Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cisco Pushing 'Cloud Connect' Router Firmware, Allows Web History Tracking

Soulskill posted more than 2 years ago | from the solution-looking-for-a-problem dept.

Networking 351

Myrv writes "Reports have started popping up that Cisco is pushing out and automatically (without permission) installing their new Cloud Connect firmware on consumer routers. The new firmware removes the user's ability to login and administer the router locally. You now must configure the router using Cisco's Cloud connect service. If that wasn't bad enough, the fine print for this new service allows Cisco to track your complete internet history. Currently, it appears the only way to disable the Cloud Connect service is to unplug your router from the internet."

cancel ×

351 comments

Sorry! There are no comments related to the filter you selected.

Upgrade Instructions for Cisco Clients (5, Funny)

Anonymous Coward | more than 2 years ago | (#40494589)

1. Unplug router
2. Open garbage can lid
3. Insert router
4. Close garbage can lid
5. Purchase new router

That shit? Fuck it.

Re:Upgrade Instructions for Cisco Clients (4, Informative)

alphatel (1450715) | more than 2 years ago | (#40494611)

or Tomato [polarcloud.com] , or DD wrt [dd-wrt.com]

Re:Upgrade Instructions for Cisco Clients (3, Informative)

Anonymous Coward | more than 2 years ago | (#40494791)

Not supported (yet). Last time I checked, the original Tomato has not produced any further updates or additional supported routers. It's really about TomatoUSB (which is also somewhat outdated) and all the forks (Vics-a-geek, Shibby, Openlinksys, etc) that came from that tree. I've been running those firmware almost immediately out of the box as soon as the router model was supported.

Re:Upgrade Instructions for Cisco Clients (5, Informative)

Local ID10T (790134) | more than 2 years ago | (#40494815)

The option to install firmware yourself is greyed out on routers after the "upgrade". I have read that if you call Cisco and complain they will allow you to roll back to a previous firmware (without Cloud Connect) at which point you can manually upgrade to non-Cisco firmware.

Re:Upgrade Instructions for Cisco Clients (5, Informative)

Megane (129182) | more than 2 years ago | (#40495019)

What I read in the linked thread yesterday (when this was still in firehose) is that if you disconnect from the internet, the manual upgrade option becomes available. Then you "upgrade" to an earlier version of the firmware, remembering to then uncheck the "automatic updates" option.

Re:Upgrade Instructions for Cisco Clients (5, Informative)

Jahf (21968) | more than 2 years ago | (#40494871)

At least 3 of the routers affected (EA3500, EA4500, E4200v2) are using Marvell chipsets. Not sure about the EA2700. Which means that, unless someone decides to add chipset support, DD-WRT doesn't run on these routers.

Upgrade Instructions for STUPID OWNERS (4, Insightful)

plover (150551) | more than 2 years ago | (#40495017)

So who just plugs in a firewall/router and starts using it out of the box without changing the password and checking over all the settings?

Under the Administration / Management tab, you'll find a radio button clearly marked "Remote Management", and beneath that settings for Remote Upgrade. The day I installed it I discovered remote management was enabled by default, so I immediately set it to disabled. I remember thinking "My god, that's f*ing stupid! Who would ever want to expose router management to the wild side?" Apparently this answers my question.

Anyway, for anyone here who is outraged that their router has been pwnd by Cisco, SHAME ON YOU for not securing your own damn router yourself before hanging it on the intarwebs!

Re:Upgrade Instructions for STUPID OWNERS (4, Insightful)

symbolset (646467) | more than 2 years ago | (#40495093)

I guess the question to ask yourself is, if a company would do this then what would that checkbox do?

Re:Upgrade Instructions for STUPID OWNERS (5, Insightful)

JDG1980 (2438906) | more than 2 years ago | (#40495159)

So who just plugs in a firewall/router and starts using it out of the box without changing the password and checking over all the settings?

Average users.

Under the Administration / Management tab, you'll find a radio button clearly marked "Remote Management", and beneath that settings for Remote Upgrade. The day I installed it I discovered remote management was enabled by default, so I immediately set it to disabled. I remember thinking "My god, that's f*ing stupid! Who would ever want to expose router management to the wild side?" Apparently this answers my question.

This should never have been enabled by default. It's terrible security practice: the default settings should be as secure as is reasonably possible, and any loosening of those settings should have to be explicitly approved by the user/administrator. This is especially true on a consumer focused product that many users aren't going to be configuring at all.

Re:Upgrade Instructions for STUPID OWNERS (3, Insightful)

plover (150551) | more than 2 years ago | (#40495295)

I know exactly why Cisco did it, so they could remotely administer routers for "average users". That's not necessarily a terrible thing.

My complaint is with technical people, such as the fine folks lurking here on slashdot, accepting any security device's defaults without checking them over. It's not like it requires arcane knowledge to look at the configuration screens; it just takes a mouse. You don't have to find a bunch of settings in a README.TXT file from some random website to know what you're looking for, or pull up a wiki page to explain what you're seeing. It's a button on a GUI screen that's clearly screaming out "LET SOMEONE ELSE RANDOMLY MESS AROUND WITH YOUR SECURITY", and these supposedly technical people left it checked. I clearly have no sympathy for them.

Re:Upgrade Instructions for STUPID OWNERS (5, Funny)

DJRumpy (1345787) | more than 2 years ago | (#40495173)

I told my parents they should be ashamed. They first wanted to know what pwnd meant and if it involved urination. Then then wanted to know what Remote Management meant and how they get it. They looked for a radio button on the router, but couldn't find any stations they liked to listen to, and when they tried to dial the radio button, the antenna fell off.

They weren't worried about the interwebs though, as they were sure they had a floppy for it in their desk drawer...

Re:Upgrade Instructions for STUPID OWNERS (0)

plover (150551) | more than 2 years ago | (#40495345)

And are your parents rabid Slashdot denizens? Does your dad have a 4 digit UID? Does your mom keep her CISSP current? Then no, I'm not shaming your parents.

You, on the other hand, if you owned one of these and accepted the defaults, well, why wouldn't you have looked? Why would you have left remote management enabled?

Re:Upgrade Instructions for STUPID OWNERS (1)

stanlyb (1839382) | more than 2 years ago | (#40495325)

And what would you do if the next upgrade checks this option automatically, and FORBIDS you to uncheck it? I know i know, you would not install any upgrades at all......

Re:Upgrade Instructions for STUPID OWNERS (1)

scubamage (727538) | more than 2 years ago | (#40495361)

SNMPv3 can have its own users configured, and you can use it to push out a firmware. So changing the default login info wouldn't matter if they created an SNMPv3 user to push out the firmware to your system since it would exist outside of the firmware authentication.

Re:Upgrade Instructions for STUPID OWNERS (3, Interesting)

UnderCoverPenguin (1001627) | more than 2 years ago | (#40495363)

So who just plugs in a firewall/router and starts using it out of the box without changing the password and checking over all the settings?

You presume that disabling remote management and automatic updates actually proevents the vendor from remote access to your router.

I did disable automatic updates and remote management. Having just found out about this, I will find out this evening whether they pwned my E3000

Last post! (5, Funny)

fotoguzzi (230256) | more than 2 years ago | (#40494593)

Have to disconnect my router.

Re:Last post! (4, Funny)

Anonymous Coward | more than 2 years ago | (#40494989)

wait! don't leave just yet, remember to run out and get a non linksys router

oh damn he already left

wow (4, Insightful)

v1 (525388) | more than 2 years ago | (#40494603)

that's all I can say really. This sounds worse than sony's disabling of features in a firmware update. Only this one you can't just not do. (and deal with the consequences of not being up to date)

But I bet this one gets sufficient backlash to require them to backpedal. Significantly altering the behavior of a purchased product by remote control, without opt-out. Arguably illegal?

Re:wow (2)

biodata (1981610) | more than 2 years ago | (#40494631)

UK has some law called something like the Misuse of Computers Act that might apply.

Re:wow (4, Insightful)

Quakeulf (2650167) | more than 2 years ago | (#40494741)

No, they will only want in on the data and let this slide.

Re:wow (2)

Serif (87265) | more than 2 years ago | (#40494793)

Ah, but you're forgetting that Cisco have lots of $$$ to afford expensive lawyers.

Wait. You didn't actually think that that law was supposed to apply to Mega Corps did you?

Re:wow (1)

SJHillman (1966756) | more than 2 years ago | (#40494633)

Maybe this is Cisco's way of pushing alternative firmwares (DD-WRT, Tomato, etc). It's actually a cleverly disguised advertisement for open source alternatives.

Re:wow (2)

somersault (912633) | more than 2 years ago | (#40494663)

It's incredibly dumb. Even without the whole spying on your history thing, what happens if you misconfigure your router? How do they expect you to fix the configuration when you lose your internet connection? Not everyone has a smartphone.

Re:wow (0)

Anonymous Coward | more than 2 years ago | (#40494701)

Some of the early reports seem to indicate you can still log in to it if it is not online.

Re:wow (1)

SJHillman (1966756) | more than 2 years ago | (#40494723)

As the last line of the summary mentions, if you disconnect from the Internet then you'll be able to log in locally. However, one of the posts in the link in the summary says that many of the features are disabled when logging in that way.

Re:wow (0)

Anonymous Coward | more than 2 years ago | (#40494715)

Does that means you can no longer check router logs/settings if the interweb connection died on you!
"Just take my money"(TM) now!

captcha for the post: sucked... LOL how appropriate!

Re:wow (5, Insightful)

torkus (1133985) | more than 2 years ago | (#40494721)

Not to mention I didn't even click-through an EULA on that router that could get them an idea they have some kind of "right".

It's MY router, I bought it. and it's not some quasi-goods digital product. This is a physical item. You want to back-door my router and install crippled firmware? I'll sign up with the class action if this is the case.

I don't want anyone *at all* to be able to update my router from the internet (or WiFi for that matter). In fact, almost every router has remote (i.e. internet) side administration disabled for obvious security reasons. Now they include the word 'cloud' and it's OK?

Hell, this isn't even cloud architecture anyway. It's just a web-based (pseudo-remote) remote administration tool. You'd think Cisco of all people would understand that.

Then I see things like this and can't help but smile at the "progress" :
Re: EA4500: weird login screen; can't login
Options
06-26-2012 05:10 PM

I found a hole... Dynamic DNS password is displayed in plain text

Re:wow (1)

mrchaotica (681592) | more than 2 years ago | (#40495075)

It's MY router, I bought it. and it's not some quasi-goods digital product. This is a physical item. You want to back-door my router and install crippled firmware? I'll sign up with the class action if this is the case.

This should not be a class-action (civil) issue; this should be a hacking and data theft (criminal) issue with the people responsible ending up in Federal prison!

Re:wow (0)

Anonymous Coward | more than 2 years ago | (#40495125)

People will still need restitution, and the best remedy for that is a class-action.

Re:wow (5, Funny)

girlintraining (1395911) | more than 2 years ago | (#40495151)

It's MY router, I bought it. and it's not some quasi-goods digital product. This is a physical item.

The firmware remains the property of the company. It's software. Therefore, you don't own it. Of course, without firmware, it's useless, but I doubt you'll get many judges to sign on with the idea that you own the firmware too. Thank you copyright law.

I'll sign up with the class action if this is the case.

Your terms of service have been patched. That option was removed by v43 of SCOTUS. It was a mandatory update to legal.sys. You'll have to use the legacy mode 'civil_action' after setting has_lawyer to true and extra_money to lots. Be aware, the legacy mode is really buggy; It produces different results depending on the locale set during install. Enabling it also occasionally causes the processor and memory to jump to 100% utilization and the I/O is doggedly slow.

Hell, this isn't even cloud architecture anyway. It's just a web-based (pseudo-remote) remote administration tool. You'd think Cisco of all people would understand that.

Cisco engineers do. Cisco marketing does not. Cisco marketing sees the value of having a complete web browsing history of a substantial cross-section of the world, and has chosen to leverage that to increase profits post-SCOTUS patch, and since the CEO and the board signed a legally binding agreement to maximize profits, the engineers had no choice. You should welcome your capitalist overlords, and as a IT worker, you can help increase their efficiency as they enslave others in their salt mines.

Re:wow (5, Interesting)

TheGratefulNet (143330) | more than 2 years ago | (#40494865)

good comment from a user post:


No persuasian needed. Seriously. The engineer was great and you could TELL he was sincerely apologetic about the issues. I asked him about the whole incident, and he basically hinted at a little war going on within Cisco and the final decision to go ahead with updating people like this was upper management, where the lower pay grades tried hard and fought against the way they did things.

The Engineer simply sent me to a link, the one that is already listed in these threads and gave me instructions on how to revert back to the older firmware with the caveat (and he was apologetic about it - again I could tell he really was sincere) that the old firmware cant be supported. He then proceeded to give me his email address (which I wont give out, sorry) and told me to feel free to contact him with any issues I have. Very cool, very professional, and sincerely apologetic.

I asked if they were being inundated with calls, his simple reply was a sigh and "you have no idea......"

from a user called 'markdr'.

this pretty much sums up the situation, I would guess. the regular guys who write code were not for this but some idiot mgr upstream pushed for it.

I feel sorry for the real engineers there who are forced to do bullshit tasks that they KNOW will piss off their users. I hate this side of software eng. evilness of top level mgrs usually end up winning ;(

Carriers? (0)

Anonymous Coward | more than 2 years ago | (#40494621)

Does Verizon use Cisco routers?

Re:Carriers? (0)

Anonymous Coward | more than 2 years ago | (#40494641)

If they did, not anymore.

Re:Carriers? (5, Informative)

Jahf (21968) | more than 2 years ago | (#40494947)

This only affects a very small number (4) of the Linksys consumer routers and only the ones currently on the shelves. Not big Cisco routers, not Cisco SPVTG routers, not Cisco SMB routers and not even all Linksys routers.

Re:Carriers? (5, Insightful)

symbolset (646467) | more than 2 years ago | (#40495127)

Let me explain about trust...

