[omgCPhuture]

OK, I am pretty sick of this, so excuse me for blogging a post, but decades of this crap is getting to me:

Ok some bad actors abuse your bad crappy gear to pwn & spy, but you, Cisco, help your government spy on everyone, including allies, I would call this karma, but the scale you are aiding and abetting the US Gov do it on does not even compare.

Frankly, nobody should be using any closed source networking gear, packet switching infrastructure has become way to important to rely on $corp and $bs sales line they are pushing. I get that you, Cisco, hav nobody to talk to about how you are being abused to aid your own government, that is how National Security Letters work: * Some alphabet soup picks up a phone to the domestic espionage part of the FBI wanting something not legal as of then. * FBI prepares another production of the dog & pony rubberstamp show trial known as FISA. * A whole charade is put on * and in the end the applicant gets to write a letter dictating that $us_company, must do $whatever the heck they want. * Include a gag order * and a friendly threat of getting charged under the Espionage Act (which essentially means you are convicted; the trial is a formality as just about any evidence is inadmissible, on national security grounds, of course.). * Somehow not see the obviously parallel to a circle jerk * Simultaneously confusing me on how that is different from say. China's way of doing things, except more shady and secretive.

Cisco, Microsoft and Juniper should start a support group and call it Whiners Anonymous, not talk about their complicitness in Global surveillance and STFU whenever their shit code gets exploited by $anyone_else... or they could just pay for the damage in the wake of their crap exploding in our faces.

I recall hacker, a dude named Mike, who tried telling you I IOS had memory corruption bugs over 20 years ago. I also remember the absolute denial about it, impossible, did not exist. "Go ahead have your talk at your Con, you look a fool.", essentially.

The Con came and what do you know, a bunch of Cisco lawyers show up threatning Mike, attempting to intimidate him from speaking about this thing Cisco insisted was not possible and did not exist. By then we all knew was very real, duh. Some hackers did not take lightly to the affair and sudddenly IOS source code shows up online: dumped in #darknet on EFnet from cisco.com by someone using the handle Franz. So, yeah hackers can break into computer systems, duh. However, in my experience, those of us who hunt for 0day and develop techniques that turn seemingly small innocent bugs into barn doors you could drive a buss through are not the ones going around causing wanton destruction or espionage onmassive scale, but you can only piss them so many times in the face and insist it is raining before getting a reaction, and abunch of hackers who spend their time in GDB, source code hunting 0day can have a hell of a reaction.

Predating all this, of course, is Mudge & the l0pht gang, who waited forever to speak before US Officials, explaining how anyone with a BGP router could shut down the Internet in 30 minutes and reroute AS prefixes at will, in 1998: https://www.youtube.com/watch?v=VVJldn_MmMY

Mudge would eventually end up in DARPA, a gig I envy, I mean, shit, they invented Internet the web lives on, but WTF ever happened to SIGNED BGP updates?! You know, the fix!? That took a while, eh? I barely knew of him or the l0pht then, except for PHRACK #49, article 4: http://phrack.org/issues/49/4.html because I wanted to read article 14, http://phrack.org/issues/49/14.html. An obscure article then, by now infamous: Smashing the Stack for Fun & Profit. I took up Assembler and C specifically to master what it was describing, seemed so hard then, yet so simple now.

Since then I have watched you, Cisco, get expert advice & warnings from hackers and hire master hackers only to put them to the least possible good use. I believe you put one fella who went by the handle route to write your blog. Another quit and soldy ou back his new company, list goes on.

So, I guess my questions at this point are: * how come you keep shitting on hackers when you mean threat actors * seem to completely ignore warnings from the likes of us and when you do hire brilliant hackers essentially box them up and shelve them * yet year after year, for decades manage to whine like a baby whenever your shoddy, shitty crap code? * Have several decades of hackers trying to lend a hand only to get threatned, ignored or shelved not made your entire board commit seppuku?

I myself remember when a representative from Cisco came to our class to talk about your overpriced MIPS boxes with hw accelerated NIC modules. Security was top priority he told us, faster than any Linux router.

I had simple question about that: How come your devices still come with telnet and require an upgraded support contract for SSH when the UNIX world + clones all have that for free? Somehow his pause to think triggered another question in me: Did you just compare hardware routing to software routers when you claimed superior speed? I myself has leaned more to the BSDs, FreeBSD especially because of how stable, simple & flexible it was to me, with easy to read kernel code too, reading it is how I picked up coding kernel modules in general. While not perfect, that flavour of open source systems was superior simplicity and stable networking, but I did come up on Linux, Slackware to be exact. I have endured mockery and weird looks from many growing up doing that, including my class mates when I took my bachelor degree. They soon understood I was on to something since I just reset my VM of $pickAnOperatingSystem while they all were reinstalling. W2K Domain Controllers come to mind:)

Anyhow, I digress: I went and got a box from class, a couple of hardware accelerated NIC modules, which was assembled and ready2go by the time his stuttering stopped. It smoked that thing he clinged to as secure, fastest, yada yada. I will note within years that SSH thing changed for the better, though.

A few days later I get called into the head office to get told the Cisco representative had tried to get me expelled. For a second I was worried, after all my government was paying tens off thousands in tuiition for me to go to schoo baked on weed and pretend I learned things I already knew from years of doing things the hard way, until they assured me they had no intention of doing so, because of course, I was right and proved them wrong.

I ditched Windows as soon as it broke and I got beat up for -after all my Mom had VB homework and it was mere days since I used the computer she used daily, of course I was at fault and at age 11 beaten by a grown manand told to fix it: the garbled characters on thescreen was not the win95 logo. Turns out it wasrather simple, but not wanting another beating i partitioned of 250MB and booted slackware using a diskette with LILO. Probably the best decision I ever made for myself, but I bring it up because I have had it with huge ass corporations bitching about their expensive stuff breaking because they did polish the turd before shipping.

* So, is denial not only a river in Egypt, but corporate policy along with threats and intimidation at Cisco?

Not much has changed since then, except the cuter naming of things, like IronPort Email Gateway my own government uses that might as well be called Buggy Port with all the easy ways to sneak stuff past it. Ordinary people like myself have no choice but to put up with out tax dollars being spent on crap with bugs and backdoors up the wazoo, not to mention the effects it has on us when it breaks.

Whatever the case may be, after 20+ years of acting like a bitch whenever your crap blow up in everyones face, could you please SHUT that PR Campaign of whining the fuck up? Either you suck, or you are doing this on purpose, and it is not like hackers have not tried to help you out for over 25 years.

HEY, Cisco Microsoft can bond over that, after all they denied the existance of security bugs until 1999 when finally CVEs started coming out and now number over 7000, but hey, anyone could mislabel a Doormat as Defender and accidentally steal lots of peoples code to parse file headers and manage to screw up the copy/paste, after all that seems to be modus operandi ever since they did that to the BSD TCP/IP stack. How do you manage to mess up a copy of the free, premier networking stack of the day? I guess Bill was in a Rush because MArc tuned out to be serious enough to put his company sporting some thing called Mosaic (whatever that is!:) on the stock exchange, eh?

To add insult to injury we pay sales reps posing as consultants to setup and run all this crap, so is that endless PR complaining of whining like little bitches really necessary? Could it not be either or?

I am so sick of the endless bull shit from Cisco & co I could go on for eons, but I am hungry and need to get my bake on, but i really hope a meteor shower strikes all of Cisco HQ, and would not cry if a Tunguska even sized comet hit MS in Redmond, except may from joy.

</bitchingAboutBitches>