[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Cisco should be held up as a laughingstock (was: Re: Filtering "UserAgent:" [was: 'apt update' failure, me or repository?])

On Thursday, October 17, 2019 05:25:46 AM tomas@tuxteam.de wrote:
> On Thu, Oct 17, 2019 at 11:08:34AM +0200, tomas@tuxteam.de wrote:
> 
> [...]
> 
> > [1] https://news.ycombinator.com/item?id=19507225
> 
> Sorry. That link forces you through Twitter. Here are better
> ones:
> 
>   https://old.lwn.net/Articles/784758/
>  
> https://www.bleepingcomputer.com/news/security/cisco-botches-fix-for-rv320
> -rv325-routers-just-blocks-curl-user-agent/

After readiing (or skimming, as the case may be), some of these links, I have 
a few reactions (after LMAO).

I am disappointed that this was not more widely publicized at the time (or 
even now) (I hadn't heard about it, or didn't understand it until now).

Cisco should be a laughingstock and in some kind of hall of shame based on 
what I've read.  ((Not) "fixing" a security problem by using a regex to prevent 
access to their routers via curl (while still allowing access (and the 
exploit) with any non-curl user string.
Reply to: