Technology
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
view the rest of the comments
At what point do we also blame cisco customers for just plugging stuff in and not changing passwords? Cisco did not come into their customers locations and set up racks of stuff, or did they?
Read the article. I think you're misunderstanding the exploit.
Yeah this is one is on Cisco in general, still wondering why you'd have the web interface enabled anyways...just asking for problems right there.
If a fresh deployment isn't secure out of the box, that's definitely on cisco. There's a lot of people out there who just plug in some hardware and then use the GUI to configure it. Just because it's best practice to turn it off, doesn't mean everyone is skilled enough to do so.
We did have one compromised router from this at work, a fresh deploy that someone did a while ago and then the project got put on hold before it was actually configured. Was just sitting there with a public IP not doing much, but sure enough it was owned when I looked.
One interesting thing is that the machine had HTTP enabled, but we had locked down SSH already. In the config you could see the attacker tried to enable SSH but couldn't get it working (subnet inverted, lol cisco).
Yeah it is on Cisco, not questioning that.
Good catch getting it early, teach the young guys to kill those web portals...nothing but trouble. But I hear ya, sometimes CLI can be a pain.