Last minute geek

last minute tech news from around the net

Saturday, Apr 10th

Last update05:00:35 PM

You are here: English BoingBoing ibag Cisco's failure to heed whistleblower's warning about security defects in video surveillance software costs the company $8.6m in fines

Cisco's failure to heed whistleblower's warning about security defects in video surveillance software costs the company $8.6m in fines

User Rating: / 0
PoorBest 
In 2008, a security researcher named James Glenn warned Cisco that its video surveillance software had a defect that made it vulnerable to a trivial-to-exploit attack; for four years afterward, the company continued to sell this software to schools, airports, hospitals, state/local governments, the US military, FEMA, the Secret Service and police departments without mitigating the defect or warning their customers that internet-connected randos could undetectably peer through their security cameras, unlock their doors, disable their alarms, and delete footage. Now, Cisco has entered into a settlement with the DOJ, DC and 15 states, and will pay $8.6m to settle all claims against it. Despite the fine, Cisco insists that nothing bad happened, because it never detected anyone making an undetectable attack on any of its customers' systems. 80% of the award money will go to the government agencies, while 20% will go to Glenn and his attorneys, who filed a whistleblower lawsuit after he was fired from Cisco subcontractor Netdesign. There's a lesson here about the people who advocate for allowing companies to decide when defects in their products can be revealed: companies are not trustworthy custodians of bad news about their products, even (especially) when the stakes are high and they face titanic liability for failing to mitigate reported defects. Hackers could use the flaw not just to spy on video footage but to turn surveillance cameras on and off, delete footage and even potentially compromise other connected physical security systems such as alarms or locks - all without being detected, according to Hamsa Mahendranathan, an attorney at Constantine Cannon, which represented whistleblower James Glenn. Read the rest

Read all
Comment Policy:
We pre-moderate any comments and welcome all kinds of thoughts, supportive, dissenting, critical or otherwise. We delete or censor comments that are:

* abusive
* off-topic
* contain personal attacks, or against any company or organization
* promote hate of any kind
* use excessively foul language
* is blatantly spam or advertising

We do not discriminate based on the person who is posting, and we never censor comments for political or ideological reasons. We never delete an appropriate comment because we disagree with its viewpoint or ideology, and we never publish an inappropriate comment because we agree with or support its viewpoint or ideology.


Attention spammers: we manually approve all comments. Spamming and blatant advertising will NOT be published on this site and is deleted immediately, you've been warned, do not waste your time here.

Add comment

Security code
Refresh