A commune is where people join together to share their lack of wealth. -- R. Stallman

rocksolid / Security / Re: Cisco, again ?

Subject: Cisco, again ?
From: anonymous
Newsgroups: rocksolid.shared.security
Organization: def2org
Date: Thu, 14 Nov 2019 22:44 UTC
Attachments: cisco.jpg (image/jpeg)

Path: i2pn2.org!rocksolid2!def2!.POSTED.localhost!not-for-mail
From: anonym...@def2.anon (anonymous)
Newsgroups: rocksolid.shared.security
Subject: Cisco, again ?
Date: Thu, 14 Nov 2019 22:44:55 -0000 (UTC)
Organization: def2org
Message-ID: <c235b632789b9fa43227e70099613272$1@z5bqfv5v75kxy7pj.onion>
Mime-Version: 1.0
Content-Type: multipart/mixed;boundary="------------2D7B91D89218F6D0182BBE7B"
Injection-Date: Thu, 14 Nov 2019 22:44:55 -0000 (UTC)
Injection-Info: def2.org; posting-host="localhost:127.0.0.1";
logging-data="14899"; mail-complaints-to="usenet@def2.org"

View all headers

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191112-asa-ftd-lua-rce

Translation into plain english:

Dear customer,

this is to inform you that we have allowed the whole wide world to
penetrate your unprotected rectum after we have sold you a product that
should have prevented just that.
Let me add that our motivation in that was just to apply shitty
programming style, violating even the most standard security guidelines.
And just for the record I will also say (gleefully), that you will not be
refunded, nor will our behavior have any consequence for us.
We hope that you will enjoy our products also in the future, after they
have been forced down your throat by compliance-over-intelligence type IT
managers.

Yours,

sincerely,

McFuckface (customer service manager)
Posted on def2

Attachments:

Subject: Re: Cisco, again ?
From: AnonUser
Newsgroups: rocksolid.shared.security
Organization: RetroBBS
Date: Fri, 15 Nov 2019 00:01 UTC
References: 1

Path: i2pn2.org!rocksolid3!.POSTED.localhost!not-for-mail
From: anonu...@retrobbs.rocksolidbbs.com.remove-2im-this (AnonUser)
Newsgroups: rocksolid.shared.security
Subject: Re: Cisco, again ?
Date: Fri, 15 Nov 2019 00:01:03 +0000
Organization: RetroBBS
Message-ID: <f650e953eb180367f7b55bdb4619212b$1@www.rocksolidbbs.com>
References: <c235b632789b9fa43227e70099613272$1@z5bqfv5v75kxy7pj.onion>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: rocksolidbbs.com; posting-host="localhost:127.0.0.1";
logging-data="4897"; mail-complaints-to="usenet@rocksolidbbs.com"
User-Agent: rslight (http://news.novabbs.com)
To: anonymous
X-Comment-To: anonymous
In-Reply-To: <c235b632789b9fa43227e70099613272$1@z5bqfv5v75kxy7pj.onion>
X-FTN-PID: Synchronet 3.17a-Linux Dec 29 2018 GCC 6.3.0
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on rocksolidbbs.com
X-Rslight-Site: $2y$10$X9YIrdxKtC7CeIWal47Lw.CVSVF/GKlPN2qTf4CJpSKTSFoN3pazu
X-Gateway: retrobbs.rocksolidbbs.com [Synchronet 3.17a-Linux NewsLink 1.110]

View all headers

To: anonymous
"Cisco has not released software updates that address this vulnerability."

They have better things to do, like count money.

I remember when the ssl bug came out and people saying that just some people
wrote the software, not a "real" company. That's why it's crap.

Cisco and other major companies prove they can build crap all day long. At
least most oss tries to fix mistakes.

--
Posted on RetroBBS

Subject	Author
Cisco, again ?	anonymous
Re: Cisco, again ?	AnonUser