Re:Carriers? (1)

schwit1 (797399) | more than 2 years ago | (#40495057)

Verizon uses the crappy Westell which has the cable connection and has to be on the front of your network. They too restrict what you can do in it.

FU No Thanks (5, Informative)

Hangtime (19526) | more than 2 years ago | (#40494661)

http://www.cisco.com/web/siteassets/legal/connect_cloud_supp.html [cisco.com]

I especially like how they get to keep your Internet history. Why do you think this is a good idea Cisco?

Your new Cloud Connect contract ...When you use the Service, we may keep track of certain information related to your use of the Service, including but not limited to the status and health of your network and networked products; which apps relating to the Service you are using; which features you are using within the Service infrastructure; network traffic (e.g., megabytes per hour); Internet history; how frequently you encounter errors on the Service system and other related information ("Other Information"). We use this Other Information to help us quickly and efficiently respond to inquiries and requests, and to enhance or administer our overall Service for our customers. We may also use this Other Information for traffic analysis (for example, determining when the most customers are using the Service) and to determine which features within the Service are most or least effective or useful to you. In addition, we may periodically transmit system information to our servers in order to optimize your overall experience with the Service. We may share aggregated and anonymous user experience information with service providers, contractors or other third parties to assist us with improving the Service and user experience, but any shared information will be consistent with Cisco's overall Privacy Statement and will not identify you personally in any way....

Re:FU No Thanks (3, Interesting)

torkus (1133985) | more than 2 years ago | (#40494923)

Let me get this straight. They install an "update" on my router that lets them monitor my internet usage - all without my consent?

I'd say it couldn't possibly be that bad...but the I look to what FB does and shake my head. I like their routers, but there is NO CHANCE whatsoever that I will give a 3rd party my entire house's internet browsing history. You couldn't get me to do that if you gave me a free router AND free internet.

Re:FU No Thanks (5, Informative)

Local ID10T (790134) | more than 2 years ago | (#40494935)

Dont forget section 4 of the Terms of Sevice!

4. Your Responsibilities as a Cisco Connect Cloud User

You are responsible for any data that is sent or received by you and/or any other party in connection with your access to and/or use of the Service used in connection with your account. You agree that Cisco will not be liable to you or any others for any loss or damages due to your use of the Service.

As a condition of your use of the Service, you agree that your use of the Service in accordance with the terms and conditions of this Agreement is permitted under and will comply with the applicable laws of the country where you use the Service. You agree not to use or permit the use of the Service: (i) to invade another's privacy; (ii) for obscene, pornographic, or offensive purposes; (iii) to infringe another's rights, including but not limited to any intellectual property rights; (iv) to upload, email or otherwise transmit or make available any unsolicited or unauthorized advertising, promotional materials, spam, junk mail or any other form of solicitation; (v) to transmit or otherwise make available any code or virus, or perform any activity, that could harm or interfere with any device, software, network or service (including this Service); or (vi) to violate, or encourage any conduct that would violate any applicable law or regulation or give rise to civil or criminal liability.

While we are not responsible for any content or data that you choose to access or otherwise use in connection with the Service, we reserve the right to take such action as we (i) deem necessary or (ii) are otherwise required to take by a third party or court of competent jurisdiction, in each case in relation to your access or use or misuse of such content or data. Such action may include, without limitation, discontinuing your use of the Service immediately without prior notice to you, and without refund or compensation to you.

You will indemnify and hold us and Cisco Systems Inc. and its affiliates harmless against any claims, losses or damages arising from any threatened, repudiatory or actual breach by you of the covenants set out in this Section.

As part of the Service, You will be required to create a password that will enable You to use the Service. Your email address and password will be used to validate Your identity in order to access the Service. When You choose a password, choose a unique combination of letters and numbers unrelated to Your or someone else’s identity or to any information that is publicly available or that may be needed by us to provide the Service to You or to others. If you share information related to the Service with others or allow others to access the Service using Your email address and password, you have no expectation of privacy or confidentiality in the personal information you may intentionally or unintentionally disclose. Therefore, please avoid giving access to these materials to others. You agree to notify Cisco immediately of any unauthorized use of your account or password, or any other breach of security.

Re:FU No Thanks (1)

Anonymous Coward | more than 2 years ago | (#40495131)

Alright, yeah, this is a rather dastardly move on Cisco's part, and there's no denying the terms of service of this new firmware are a bit too Big Brother.

That being said, it looks like:

A) This only happens automatically if you have the option for automatic firmware updating checked in your router's config. You lose your geek card & status if you left this option on. Not that I'm saying the average home user (who almost certainly wouldn't know how/why to change this option) deserves to have his/her data snooped, but as a techie, you should know better.
B) You CAN roll this update back - download the previous firmware for your router, unplug it from the internet, log in locally & "update" the firmware to the older version. Then turn off the automatic firmware update, and remember not to blindly trust a corporation with making decisions for you.

