that bug was so egregious, it demonstrates a rare level of incompetence
I wish so much this was true, but it super isn’t. Some of the recent Cisco security flaws are just so brain-dead stupid you wonder if they have any internal quality control at all… and, well, there was the Crowdstrike thing…
Idk, this was kind of a rare combination of “write secure function; proceed to ignore secure function and rawdog strings instead” + “it can be exploited by entering a string with a semicolon”. Neither of those are anything near as egregious as a use after free or buffer overflow. I get programming is hard but like, yikes. It should have been caught on both ends
Some of the recent Cisco security flaws are just so brain-dead stupid you wonder if they have any internal quality control at all
At the super budget prices Cisco charges, do you really expect quality control to be included? You’ve got to buy a quality control subscription for that. /s
I had a couple of dlink gigabit desktop switches. Two failed so far, one has taken down the whole network, not just devices directly connected to it, and the other one fried 2 router ports when it died. I learned my lessons about buying crappy network hardware.
Edit: that happened within a few months, so these switches also have a very clear EOL.
Welp never buying anything D-Link ever again
Because they won’t support routers that were EOL a decade ago?
Companies should be forced to release all source code for products that are “EOL”. I will never change my mind on this.
Especially for stuff like medical implants
‘Sorry, your eyes are no longer supported’
And anything that touches on security (i.e. connected to the internet), and routers definitely count here.
May 1st 2024 was a decade ago? (The article has a list and only two are old as you mention, though not quite a decade yet)
Because that bug was so egregious, it demonstrates a rare level of incompetence.
I wish so much this was true, but it super isn’t. Some of the recent Cisco security flaws are just so brain-dead stupid you wonder if they have any internal quality control at all… and, well, there was the Crowdstrike thing…
Idk, this was kind of a rare combination of “write secure function; proceed to ignore secure function and rawdog strings instead” + “it can be exploited by entering a string with a semicolon”. Neither of those are anything near as egregious as a use after free or buffer overflow. I get programming is hard but like, yikes. It should have been caught on both ends
At the super budget prices Cisco charges, do you really expect quality control to be included? You’ve got to buy a quality control subscription for that. /s
Most reached EOL in may of this year.
EOL is still EOL
Then they can open source the code so someone else can fix the issue.
I had a couple of dlink gigabit desktop switches. Two failed so far, one has taken down the whole network, not just devices directly connected to it, and the other one fried 2 router ports when it died. I learned my lessons about buying crappy network hardware.
Edit: that happened within a few months, so these switches also have a very clear EOL.