FYI
I got an email that my CCO account's password was reset
last night. Not sure how widespread this issue was, but
I called my account contact and verified that this is
a valid email, and that my password needed to be reset.
Just a heads up.
-Joe Blanchard
My PW to CCO did not work this morning either. I am on hold with the TAC right now....
Joe Blanchard wrote:
From the Cisco website:
IMPORTANT NOTICE:
* Cisco has determined that Cisco.com password protection has been compromised.
* As a precautionary measure, Cisco has reset your password. To receive your new password, send a blank e-mail, from the account which you entered upon registration, to cco-locksmith@cisco.com. Account details with a new random password will be e-mailed to you.
* If you do not receive your new password within five minutes, please contact the Technical Support Center.
* This incident does not appear to be due to a weakness in Cisco products or technologies.
When I tried to access my CCO account this morning I got a page with instructions to email cco-locksmith@cisco.com to get a new password. I did this from the email address registered to me on CCO and promptly received a new password to my email address which worked properly after that.
Same here. I didnt get a notice that it was reset, but I cannot login
---Mike
Happened to me as well.
- SLS
Yeah, I tried that. Didn't work in my case.
- SLS
People claim that accounts were compromised, thats why they are resetting them all,
looks like Lynn’s friends have made their moves for revenge.
stursa@mailer.fsu.edu (Scott Stursa) wrote:
> When I tried to access my CCO account this morning I got a page with
> instructions to email cco-locksmith@cisco.com to get a new password. I did
> this from the email address registered to me on CCO and promptly received
> a new password to my email address which worked properly after that.Yeah, I tried that. Didn't work in my case.
Neither did it in mine (multiple accounts hooked on one email address
is what cco-locksmith complained about). I have sent the appropriate
email to cco-team, but heaven knows when they will process it.
I give them a day before escalating; I'm pretty sure they're currently
pushing staff into the cco-team so the requests can be served.
What bothers me is that some people got notifications while others got
none - any idea on why (I didn't get any)?
Yours,
Elmar.
Another "me too" here. However, it appears that there is a hiccup with my account. According to the note, there's more than one CCO account associated with my email addy (which is strange since I only know of one) so now I'm on hold with Cisco Live to see if I can get it all worked out.
What a mess.
Scott Stursa wrote:
People claim that accounts were compromised, thats why they are resetting
them all,looks like Lynn's friends have made their moves for revenge.
demonstrate proof for your assertion please.
No proof, just a sarcastic comment, dont get me jailed 
but really, everyone is claiming its a compromise
Yes, that's what it said in my case; likewise, it makes no sense.
Obviously there's a problem; hopefully an explanation will soon be
provided. Even better if it could be resolved without everyone having to
re-register.
- SLS (digging through his files to find the account number)
Once upon a time, Jared Mauch <jared@puck.nether.net> said:
From the Cisco website:
IMPORTANT NOTICE:
<snip>
* This incident does not appear to be due to a weakness in Cisco products or technologies.
Does this mean that CCO is not a Cisco product or technology?
Odd that lots of people are trying to download new IOS images and then
CCO locks them out.
The notice I saw (purely on accident) - and the same that was quoted by
Jared Mauch - is/was shown when you hit no/cancel on the HTTP auth
window...
My understanding from a cisco guy who's working with us on some issues, is
that they were given prior notice - but as far as I can tell,
non-cisco-internal people weren't.
- d.
I've talked to "People" at cisco before about email handling
stuff, it takes them a lot of effort to make lists such as
'cust-security-announce' deliver quickly. I've had some experience
tweaking large lists as well, it takes a significant amount
of effort to deliver to 2k users quickly. Cisco has a lot more than
that registered, and I suspect the delivery is a bit more complicated
with all the dns/resolver load going after all the possible customer
domains they have.
To give you a rough idea (cisco-nsp for example is a list I host
and is delivered fairly quickly by most peoples standards..)
smtp to cisco-nsp for 2655 recips, completed in 341.639 seconds
Now imagine if instead of 2655 users it was 1-1.5million,
that puts it at 53 hours in my rough guestimate. (assuming i know
what i'm talking about, and the higher number of 1.5m).
It took a fair amount of tweaking to get this down
to something reasonable, including some customization to shift some
of the heavy lifting.
I'd expect Cisco to fix most of the accounts in the first
48 hours is my real guess, then the time will come down to 24. Probally
due to the sheer volume of cases.
Hopefully you already have your software you need for now...
- jared
Kim Onnel wrote:
I think just about everyone's got reset. Internal and external folks from
what I've heard. *shrug*
On the other hand, people aren't usually good about resetting passwords, so
that's one way to mitigate problems.
Scott
Don't worry this will all get fixed. Just take it as a break from work for
a few hours and enjoy the day. Personally I would like to do some
downloading but will enjoy the fact I am forced not to work in such a hectic
world.
Kim
No, it means that the password scheme of whatever the web-site uses to allow
access or not is not directly a Cisco product. It means it's something that
could happen to anyone.
One could have a great network of great products and all it takes is one
small door to remain open someplace in a seemingly unrelated issue to bring
down the house.
Bummer on the IOS download part, but that would be crappy timing, not
necessarily a correlation!
Scott