Cisco Blogs


Cisco Blog > Security

On Cisco.com password changes

Last week I published a brief blog about the OpenSSL heartbeat extension vulnerability, also known as the Heartbleed bug.

One commenter asked, “What about the Cisco.com website? Is it safe to change our passwords on the site?” We received a handful of similar questions from customers today, so I would like to offer our formal advice.

The Cisco Security Incident Response Team (CSIRT) has not found any Cisco.com infrastructure that was vulnerable to the Heartbleed vulnerability. There is also no evidence to suggest a compromise of Cisco.com user accounts.

You are safe to change your password by visiting the Cisco.com profile management page – in fact regular password changes are something we actively recommend.

Regardless of the website you are visiting, use of a strong password and regular password changes are an important part of online safety. If you are looking for more password advice, we recommend the following US-CERT security tip: Choosing and Protecting Passwords.

Tags: , , ,

July, a Busy Month for Breaches

This month has been particularly prevalent for the loss of personal information. At the beginning of the month it was reported that Club Nintendo had been breached with the personal data of up to 4 million stolen by attackers [1]. Subsequently, the forums of Ubuntu were hacked with the loss of 1.82 million usernames, passwords and email addresses [2]. Additionally, Apple have announced that their developer website has had an unknown amount of personal data stolen [3].
Read More »

Tags: , , , , , ,

Why do I need a password in a factory?

So, I got locked out of my Cisco “everything” account recently. At first I thought it was just my home router acting up, but after a couple days I called IT for help, and they asked me to reset my router, and my modem, and then when that was done they informed me that maybe my password had expired.

Long way of getting to the story. I hate when my password expires. We have pretty stringent rules about passwords here at Cisco. I appreciate that. I just don’t want to change my password. You see I have (guessing) at least 20 sites that I use, all have different password requirements. Some have unique requirements for User Names too.

So I have figured out that from now on, the day that I change my company password I am changing all of my other account passwords too. At least within Cisco they synchronize all of the passwords. But I still have all my individual accounts, and I’m quite sure they sit there and watch, here comes that idiot, requesting a new password. Why can’t these people remember their password, they likely wonder while they smirk.

To some degree it is a matter of how often you go to the website, I suppose. Read More »

Tags: , , , , , , , , , , , , , , , , , , ,

Don’t Let Others Tweet On Your Behalf!

December 9, 2010 at 1:55 pm PST

Hackers recently gained control of an Indonesian government Twitter account to falsely broadcast an impending, yet fictitious, tsunami in Jakarta, Indonesia to over 8,000 followers. While this was by no means considered a catastrophic event it certainly, I’m sure, caused a bit of chaos and disruption to the people in Jakarta and in the surrounding areas. Doesn’t this sound like the 21st century version of yelling “Fire” in a crowded movie theater? In any event, as is the case with any failures related to technology, there are some important lessons to be learned from this miscreant-generated Tweet…or shall we call it a “MisTweet”?

Read More »

Tags: , , ,

Don’t be a Victim – Part 1

One of the phrases sometimes heard in certain circles I have traveled in was “Don’t be a victim,” or its near cousin “Don’t allow yourself to be victimized.” While these words of wisdom were passed around in some of the rough, hard biker hangouts up in the Santa Cruz mountains, they are relevant to the world of Borderless Networks as well.

In terms of mitigating risk, one of the very best things you can do is actually one of the simplest. When it comes to passwords, pick a good one and use it. Mix in numbers, special characters, uppercase and lowercase and avoid names and dictionary words and you are going to be in a far better place. Oh, and as 4chan illustrated when they hacked a Christian dating site, never assume that your password will not be stolen – you may want to use different passwords. For mobile devices, which are prone to being left in various places, it is critical to have a password protected locking home screen.

Read More »

Tags: , ,