Wednesday, October 17, 2007

40 Cisco employees arrested

40 Cisco employees have been arrested by Brazilian authorities, as part of a massive tax fraud investigation. Police and tax authorities say that Cisco's Brazilian unit has imported ё250 million worth of telecommunications and network equipment over the last five years without properly paying import duties. In all, it is claimed that the company owes an estimated 1.5 billion reais (ё410 million) in taxes, fines and interest.
Senior company executives and six government tax officials were among those arrested, say police, but no names have been released. Brazilian authorities also asked the U.S. police to issue arrest warrants for five more suspects currently in the United States.

"Cisco is cooperating with the investigation that is underway," says a company spokesman in Sao Paulo.

The investigation, which has been going on for two years, alleges that Cisco's Brazilian unit used companies based in tax havens like Panama, the Bahamas and the British Virgin Islands to avoid paying import taxes in Brazil.

Authorities say that Cisco also systematically understated the value of merchandise it imported to pay less taxes and frequently issued falsified receipts and other documents.

About 650 police agents and tax officials served 93 search warrants in the states of Sao Paulo, Rio de Janeiro and Bahia on Tuesday. Police also suspect that some Cisco employees in the United States were involved in the scheme.

"It's inevitable that this investigation is going to lead us to headquarters," says Erika Nogueira, the federal police official in charge of the probe.

Police say they had no evidence that Cisco's customers in Brazil were aware of the scheme but that each sales contract would be investigated on an individual basis.

Monday, October 15, 2007

Cisco IOS Line Printer Daemon Buffer Overflow Vulnerability

Andy Davis has reported a vulnerability in Cisco IOS, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the LPD service of Cisco IOS when printing an error message containing an overly long (more than 99 bytes) hostname. This can be exploited to cause a stack-based buffer overflow by e.g. connecting to the default LPD port (515/TCP).

Successful exploitation may allow the execution of arbitrary code but requires that the LPD daemon is enabled (disabled by default) and that the attacker can control the hostname of the router.

Update to 12.2(18)SXF11, 12.4(16a), or 12.4(2)T6.

Provided and/or discovered by:
Andy Davis, IRM Plc.

Original Advisory:
IRM Plc.:


Cisco gives its Security Research Center a Makeover

Not many people realize that Cisco has been silently improving their security threat information site called The Cisco Security Center ( I would also go out on a limb and guess that not many people ever knew Cisco provided free security research content. Bottom line is the site offers lots of excellent, and free, security content.

A large percentage of the content comes from its IntelliShield business unit. Cisco IntelliShield is a paid, subscription service that provides all sorts of customized security reports. The good news is that many of the general reports are now being offered for free on the Security Center Website.

So what cool reports are available on this site, well here are some examples:

Every Month a report that has Cisco’s response to the latest Microsoft Security Bulletin. This includes recommendations on how to use Cisco gear to thwart the threats. Everything from the exact Cisco IPS signature numbers to example code snipits for ACLs, NBAR, etc are provided when applicable. Check out the October one here

Intellishield reports that provide in depth info on recently released vulnerabilities. These reports give details on things like the urgency(likely use), credibility, and Severity of a given vulnerability. Keep in mind that many of these reports are only available with the paid service but I’ve found that most of the big ones are provided free. Here is an example report

IntelliShield Security Activity Reports are my favorite report type on the site. To describe these reports I’ll just quote from their website, “The IntelliShield Periodic Security Activity Report (PSAR) is a strategic intelligence product that highlights current security activity and mid- to long-range perspectives. The report addresses seven major risk management categories: vulnerability, physical, legal, trust, identity, human, and geopolitical. The PSARs are a result of collaborative efforts, information sharing, and collective security expertise of senior analysts from Cisco security services.” Here is an example

A complete listing and detail around the latest Cisco IPS Signatures available. This detail includes a description of the signature and threat, known benign triggers, links to related security reports, and the severity of the alarm. Here is an example, but it does require CCO login

All of the Cisco product security alerts, or PSIRTs, are listed on the site. Details of the vulnerability, as well as any viable workarounds, are provided. Here is an example

Take a look at the site and some of the reports available. What do you think of the content available? Anything missing that you’d like to see?

Tuesday, October 9, 2007

Cisco seeks more voice-recognition technology

Cisco Systems Inc wants to add more sophisticated voice-recognition technology to its products aimed at helping office workers communicate more flexibly, a senior executive said on Thursday.

Barry O'Sullivan, head of Cisco's Voice Technology Group, told Reuters he was not sure if the network equipment maker would develop such technology internally or through partnerships or acquisitions.

He said improved voice technology could be added to Cisco's "unified communications" products, which tie together e-mail, phones and other tools such as instant messaging and video conferencing.

