'Security researchers have discovered serious vulnerabilities
affecting dozens of Cisco devices. The flaws allow hackers to deceive
the part of the product hardware that checks whether software updates
come from legitimate sources. Experts believe this could put emails
sent within an organization at risk as they may use compromised
routers. Messages sent externally constitute less of a risk, however,
as they tend to be encrypted. The California-based firm said it is
working on "software fixes" for all affected hardware.
"We've shown that we can quietly and persistently disable the Trust
Anchor," Red Balloon chief executive Ang Cui, told Wired magazine.
"That means we can make arbitrary changes to a Cisco router, and the
Trust Anchor will still report that the device is trustworthy. Which
is scary and bad, because this is in every important Cisco product.
Everything." Security experts believe that the vulnerability could
cause a major headache for Cisco, which has listed dozens of its
products as vulnerable on its website. "We don't know how many devices
could have been affected and it's unlikely Cisco can tell either,"
said Prof Alan Woodward, a computer security expert based at Surrey
University. "It could cost Cisco a lot of money."'
-- source: https://it.slashdot.org/story/19/05/14/1945212
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174