Cisco should be held up as a laughingstock (was: Re: Filtering "UserAgent:" [was: 'apt update' failure, me or repository?])
On Thursday, October 17, 2019 05:25:46 AM tomas@tuxteam.de wrote:
> On Thu, Oct 17, 2019 at 11:08:34AM +0200, tomas@tuxteam.de wrote:
>
> [...]
>
> > [1] https://news.ycombinator.com/item?id=19507225
>
> Sorry. That link forces you through Twitter. Here are better
> ones:
>
> https://old.lwn.net/Articles/784758/
>
> https://www.bleepingcomputer.com/news/security/cisco-botches-fix-for-rv320
> -rv325-routers-just-blocks-curl-user-agent/
After readiing (or skimming, as the case may be), some of these links, I have
a few reactions (after LMAO).
I am disappointed that this was not more widely publicized at the time (or
even now) (I hadn't heard about it, or didn't understand it until now).
Cisco should be a laughingstock and in some kind of hall of shame based on
what I've read. ((Not) "fixing" a security problem by using a regex to prevent
access to their routers via curl (while still allowing access (and the
exploit) with any non-curl user string.
Reply to: