Cisco Router Hack Inspires New Patching Religion 48
ancientribe writes "The dirty little secret about patching routers is that many enterprises don't bother — for fear of the fallout any changes to their Cisco router software could have on the rest of their infrastructure. But the recent discovery of a way to easily hack these devices has put pressure on organizations to change their ways and patch. This article in Dark Reading gives tips on how to patch without taking down the network, including input from Cisco's own director of IT on how Cisco itself handles router patching."
Re: (Score:1, Funny)
I'll invoke Spock on this one:
"Fascinating."
Crap (Score:2, Interesting)
Guidelines = Religion? (Score:1, Insightful)
Re: (Score:2, Troll)
^better^worse
Re: (Score:3, Informative)
>Hell, I'll go so far as to say that religion serves most people better in making their way in the world than all the over-prescribed anti-depressants, etc.
Whenever I see a defense of religion I see an attack on psychiatry. I think people who are clinging to beliefs out of desperation and ignorance as opposed to choice and for betterment are truly threatened by the fact the therapy has become a secular "religion." You can learn to cope without belief in the invisible man in the sky. The fact that secular
Re: (Score:1, Offtopic)
Re: (Score:1)
I think you guys need to go watch religious. http://www.imdb.com/title/tt0815241/
Re: (Score:1)
I'm glad the medications are there for the people that need them, but I know in my case a good, swift kick in the ass would have helped me more than the Prozac my psychiatrist prescribed me.
When I was a lot younger, I visited a psychologist together with my mom. The guy actually prescribed, on paper, the occasional swift kick in the ass.
Now, 15 years and a lot of experience later, I simply can't get over how right the good man was.
Re: (Score:2)
Anything that gives you happiness by providing you with fairy tales is harmful in large doses. The fact that religion doesn't match up with reality is the problem.
Science can and must change in response to reality, where as religion is just arbitrary rules.
If you think anti-depressants are over-prescribed just think how much religion is over-prescribed.
Re: (Score:2)
Anything that gives you happiness by providing you with fairy tales is harmful in large doses
You can say that, but it doesn't make it true ;-) Why exactly? How is it harmful? If you are happy, and, say volunteering and giving to charity, what is wrong with your life? Sounds to me like you would be a pretty good person. It's not the only way to be a good person or a happy person; being good and/or happy really doesn't correlate with one's understanding of abstract scientific principles...
If you think anti-depressants are over-prescribed just think how much religion is over-prescribed.
Luckily for most everyone in the developed world, we do not have to listen to our doctors or pastors, and ma
Re: (Score:2)
Well, for one the cancer in your testicle isn't getting cured by praying. Your pastor tells you that God will cure you and this is a test of faith. On one hand there is fairy tale and the other reality. Reality always wins in the end.
Try, but only one of those
Re: (Score:2)
Your pastor tells you that God will cure you and this is a test of faith.
See, you are over generalizing. Most religious people do not belong to cults that don't believe in medicine. Most religious people are not fundamentalists, extremists, or zealots.
only one of those will use psychological guilt trips and family to pressure you into thinking you don't have a choice
While that, I imagine, would happen more often in a religious setting, at least now a days, it is just untrue to say that guilt trips or worse have never been applied to people for disagreeing with their doctors - in fact, psych wards until recently have been known as frightening places - that one can't leave of one's own free wi
Re: (Score:2)
Actually, i didn't generalize at all. I gave an example. Now I'll generalize: the more fairy tales people believe in the greater the chance of it leading to harm. So just because you can tell me most people don't drown swimming where there isn't a lifeguard doesn't mean it is not dangerous swimming in the ocean without a lifegu
Re: (Score:2)
the more fairy tales people believe in the greater the chance of it leading to harm
Yes, you said that before. It's not particularly true. Not everyone is even going to have the aptitude, let alone the need, to look at things logically beyond day-to-day concerns. Why should they? It has little bearing on the basic things that are important in day-to-day life. In other words, not everyone is a mathematician, engineer, or theorist, and we tech-minded people shouldn't try to force our methods and processes of life and perception on them, just as they should not force their methods and pr
Re: (Score:2)
liquors the best solution
"liquor's".
liquors are the best solution.
Re: (Score:1, Insightful)
Shall we apply all of the horrors that Atheists have committed to all Atheists as well?
No, I didn't think so. Try not to confuse the horrors of what people have done in the name of $foo with $foo itself.
Normally I would ignore it, but your sig shows that you're not a troll but you actually believe it.
Re: (Score:1, Insightful)
In the bible it says: 'Do unto others as you would have done to you'.
If you judge Christians by how they fare in following this rule, then no true Christian has ever committed an atrocity.
Oh, there are a lot of people who *say* they are Christians, sure, there are also a lot of people who *claim* to be atheists.
Re: (Score:2)
If you judge Christians by that rule, there _are_ no "true christians", they're like "true scotsmen"
http://en.wikipedia.org/wiki/No_true_Scotsman [wikipedia.org]
Re: (Score:3, Funny)
Shall we apply all of the horrors that Atheists have committed to all Atheists as well?
How many of them were done in the name of Atheism ?
Re: (Score:3, Insightful)
Lessee... Yeah, I think this is appropriate...
In Soviet Russia, religion denies YOU!
Not fear, just a respect for reality (Score:5, Insightful)
Fear? What the hell? It's well known that infrastructure collapsing bugs are frequently introduced. Some trains of IOS have a horrible reputation depending on your platform. And playing in T train land? Good luck with that game of Russian roulette.
Re: (Score:1)
Parent poster nailed it.
Even the Russian judge gave him a 9.75.
If I had points, I'd mod you up. I can't count the number of times we upgraded to a newer rev to fix a bug or security flaw only to find that 3 other things broke during the process.
Upgrading code on a Cisco device is a crap-shoot sometimes.
Re: (Score:3, Insightful)
Re: (Score:2)
Yes, but I've worked many places where they let the software fall so far behind that the admins have -absolutely- no idea what would happen if they upgraded to a recent bugfix release. It might be scary re-flashing your switches and routers on an incremental basis, but I've been shot down on major important upgrades because we had configs that haven't been altered in five years!
Re: (Score:2)
Well that's your own fault, for not reading the release notes on the new revision, and checking to see if there are any Open Issues that affect your particular config. If you're really lazy you can open a TAC case and have one of their front line guys do it for you.
I've been running 12.4T since 12.4.2T2, on over 100 routers, with complex BGP, DMVPN, and QoS configs, with no problem. No problem because I made sure I wasn't going to get hit with a known bug, but yes, I'll agree that there are usually quite
Re: (Score:1)
Wow, arrogant much?
I'm talking about basically having no recourse but upgrade to a different rev to fix an exiting issue that is caused by a software bug that breaks a couple other things. It's a damned if you do, damned if you don't situation.
A lot of the time you're forced to upgrade because the bug you're dealing with is affecting a mission critical app (VOIP, for example, PSTN calls randomly failing is a good one) and the resolution breaks something else.
This is my job. I've been doing it for years.
Assorted routers or not assorted routers? (Score:2)
TFA:
Researcher Felix "FX" Lindner's research earlier this year demonstrated that multiple versions of routers can be attacked -- specifically, Cisco's PowerPC routers -- shooting down the assumption that hacking routers requires separate exploits for each type of router.
Oh, wow, so, it doesn't matter that your infrastructure has a mish-mash of routers because they can easily attack them all in the same way? FFFFFFUUUUUUU---
The idea that the variability of router platforms would defend you from an attacker is false. All versions have something in common [in this research], and this is not just in theory, but FX demonstrated it and used it to exploit all [PowerPC IOS] versions."
Er, wait, so, you "demonstrated" by testing it all on one specific line of routers? How is that any kind of proof?
I smell Cisco astroturfing to make having to patch routers sound like it's important for everyone's routers and not just theirs.
Re: (Score:2)
What FX has shown is that each hardware line tends to have enough in common that exploits can be built independent of the individual version of software deployed on that piece of hardware. That's a decrease in variability of at least a couple orders of magnitude.
I really don't get this (Score:1)
Can anyone help me fan this little fire I've started?
Re: (Score:2)
rule 1 is "Test Test Test".
I often find that people who have big troubles with rule 2, have the same troubles with rule 1.
SLA? (Score:5, Insightful)
Re:SLA? (Score:4, Informative)
They do. You'll able to use every minor release in your release train free of charge, and they'll be developed for your platform until the product reaches end of life. You don't pay for patches.
Re:SLA? - They do. (Score:2, Informative)
If there is a security vulnerability in your IOS, call Cisco, say you have no support contract and they will give you the latest patch at your release level for nothing (or an upgraded release if there is no patch at your level).
Re: (Score:1)
You're right, downloading patches from Cisco is such a pain with their registration requirements. Better to Google the filename and grab the IOS (the version you think you need) from whatever 3rd party has stuck it on their ad-supported page, right? After all, nobody would put malware in a router update, surely...
getting the patches is the problem (Score:1, Insightful)
The dirty little secret about patching routers is that you can't just download the damned things. Why do I need to be certified and SLA'ed 3 ways round, or go to some third party, just to get it ?
up yours Cisco !
Re: (Score:3, Informative)
If you manage to get hold of the actual Cisco vulnerability statement, it contains information about how to request a patched version even if you don't have a service contract.
after reading Cisco's take (Score:1)