"We'd like to be able to do things like search for stored conference calls, and intelligent tagging of voice," O'Sullivan said in a telephone interview.

An increasing number of companies are offering "unified communications" products. Cisco both competes and partners with companies like Microsoft Corp (MSFT.O: Quote, Profile, Research) and IBM (IBM.N: Quote, Profile, Research) in this business.

O'Sullivan said the company would continue to work with others to ensure customers have access to various software and equipment, but relationships among the various players were likely to change over time.

"There's a $30 billion market opportunity out there. We're all circling around it with different strengths and we all want a piece of the pie," he said.

Wednesday, October 3, 2007

Cisco Releases New Branch Office Products

Cisco Systems Inc. last week announced a bevy of new remote office products, starting with a branch-friendly version of its Integrated Services Router (ISR) entry - the new ISR 1861 - a lightweight series of Catalyst 2960 Switches (complete with Cisco's LAN Lite IOS Software) and, significantly, the availability of 802.11n WLAN Controller support for the ISR.

Analysts are upbeat about Cisco's branch office bonanza, which they say addresses clear corporate pain points. At the same time, they caution, Cisco's new branch office deliverables are far from market-changers.

"These products broaden Cisco's potential in the enterprise branch market but are not in of themselves giant leaps," said Steven Schuchart, principal analyst for enterprise network systems. "These new products will intrigue new customers but will not necessarily be prime motivators for new sales."

Not that Cisco is any stranger to the enterprise branch, of course. The market is already an established (and highly competitive) player in this segment, according to Schuchart. "Cisco has been focusing on the enterprise branch for some time and the 2960 with LAN Lite and 1861 ISR in particular give customers more choices for smaller branch offices. These products also give Cisco a good play for the small and medium enterprise market," he said.

Schuchart also singles out the availability of 802.11n support on Cisco's Wireless LAN Controller module for the ISR, which he expects will help placate existing customers as well as attract new ones.

He cautions, however, that most customers have adopted a wait-and-see comportment with respect to 802.11n - so the new high-speed WLAN Controller module probably won't be an enormous hit.

"This fleshes out the 802.11n strategy and product line announced earlier this month and gives customers who need the raw speed of an n-based solution the option of adding it to the ISR," he said. "Cisco has been leading the market with modular on-router wireless. Cisco's customers can pick from any number of modular options for many ISR models that allow customers to tailor the products to their needs, as opposed to the all-in-one options offered by many of their competitors."

Cisco Acquires Latigent

Cisco will have Web 2.0-based reporting systems added to its contact centre systems as a result of the new acquisition of Latigent.

Latigent is a top provider of web-based business intelligence and analytics reporting solutions.

Its products take advantage of Web 2.0 principles that help customers to create scalable, flexible and easy customisable real-time reports for contact centres.

The deal will see Latigent's products work with Cisco's Unified Customer Contact solutions.

Laurent Philonenko, vice president and general manager of the Customer Contact Business Unit at Cisco, said: "By acquiring Latigent, Cisco is signalling a commitment to increase the value of customer investments in our customer interaction solutions by providing appealing, robust and dynamic tools to enable increased visibility and efficiency."

News brought to you by Comms Express, number one for switches on the net.

Cisco may buy WiMax Player

Cisco Systems Inc. is close to buying a company that makes WiMax base stations, according to an industry report. The move would be Cisco's first foray into the wireless technology.

Cisco, by far the largest networking equipment maker, would not comment on the report, but a spokesman did refer to Cisco's online position paper on WiMax. While the paper notes that "WiMax will be one of several high-speed wireless WAN technologies seeing broad deployment," it adds, "Cisco has no current plans to build WiMax base stations or base stations using any other WAN radio access technology."

The paper notes that Cisco will work with partners and also provide IP technology for next-generation base stations, while its partners will provide the radio components. Also, Cisco plans to provide IP infrastructure to network the base stations together, the paper says.

The wireless news Web site Unstrung reported that two unnamed industry sources said the purchase could take place in a matter of weeks and that Cisco had narrowed down the potential list of targets to four companies: Alvarion Ltd., Aperto Networks Inc., Navini Networks Inc. and Redline Communications Inc.

Craig Mathias, an industry analyst at The Farpoint Group and a Computerworld columnist, said that it makes sense -- but it's "not essential" -- for Cisco to be involved more directly in WiMax. He said any of the four companies being named would be solid choices. Mathias said he had not heard any rumors, however.

"Every company is on Cisco's list to buy all the time," he noted. "They buy according to what's going to provide the biggest return on investment."

Last month, Cisco announced plans to buy Cognio Inc. in order to acquire its wireless network management technology. That would be Cisco's first acquisition of its current fiscal year but its 122d purchase overall.