It's not that hard. (4, Informative)

Art Popp (29075) | more than 2 years ago | (#40494671)

Buy your router from this enormous list which covers a huge range of budgets:

http://wiki.openwrt.org/toh/start [openwrt.org]

Re-Flash it and be done with these folk. This newer firmware is much friendlier than the original OpenWrt you may have tried years back, and if you don't like what it's doing, you get a command prompt and make it do exactly what you want.

Re:It's not that hard. (2)

EdIII (1114411) | more than 2 years ago | (#40494855)

If Cisco is being this monumentally stupid the next step is signed firmware.

You can dump them out of that list in the future.

Re:It's not that hard. (2)

betterunixthanunix (980855) | more than 2 years ago | (#40494873)

Then we can dump them out of my list of companies whose products I buy, recommend to others, or neglect to give negative reviews to.

Re:It's not that hard. (4, Insightful)

Jeng (926980) | more than 2 years ago | (#40495037)

I was in the market for a new router, I now know that my next one will either not be another linksys or it will not be running the stock firmware.

Since most of those who ask me for tech advice might not be up for re-flashing their router I will not be recommending linksys.

So now the question is, what to recommend instead?

Re:It's not that hard. (1)

spire3661 (1038968) | more than 2 years ago | (#40495281)

Already done. A cisco router will never touch my consumer sites again.

Backdoor (4, Interesting)

SJHillman (1966756) | more than 2 years ago | (#40494679)

Does this mean that Cisco routers, by default, have a backdoor enabled that allows the router to phone home for updates and for Cisco to send them back? None of the routers I've ever used (granted, it's been a while since I've used stock firmware) have ever had any sort of "automatic updates", much less one that's turned on by default.

china did it stage 1 is starting (0)

Anonymous Coward | more than 2 years ago | (#40494809)

china did it stage 1 is starting

Re:Backdoor (1)

Nutria (679911) | more than 2 years ago | (#40494835)

My question exactly. Someone would have noticed long ago weird phone-home packets being sent out by Cisco/Linksys routers.

CIA (1)

Anonymous Coward | more than 2 years ago | (#40494683)

Cisco Intelligence Agency.

Gas Warfare (1)

GnetworkGnome (2654891) | more than 2 years ago | (#40494687)

As if were not enough that IT Managers the world-round are trying to smother their employees and businesses with the cloud, Cisco has adopted the same model and is currently deploying their own brand of chemical warfare.

Well... (0)

Anonymous Coward | more than 2 years ago | (#40494691)

I guess this is one company to add to my blacklist...

One more reason to buy Juniper (1)

Anonymous Coward | more than 2 years ago | (#40494703)

Aside from the fact that Juniper is Ferrari and Cisco is General Motors.

Re:One more reason to buy Juniper (1)

scubamage (727538) | more than 2 years ago | (#40495145)

Except juniper virtual chassis doesn't support port mirroring (for now, they're expecting it to take ~9 months to fix).

Re:One more reason to buy Juniper (3, Funny)

Anonymous Coward | more than 2 years ago | (#40495171)

Er, so Cisco is cheap and reasonably reliable while Juniper is obscenely expensive and notoriously unreliable?

Wiretapping laws? (0)

Anonymous Coward | more than 2 years ago | (#40494707)

Would this violate federal wiretapping laws?

Re:Wiretapping laws? (0)

Anonymous Coward | more than 2 years ago | (#40494755)

Since when are global corporations bound by pesky laws?

Re:Wiretapping laws? (1)

postbigbang (761081) | more than 2 years ago | (#40494825)

It violates human rights. Cisco has no business tracking user history. Federal law? Privacy law? I hope they throw the book at them. What churl.

Who do they think they are, Oracle or Google???

Something missing (1)

Nkwe (604125) | more than 2 years ago | (#40494745)

So if my router can't get to the Internet (my static IP changed or something), and I can't log in locally to the router, how do I configure it? Surely we are missing part of the story.

Re:Something missing (4, Informative)

SJHillman (1966756) | more than 2 years ago | (#40494797)

As the summary mentions, if you disconnect from the Internet then you can log in locally. However, it looks like most settings are disabled when logging in this way - you presumably have just enough control to get it to reconnect to the Overlords.

Re:Something missing (2)

Local ID10T (790134) | more than 2 years ago | (#40495003)

If you are not connected to the internet, your router will allow you to connect to it directly and perform manual configuration... but many options are no longer configurable directly. You will still need to connect via "Cloud Connect" to configure the rest of your settings.

Government (5, Insightful)

Anonymous Coward | more than 2 years ago | (#40494761)

Although this is pure speculation, but I have reasonable suspicion as a former employee of Cisco, that this really plays well with law enforcement and other three letter government agencies, having the ability to track all Internet activities. That's all I have to offer on this subject. Be careful.

Re:Government (1)

Anonymous Coward | more than 2 years ago | (#40495073)

Horrific. I don't mind a cloud-based service, access to my hardware and things, but the minute I read that it tracks history - Cisco - you're done for me and anyone I can share this with. I work in a large IT shop, and its the talk of the day. Again, thank you Cisco.

Cisco Routers? (5, Interesting)

Nethead (1563) | more than 2 years ago | (#40494779)

That's a large field. Is this just the home routers (the old linksys stuff?) I can't see them doing this on enterprise or core routers. The solution is to put it in bridge mode if it's an ADSL router and do your own NAT, etc. with a BSD/Linux box of some type. Run Zeroshell if you want a nice GUI.

Really, this is slashdot. Leave the provider installs and help desks to the punters. If you're reading this there is no reason you should be running what the ILEC initially installed.

Cisco is getting weird. On one side (enterprise) you have to pay through the nose for updates, on the other (home) you can't avoid them.

Before we get our panties all in a bunch, let's wait for some packet sniffs to see what is really going on. Just because the lawyers put it in the EULA, doesn't mean the coders wrote it.

Re:Cisco Routers? (3, Insightful)

TheGratefulNet (143330) | more than 2 years ago | (#40494939)

they would not dare do this to enterprise customers. those guys take privacy a wee bit more seriously than home users do. they also have big lawyers and would not hesitate to sue if some unplanned update was forced on them that changed their whole security architecture.

home users don't have big lawyers and so they are defenseless against big corps.

I just can't see why cisco thought this would be a good idea. its got FAIL written all over it and will go down in history as a 'sony rootkit' type event. just wow...

Re:Cisco Routers? (0)

Anonymous Coward | more than 2 years ago | (#40495337)

it would get really messy for enterprise customers, especially with HIPAA requirements being the way they are, imagine, oh look some guy named bob **** just went in for a checkup he weighs..., is over weight and takes viagra

Re:Cisco Routers? (2)

grub (11606) | more than 2 years ago | (#40495067)


"on consumer routers" is from the summary.

OH BOY! (4, Interesting)

slashmydots (2189826) | more than 2 years ago | (#40494795)

Wooo, a gigantic web-based backdoor with unknown remote login methods and an interception of all internet history tied directly to my company's cisco account with all our personally identifiable information?! WHERE CAN I GET ONE?! And by one, I mean the phone number for the account cancellation department.

By the way, my company actually runs some awful piece of crap from Cyberoam but now I'm slightly happier about that. Thanks, cisco.

thank you cisco, (2, Insightful)

alen (225700) | more than 2 years ago | (#40494801)

when my linksys dies i won't buy one of your products. i'll probably just buy one of the Apple routers. the cost is about the same as your overpriced crap but they will work better with the icrap i already have at home.

i've tried the cheapo routers and they seem flaky

buy soekris hardware instead of cisco hardware (3, Interesting)

TheGratefulNet (143330) | more than 2 years ago | (#40495045)

get one of these hardware boxes:

http://soekris.com/ [soekris.com]

and run openwall (or whatever you want) on it.

it keeps the money OUT of cisco's hands in both hardware and software. you can trust your hardware (no motivation to do evil spy things on generic pc style hardware) and you can trust your software. no one will force something on you, this way.

my soekris box has been running non-stop (other than moves) for years, literally, 5 years or more. no blown caps, no blown power suplies, no 'china syndrome' electrolytics that are on ALL cisco, netgear, etc style circuit boards) and software that just plain works.

tomato firmware (and similar) are cool, but they require vendor hardware and at this point, I'd just assume NOT give cisco ANY (!) of my money for any hardware of any kind.

Clarifications and Confirmations (5, Informative)

Jahf (21968) | more than 2 years ago | (#40494807)

* The Cloud firmware is ONLY for EA2700, EA3500, E4200v2 (not v1) and EA4500 routers. Older routers (E4200v1 or older) will not see this update. These routers shipped with information explaining that Cloud would be released this summer and update to the Cloud firmware when it was released.

* You can prevent this update by turning off "Automatic Updates" in your router. However if you didn't already do this then YES ... disconnect from the Internet before you do anything else. Then go in and turn off the Automatic Updates. Then you can reconnect. Warning: If you've already been upgraded it currently isn't possible to downgrade to the older firmware.

* If you have updated ... you CAN do -some- local router configuration without having internet access. Just go to http://routers/ [routers] LAN IP address]/ while it is disconnected and you will be prompted for the router's local password (usually this will mirror your WiFi password). You will be limited to editing the network settings (LAN, WiFi, etc) and security settings (router password, VPN, firewall, DMZ). Parental controls, Guest Access QoS and USB storage won't be accessible until you are able to log in while the router is online (you'll use your CiscoConnectCloud.com login at this point).

NOTE: If you have an EA2700, EA3500 or EA4500 that shipped with the OLDER firmware (every router out there so far, the new firmware shouldn't appear in new routers for a couple more weeks) and have not set it up yet and WANT the older firmware ... do NOT use the CD setup. Configure it using the traditional web UI while NOT connected to the Internet and turn off Automatic Updates. Again ... this is only for people who do NOT want the Cloud firmware capabilities.

* Just an FYI ... the Cisco Connect Cloud concept allows people to manage and view their home network from anywhere on the internet so long as their router has a connection to the internet. Mobile apps allow your phone to control your home network (manage guest settings, see who is online right now, etc). Additionally it enables a plugin mobile application architecture that our partners can leverage to allow remotely managed network applications. It is an entirely new direction and yes ... it has some kinks ... the biggest ones being forcing this on the user and then limiting their ability to manage their device without it being on the internet. ...

So ... I anticipate a flood of groans about all of this, and I don't disagree with a fair amount of them. Let me make some things clear:

a) Yes, I work for Cisco Linksys.

b) No, I am not speaking directly for Cisco in this post nor am I posting on their behalf (I just wanted to get some quick assistance out there to the people who read this).

c) No, I do not work for the groups (PM, Engineering) that made the decisions to do this update automatically, to not allow you to downgrade, and to not allow you access to your full configuration capability while the router is offline. Which means I can try and funnel your feedback to those groups but I can not force anyone to implement any of it.

d) While I don't like the situations mentioned above in item "c)" ... I -do- like the CiscoConnectCloud.com concept and feel that Cisco will improve it significantly over time.

e) I completely ... 100% ... recognize that the /. audience most likely prefers things like DD-WRT, Tomato, etc (though some will really like the mobile Cloud concept, I do, and I've been around the block a few times at this point). Cisco Linksys is definitely moving more towards the average consumer market instead of the tech adopter market with these products.

f) We do still sell non-Cloud routers, like the E900, E1200 and E2500

Re:Clarifications and Confirmations (5, Interesting)

Mashiki (184564) | more than 2 years ago | (#40494913)

Well if you work for Cisco Linksys you might want to tell some your lawyers(or drop a strong hint to the middle-management types) to look at this, and quickly before it becomes a major headache. Whoever greenlighted this just violated the privacy act in Canada by automatically tracking web history and pushing this update. I'd hazard a guess in various parts of the EU as well.

Re:Clarifications and Confirmations (5, Informative)

Anonymous Coward | more than 2 years ago | (#40494987)

This is also illegal in Victoria and New South Wales in Australia, I know this because the last company I worked at did a remarkably similar move with their network security products and got sued and fined. What on earth was Cisco thinking with this...

Re:Clarifications and Confirmations (0)

Anonymous Coward | more than 2 years ago | (#40495355)

he probably is a lawyer doing PR cleanup

The problem is customer expectations (1)

davidwr (791652) | more than 2 years ago | (#40495077)

Clearly, Cisco mis-judged customer expectations when introducing such a major change in the way routers behave.

On another note, they could have provided similar functionality without the mandatory "Cisco Cloud:"

When the user logs into the router the first time after the upgrade, the router could ask the user:
* Do you want a Cisco-managed cloud and all its goodness, along with the down-side of providing information to Cisco that some customers would prefer to keep private?
* Do you want a locally-managed cloud, running on a computer in your LAN that is "always on"? This will require installing software on a local computer.
* Do you want classic behavior?

AND - and this is important - allow the user to change his mind at any time.

If I were running a business, I would NOT use the Cisco- or any-other-vendor-managed cloud without contractual assurances that company-related data, including technical data, would be protected from accidental leakage. In other words, if I want to outsource for cloud services, I'm going to want a business-grade contract and expect to pay accordingly.

Re:Clarifications and Confirmations (4, Insightful)

Waffle Iron (339739) | more than 2 years ago | (#40495101)

Just an FYI ... the Cisco Connect Cloud concept allows people to manage and view their home network from anywhere on the internet so long as their router has a connection to the internet.

Well, I for one got a router in the first place partly because I specifically don't want anybody or anything to manage or view my home network from anywhere outside said network.

I've set it up to disable all such silliness, and I want it to stay that way.

Re:Clarifications and Confirmations (5, Informative)

Local ID10T (790134) | more than 2 years ago | (#40495121)

The information on effected models is incomplete.

My e1000 and e3000 (not listed as Cloud Connect compatible) will no longer allow direct connection and configuration while connected to the internet. They will not accept a connection from the LAN if there is a live cable on the WAN port.

Re:Clarifications and Confirmations (0)

Anonymous Coward | more than 2 years ago | (#40495143)

I -do- like the CiscoConnectCloud.com concept and feel that Cisco will improve it significantly over time.

