Cisco Web Site Breached by Hackers
Facing a second embarrassing security situation in as many weeks, Cisco on Wednesday began notifying customers that its Web site, Cisco.com, had been compromised and asked users to change their passwords. News of the breach followed a report that Cisco's routers were vulnerable to a serious exploit.
"It has been brought to our attention that there is an issue in a Cisco.com search tool that could expose passwords for registered users," the company wrote. "As a result, to protect our registered Cisco.com users, we're taking the proactive step of resetting Cisco.com passwords."
Cisco said the problem was apparently not related to its own hardware products or technologies, and simply stemmed from a poorly coded Web application.
"Needless to say, we're investigating the incident, which does not appear to be due to a weakness in our security products and technologies or with our network infrastructure."
Cisco faced intense pressure last week following a report by security researcher Michael Lynn that the company's routers, which power much of the Internet, were open to attack. Lynn quit his job at Internet Security Solutions shortly before giving his presentation at the Black Hat conference in Las Vegas.
Following his report, Cisco and ISS filed suit against Lynn and called on the FBI to investigate. Cisco claims Lynn used information that was obtained illegally, possibly from a leak of the company's IOS operating system source code. Lynn maintains his presentation was aimed at getting Cisco customers to upgrade their routers' firmware.
Trying to avoid a potential PR disaster, Cisco quietly settled with Lynn by demanding any related source code and the destruction of all materials related to his presentation.