In Cisco's defense, perhaps the legalese did not fully communicate the
intent of the service.
http://blogs.cisco.com/home/update-answering-our-customers-questions-about-cisco-connect-cloud-2/
CB
Has anyone seen this yet? Looks like Cisco was forcing people to join its
Cloud service through an update for it's consumer level routers.
http://www.neowin.net/news/cisco-locks-users-out-of-their-routers-requires-invasive-cloud-service
cisco has recanted on the forced cloud etc
randy
If the router is not connected to the internet (either due to network
design, or just because you ripped out the WAN cable) then it IS able to be
managed locally. Plug the Internet back in, and that option goes away.
Scott
"We take responsibility for that lack of clarity, and we are taking steps to make this right."
including firing the idiot responsible?
-Dan
"We take responsibility for that lack of clarity, and we are taking steps to make this right."
including firing the idiot responsible?
The Nussbacher axiom of management - "Management is like a cesspool - the really big chunks float to the top". I would assume the person responsible will one day be running Cisco.
-Hank
"and requiring a proof of physical access to the unit"? Yeah, sure,
that seems likely.
No, really, how bad an idea can it be to have a central database and
a system that's allowed to remotely log in, configure, and update
thousands of Internet-connected CPE? I mean, talk about making an
attractive target. Compromise this one system and gain access to
create a huge botnet. Complete list of CPE addresses and access
credentials in one juicy bundle. How is it that NANOG can see this
with no trouble but Cisco cannot?
What's stunningly clear is that Cisco did NOT think that stuff out.
You want content filtering? Boring. Been done for years, without
"cloud" features.
You want remote management? Boring. Been done for years, just look
at DD-WRT et.al.
You want configuration backup and restore? Still boring. Could have
figured a slick method to do THAT "to the cloud", as an option, with
per-account encryption, or config backup to local PC, or both.
Automatic firmware updates? Hey, effin' great! I heartily approve
of THAT idea, even of defaulting it to on. Just make sure I can also
turn it off. "Forced" upgrades are not acceptable. Requiring an
upgrade to happen over the public Internet is not acceptable. Make
sure we have the option to upgrade manually from a local firmware
file.
So is a user locked out of administering the router unless it can talk
to the cloud? If so, that's boneheaded in the extreme. Hey, Cisco,
when my DSL with static IP finally dies and I need to switch to a
provider that uses DHCP, how am I supposed to log in to my router
since it can not connect to your glorious cloud?
And the onerous puritanical TOS? Find and fire whoever came up with
that. That's just a complete load. Did you sign an agreement not to
watch porno DVD's when you bought your DVD player? It's *equipment*,
Cisco. Some people will invariably use it for purposes you find to
be objectionable. Geez.
... JG
Joe Greco wrote:
No, really, how bad an idea can it be to have a central database and
a system that's allowed to remotely log in, configure, and update thousands of Internet-connected CPE? I mean, talk about making an
attractive target.
No argument against the lack of wisdom regarding this cisco thing, but...
As a botnet operator in the business of making money (and thus relying on the availability of your botnets) why go through the bother of compromising such system and creating a botnet (which will be rather quickly fixed once the breach is noticed) when you can do it easily enough sending out a simple email with the proper binary code attached, relying on the PEBKAC paradigm. 
This method has been proven to be very effective, considering many 100s of millions of zombie computers exist.
Greetings,
Jeroen
1+ billion zombie computers .... source please?
This method has been proven to be very effective, considering many 100s
of millions of zombie computers exist.