming to light, the Cisco Product Security Incident Response Team (PSIRT) has opened an investigation. Xu will include both undergraduate and graduate students in this research, and will ultimately provide outreach to industry professionals in order to raise awareness around software security.UPDATE 2: On Monday, December 30th, Der Spiegel magazine published additional information about the techniques allegedly used by NSA TAO to infiltrate the technologies of numerous IT companies. Novels to his project are new approaches, techniques, and tools that could revolutionize fuzzing and make the nearly-random testing process more intelligent and targeted-ultimately enhancing the security of various types of widely used software, ranging from web browsers to server-side programs. In his project, Xu will pioneer vulnerability-coverage-driven fuzzing. While existing fuzzing techniques primarily follow an approach called code-coverage-driven fuzzing, this project shows that code coverage has weaker-than-expected ties with vulnerabilities, and thus is not well suited for vulnerability finding. The high-level aim of fuzzing is to create a large number of random inputs to run software and, in turn, trigger vulnerabilities. Xu’s project addresses this challenge by rethinking a classic technique called “fuzzing” for finding vulnerabilities in large software. Stevens leads this initiative.įinding software vulnerabilities is becoming increasingly challenging because the software widely used in day-to-day life is growing larger and more complex. Their project, entitled “Collaborative Research: SaTC: CORE: Medium: Rethinking Fuzzing for Security,” will improve methods for uncovering vulnerabilities in software code that can be exploited by malicious actors. School of Engineering and Science, and Co-PI Long Lu of Northwestern University were recently awarded a grant of $1.2 million from the National Science Foundation as a part of the organization’s Secure and Trustworthy Cyberspace (SaTC) program. Principal Investigator (PI) Jun Xu, assistant professor of computer science at Stevens’ Charles V.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |