A News.com report on the leading networking company.

Cisco: No zero-day at Black Hat

There was no new security vulnerability disclosed in Cisco Systems' PIX firewall at Black Hat, the networking giant said this week. It has investigated claims by a security researcher that the firewall was flawed, but could not reproduce the issue.

"(We're) closing the loop on this one...for now," Cisco spokesman John Noh wrote in an e-mail to CNET News.com.

In a presentation at the Black Hat security event in Las Vegas earlier this month, Hendrik Scholz of Germany's Freenet Cityline briefly mentioned a flaw in Cisco software. This apparent flaw had not been patched, he said.

"We've been working with Mr. Scholz ever since his disclosure in order to re-create this vulnerability," Noh wrote. "So far, we have not been able to reproduce issue and therefore cannot confirm his claim."

Cisco will keep testing and updating a security notice on the issue with new information if it becomes available, Noh said.

According to Scholz the PIX firewall in Cisco's PIX 500 Series Security Appliances could be compromised by sending a specially crafted SIP message to the appliance. SIP, or session initiation protocol, is used in VoIP (voice over Internet Protocol) applications.

Cisco did not know of the possible problem before Scholz's Black Hat presentation, the company said.

Cisco's reaction to the disclosure at Black Hat this year is noticeably different than last year when the networking giant drew the ire of many Black Hat and DefCon attendees after it sued a security researcher and conference organizers.

A Cisco zero-day at Black Hat?

Last year, Cisco Systems sued a security researcher and organizers of the Black Hat event after a presentation on switch and router security. This year, Cisco is quietly investigating a possible flaw that was mentioned during a talk on VoIP.

In a presentation Wednesday at Black Hat in Las Vegas, Hendrik Scholz of Germany's Freenet Cityline briefly mentioned a flaw in Cisco software, Black Hat organizers said. This flaw had apparently not been patched. Scholz and Black Hat are now keeping quiet on the issue to give Cisco time to investigate and respond.

"We are looking into it," said John Noh, a Cisco spokesman. "We have to look at the validity of it. We take these things very seriously. And if we need to inform our customers, we will."

It is unclear exactly what Cisco application the alleged flaw is in, but it appears to be related to voice over Internet Protocol applications since Scholz's talk was on "SIP Stack Fingerprinting and Stack Difference Attacks." Most of Cisco's current products don't yet offer extensive SIP, or Session Initiation Protocol, support.

Cisco's reaction to the disclosure is noticeably different than last year when the networking giant drew the ire of many Black Hat and DefCon attendees after it sued a security researcher and conference organizers.

The legal action followed a presentation by researcher Michael Lynn, who demonstrated he could gain control of a Cisco router by exploiting a known security flaw in Cisco's Internetwork Operating System. The operating system had until then been perceived as impervious to such attacks.

This year, Cisco is playing nice. The company is one of the main Black Hat sponsors and Chief Security Officer John Stewart is in attendance. Cisco on Wednesday also threw a party for Black Hat attendees at Pure, the night club at Caesars Palace. One of the attendees spotted at the party: Michael Lynn.

Yellow chairs for free Wi-Fi

A pair of designer/artists in San Jose, Calif., are trying an experiment in community technology: If they can find a couple of households to volunteer their Wi-Fi networks, they'd like to set up yellow chairs within range for the public to use for free wireless Net access. The idea is modeled after projects in some parts of Europe where yellow bicycles are available for community use.

How to upgrade your wireless router

Call us cynical, but we doubt that cities will be blanketing the country with high-bandwidth Wi-Fi networks anytime soon. In the meantime, we'll be left to our own devices--literally, as well as figuratively. So we're thankful that the ever-useful Lifehacker has posted this article, which gives instructions on how to "turn your $60 router into a $600 router."

President Bush to visit Cisco

President George W. Bush is heading to Northern California this weekend where he's expected to pitch his ideas for improving the country's technological competitiveness and developing new fuel options.

First stop on Friday is Silicon Valley, where the president will attend an event at the campus of tech giant, Cisco Systems in San Jose. The president is expected to pitch the American Competitiveness Initiative, a proposal which would double government funding for basic research in the physical sciences.

If Congress approves the initiative, the government will pay for thousands of new science and math teachers to be trained. The initiative would also extend a popular tax credit to businesses investing in research and development. The proposal will likely cost tax payers in the neighborhood of $136 billion over 10 years.

On Saturday, President Bush will head to West Sacramento where he will tour the California Fuel Cell Partnership. Bush mentioned hydrogen fuel cell cars in his State of the Union address in January, calling for more research to be done to make better batteries for hybrid and electric cars and hydrogen vehicles.

Even though fuel-cell vehicles are still decades away from becoming reality, Bush will likely use the opportunity to talk about what the government is doing to stem rising gas prices.

Cisco invests$275 million in Saudi Arabia

Cisco Systems is investing $265 million to expand its operations in Saudi Arabia the company said on Tuesday.

The company plans to add hundreds of new employees boosting the headcount from 70 to 600. It also plans to establish network training centers and sponsor a technology innovation institute to incubate Saudi start-ups. The investment will be distributed over the next five years. Cisco also said it plans to help provide network infrastructure to 2,000 Saudi homes in poor communities.

This is not Cisco's first investment in the Middle East. The company has been working closely with the king of Jordan since 2003 to develop the Jordan Education Initiative (JEI), an ambitious e-learning project.

Cisco is linking hundreds of primary and secondary schools to universities and community centers and research institutions around the country via the Net. The company has also created 12 Cisco academies which focus primarily on preparing young women in Jordan for careers in the high-tech job market. These academies are teaching math and science and information technology. They've produced 600 graduates so far.

