<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>Hi Dave,</div><div><br></div>Completely agree with you on this.<div><br><div>On the top of that, if you ever had any sort of discussion with Cisco you will also know that they will get pretty sure that you will never present anywhere what ever security related issues you've discussed with them, and if they manage to do that it goes to their "problem solved" branch.</div><div><br></div><div>They don't really care about security, they care about what ever might go public and try to make it look as inoffensive as possible. That's all they do.</div><div><br></div><div>I'm wondering if people who uses their products realize that they lack a way to check if their products have been compromised. Cisco and Huawei among others fall into this category. On other platforms you can do OS level hardening, add host IPS and stuff like that, to do all sort of monitoring. On these routers and switches they don't have anything beyond the features bundled with their system. Some people believe that by forcing a core dump they will have a clean memory dump that will allow them to check if they've been compromised or not, which is the very first thing anybody would patch to hide.</div><div><br></div><div>I guess that's what you get when you relay on stuff that has been designed 20 years ago, cross your fingers and pray so that nothing goes wrong. xD</div><div><br></div><div>That's what makes Cisco, Huawei, Extreme Networks, among others so much fun to play with. ;-)</div><div><br></div><div>Cheers,</div><div> Sergio</div><div><div apple-content-edited="true">
<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><br></div></div></span></div></span></div></span></div></span></span></div><div><div>On Mar 31, 2014, at 11:16 PM, Dave Aitel wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
<div bgcolor="#FFFFFF" text="#000000">
<a href="http://www.rsaconference.com/videos/126/the-new-model-of-security">http://www.rsaconference.com/videos/126/the-new-model-of-security</a><br>
<br>
Cisco's keynote starts with the traditional eyeball gouging
"humorous" video making fun of how it's hard to get different
security solutions to work together. Wouldn't it be easier if
everyone just bought everything from Cisco? I'm sure it would! The
video ends with all the actors cursing at the audience, which is
telling, and then Christopher Young apologizing for the video, like
it's the first time he's ever seen it and he's sorry for subjecting
the audience to the cursing parts of it, or, you know, any of the
"jokes". <br>
<br>
After that it is a painful sit-down between Christopher Young (SVP
of Cisco's Security Business Group) and Padmasree Warrior (CTO/Chief
Strategy Officer of Cisco). Why do companies do these sit-down style
keynotes? It's like someone did a study on the most unlikely way to
capture an audience's attention, and then implemented it as
relentlessly as a Chinese SSHD password brute forcer. <br>
<br>
At one point Padma says "I'm not a security expert and you are,
which is why I hired you". The Chief Strategy Officer of Cisco is
not a security expert?! Lovely.<br>
<br>
These things are scripted to sound unscripted, but instead they
sound like horribly written scripts delivered by people who hate
what they are saying. That, or there was some sort of contest on the
least funny way to say "Internet of Things" eighty times in 24
minutes - and let me tell you, they *found* it.<br>
<br>
<a href="http://www.drchaos.com/open-app-id-cisco-commits-to-open-source-and-application-identification/">Open
APP ID</a> gets announced to no applause whatsoever. "The policy
can be dynamic. We need a community working on that. " Or in other
words, "Please somebody do our work for us so we can catch up to
whoever the market leader is in this space". Marty might have to
explain this to us all in better terms on the list here, cause Padma
and Christopher chew their explanation up like a three year old
eating a Lima bean and Brussels sprouts salad. They want to build
controls for applications except the mobile systems they want to
control are not under enterprise control at all (they "assume the
devices are untrusted"), and the network traffic will be encrypted.
So how are they controlling things again? <br>
<br>
In the end, these people got on stage to demonstrate that they have
a muddled thought process and no clear vision for the future. Look,
after watching this you can't help but feel sorry for everyone
involved in the production of this keynote, and the entire marketing
team the CEO of Cisco fired after watching it on YouTube. I'd worry
if I was either Padma or Christopher as well because they've clearly
lost sight of both the forest and trees, if this keynote is anything
to go by.<br>
<br>
-dave<br>
<br>
<br>
<br>
<br>
<br>
</div>
_______________________________________________<br>Dailydave mailing list<br><a href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.com</a><br>https://lists.immunityinc.com/mailman/listinfo/dailydave<br></blockquote></div><br></div></div></body></html>