Dan Goodin at Ars Technica gives an overview of the implications of the recently exposed telnet vulnerability disclosed by WikiLeaks. I’m not surprised the CIA had something like that, however morally dubious I may find it. As an intelligence organization it’s in their interest to have this kind of access.
For me, this goes beyond Cisco. There’s basically no workaround, if you can’t disable telnet, there’s no way to fully protect yourself from the vulnerability. Cisco pledged to get a fix out soon, but that doesn’t do a lot of good now. But this portends the potential minefield of security issues we’ll see in the Internet of Things.
Cisco is a giant company with a heavy financial interest to get this patched with all of their engineering talent. Yet even with all their resources, it’s still taking time and was left open for a long time. Now image the raft of connected devices from various distributors. While these represent smaller targets for state or otherwise malicious actors, the odds are that they will be even harder to detect and patch, especially if vendors have no financial stake in doing so.
Ars Technica comments:
- Of Chips and Acquisitions | Gestalt IT Rundown: August 21, 2019 - August 21, 2019
- Kubernetes Is Evolving Into an Enterprise-Friendly Platform, but Challenges Remain - August 16, 2019
- Going Independent - August 15, 2019
- AMD Wasn’t Built In A Day | Gestalt IT Rundown: August 14, 2019 - August 14, 2019
- SaaS Backup Isn’t My Problem – The On-Premise IT Roundtable - August 13, 2019
- Jira and the Definition of All | Gestalt IT Rundown: August 7, 2019 - August 7, 2019
- What’s In Your Bucket | Gestalt IT Rundown: July 31, 2019 - July 31, 2019
- VPNemy at the Gates | Gestalt IT Rundown: July 24, 2019 - July 24, 2019
- Germany Drops the Hesse on Microsoft | Gestalt IT Rundown: July 17, 2019 - July 17, 2019
- FUD: Fear, UK, and DNS | Gestalt IT Rundown: July 10, 2019 - July 10, 2019