Last year, Cisco was awarded a corporate excellence award by the U.S. State Department for its educational efforts in Jordan.

Memo to Sir Howard: Smack somebody!

It took 10 days to recognize its mistake but SonyBMG finally backtracked on a near disastrous decision to build CDs with a controversial copy-protection technology.

What I still don't understand is why somebody in a position of authority at either Sony or Bertelsmann, the joint owners of SonyBMG, didn't figure this out earlier. Security experts had earlier warned that the technology was vulnerable to exploitation by virus writers.

No matter: The bureaucrats at SonyBMG were willing to risk the firestorm in order to preserve what they viewed as essential copy protection control over their product.

All this brought to mind a similar furor over the 1994 discovery by a Lynchburg College mathematics professor named Thomas Nicely of a bug in Intel's Pentium chip. The vast majority of computer users were unaffected by the so-called FDIV bug. But it could have caused inaccuracies when big banks or other heavy-duty users carried out sophisticated formulas.

Intel's initial response was to ignore Nicely. When word spread, the strategy turned to stonewalling. Before you could say Jack Robinson, Intel had a full-scale PR disaster on its hands. For a company built by engineers and led by engineers, Intel wasn't prepared for the consumer blowback.

Eventually, the company agreed to swap out the affected microprocessors and that defused the issue. It was a painful lesson but Intel learned that perceptions matter: don't argue. The consumer is always right -- even when they're wrong.

You can almost excuse Intel for its slow response. After all, these guys were chip heads. It's hard to cut SonyBMG the same slack. These folks are all about consumer marketing so how do you explain their blind spot? It's one thing to argue about the rights and wrongs of DRM until the cows come home. But once this turned into a PR fiasco, the grownups -- including Sony boss Sir. Howard Stringer -- should have stepped in and put a stop to it.

Cisco racks up acquisitions

Cisco is on fire. On Tuesday the company announced the $97 million acquisition of Sheer Networks. This comes less than a week after it announced it was buying Kiss Technologies for its Linksys home networking division.

Cisco's AON: another platform play

Some people have wondered why Cisco entered the market for messaging through its own research and development investments, rather than buy an existing XML networking company. The reason, according to Cisco Chief Technology Officer Charles Giancarlo, has more to do with Cisco's ambitions than the potential acquisition price.

"We didn't feel that any of the companies has the kind of platform we want to build and we thought it was a fairy new market so didn't need to acquire somebody, " said Giancarlo. "Secondly, all of those companies are very focused on it XML and that still is a very small part of the installed base for application sharing and collaboration."

Indeed, a large part of the launch Tuesday of Cisco's AON business unit was supporting announcements from software partners, such as IBM, SAP and Tibco as well as several smaller firms.

By building a platform on which other companies can build add-ons, Cisco will help create a bigger market for application-oriented networking overall and avoid stomping on the toes of its software partners, Giancarlo said.

"The results show that we're not very much in conflict" with software companies, he said.

Although some people have their doubts about how successful Cisco will be in application-oriented networking, Giancarlo is pretty bullish. "I think this has the potential to be a billion-dollar technology."

Strong opinions on Cisco's AON launch

Cisco's new AON business unit has tech companies of all stripes on alert. That's not surprising given that Cisco is proposing that tasks usually handled by middleware or XML acceleration appliances be done in Cisco's own routers.

As Loosely Coupled blogger Phil Wainewright points out, the full significance of Cisco's AON launch is still being digested.

"Despite the lack of buzz and advance fanfare surrounding AON's debut, a swathe of vendors and their customers in the SOA (service-oriented architecture) market will be watching very, very closely," Wainewright writes.

On Tuesday at its Networkers customer conference, Cisco will officially launch the AON business unit. With AON, which stands for application-oriented networking, the networking giant has built a system for inspecting the contents of messages, notably XML messages.

That network-centric approach to sharing data between applications creates potential product overlap with many companies, including XML acceleration specialists, middleware companies, and Cisco's networking rivals.

"If AON takes off, it augurs far-reaching changes in the enterprise application market," Wainewright.

Meanwhile, competitors and some analysts are pointing out some challenges that Cisco faces.

Frank Dzubeck, an analyst with Communication Network Architects, said that Cisco will need to focus on what he called the "least common denominator" in message routing: XML.

He said the large degree of customization done in business applications makes the Cisco router approach problematic. As a result, Cisco will ultimately focus on XML acceleration, which is widely used and fully standardized.

But Cisco is late to the game XML networking game, Dzubeck said.

"Ultimately the economics are going to come into question. If I got blade servers, why don't I put a (XML processing) card in my blade server? It's cheaper than the card that's going into the (Cisco) Catalyst router," he said.

Dzubeck predicted that XML message routing will be used more in servers and storage devices than in networking gear.

August 2006 archive

S	M	Tu	W	Th	F	S
« July
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

More News.com blogs

• All CNET News.com blogs
• Apple blog
• Blogma
• Broadband blog
• Cellular blog
• Cisco blog
• Corporate security blog
• Deal of the day
• Dell blog
• Digital kids blog
• Enterprise software blog
• Future tech blog
• Gadgets blog
• Gaming blog
• Google blog
• Half-baked blog
• IBM blog
• Media blog
• Microsoft blog
• Missing links blog
• Music blog
• Open source and standards blog
• Oracle blog
• PCs blog
• Politics blog
• Processors blog
• Quote of the day
• RFID blog
• Science blog
• Search blog
• Security blog
• Sun Microsystems blog
• VoIP blog
• Web 2.0
• Windows blog
• Workplace blog
• Yahoo blog