Cisco is a knowingly long left open attack surface in a video surveillance software comparatively expensive. The network equipment supplier has reached an out-of-court settlement with the US Department of Justice and 15 states and the Washington district for the sale of the unsafe program to hospitals, airports, schools, prisons, police and other government agencies and the military to the plaintiffs US $ 8.6 million -Dollar to pay.
Found by Whistleblower
Whistleblower James Glenn warned the Californian corporation in 2008 that the Video Surveillance Manager (VSM) he was driving had a dangerous security vulnerability. According to US reports it should have been possible for attackers in the simplest way to turn cameras on and off, to delete video recordings and to potentially switch off other connected security systems such as alarm systems unnoticed.
Glenn was working at contractor NetDesign at the time he sent detailed hints to the Cisco vulnerability. The dismissed him in 2009, but allegedly not in retaliation for the disclosed error. The fiery filed a lawsuit at a New York court two years later alleging false allegations and claims. Only then in 2013 Cisco gave one Security warning for the VSM software and classified the vulnerabilities as critical. At the same time, the Californians provided updates that allowed users to finally seal off the attacks.
No indication of abuse
The settlement marks the first-time completion of a process in which a company must pay on the basis of a US whistleblower protection law because it has not made sufficient provision for cybersecurity. The government and states that have joined the lawsuit receive 80 percent of the money, with the rest going to Glenn and his lawyers. Cisco was relieved to have the argument over the table. A company spokesperson emphasized that there were no allegations or indications that hackers were gaining unauthorized access to customer video because of the vulnerabilities.
. (TagsToTranslate) Cisco (t) vulnerabilities (t) penalty