If I want to remotely manage my network, I CAN ALREADY DO THAT. I don't need Cisco's networks for that. Fuck you very much.

Seriously, what are you clowns thinking?

Re:Clarifications and Confirmations (1)

mrchaotica (681592) | more than 2 years ago | (#40495165)

So can you tell us who at Cisco we should direct the FBI to prosecute for hacking our routers and stealing our data?

Re:Clarifications and Confirmations (0)

Anonymous Coward | more than 2 years ago | (#40495219)

Thanks for replying, hope you have your asbestos undies on today.

f) We do still sell non-Cloud routers, like the E900, E1200 and E2500

Fine but after you pull something like this why the hell would I trust your gear in the future? Who knows what kind of bullshit Cisco might try to auto-update into my gear, or have hidden away right from day one?

Re:Clarifications and Confirmations (0)

Anonymous Coward | more than 2 years ago | (#40495263)

The new feature is insecure and needs to be removed. Point.

Re:Clarifications and Confirmations (0)

Anonymous Coward | more than 2 years ago | (#40495357)

Please tell your bosses that when it comes time to replace my networking gear, Cisco will not be on the list.

I'm only one person but many people listen to me for tech advice. I don't think many of them will be buying Cisco gear any more either.

No more Cisco products (0)

Anonymous Coward | more than 2 years ago | (#40494829)

My company has colocation facilities in two datacenters. Some of the gear is Cisco gear.

When it comes time to replace said gear, it will not be replaced with more Cisco gear.

I don't care if the professional grade equipment doesn't have the same craptastic firmware "upgrade" methodology. For those of us that know to take their buying power elsewhere when downright evil decisions like this happen this is the type of thing that makes us do it.

My parting "upgrade" to you Cisco: my company's dollars you just lost. Maybe you'll still hit your quarterly numbers, but you won't do it on my back.

Cisco/Linksys weren't that good anyway (4, Informative)

tkrotchko (124118) | more than 2 years ago | (#40494833)

Cisco had limited what Linksys routers could do as to discourage corporate sales.

There are many better choices than Linksys these days.

The N900 is pretty nice, along with dozens. They're cheap (you can get decent non-cisco routers for $30 on sale)

Just use something else.

Re:Cisco/Linksys weren't that good anyway (1)

Skapare (16644) | more than 2 years ago | (#40495081)

I've always been having troubles with Linksys. I was amazed a "reputable" company like Cisco would manage to position their low end product line at the very bottom of the low end SOHO market. But they did. And now I can't even trust them for the mid-level stuff. I'm now getting ethernet handoffs from upstream, and there are plenty of other choices like these [routerboard.com] , or just build it yourself (I have one such router working now in a data center to satisfy IPv6 needs to see a router).

"Supported" Routers (1)

wonkavader (605434) | more than 2 years ago | (#40494863)

Has anyone found a list of which routers are "supported" by this? I'd like to know if I have to take mine off-line right now.

Do I have a few days to go to openWRT, or do I have to do it today?

It was pushed...? (0)

Anonymous Coward | more than 2 years ago | (#40494909)

Are they sure it was a push update and not something the routers downloaded automatically, on their own? As in, you could have had this option disabled to avoid this mess? A lot of devices these days are set to download updates by default; it doesn't seem to me like it would be all that practical for Cisco to push that many updates... unless the devices already had some kind of phone home ability... which again it would be easier (and pretty common) to just have the devices themselves download and patch than it would be for Cisco to do everything.

The Solution (2)

Chemisor (97276) | more than 2 years ago | (#40494917)

Install DD-WRT [dd-wrt.com] . Many Cisco routers [dd-wrt.com] are supported.

Stock Price (0)

Anonymous Coward | more than 2 years ago | (#40494921)

Here's a question to put our Machiavellian thinking caps on for: Will Cisco's stock go up or down because of this? They're WAY pissing off their techie constituency, in an amazing way. They've just completely stopped the sale of routers to those people overnight. But they're grabbing data from the masses, and will be selling that. What will the media and the stock market think?

Re:Stock Price (1)

Megane (129182) | more than 2 years ago | (#40495113)

Will Cisco's stock go up or down because of this?

I expect it to continue to flail aimlessly in the same way it has for years. (Former employee, going to start selling my old ESPP shares when it hits 20 again just so I won't have to care anymore.)

Crap (0)

Anonymous Coward | more than 2 years ago | (#40494943)

They already got my EA3500 router, now I can't get in locally. I hope there's a workaround for this or an alternate administration URL.

Cisco Exodus (0)

Anonymous Coward | more than 2 years ago | (#40495021)

Working IT Security for a large global company, I can tell you that Cloud Connect would violate company policy immediately and exclude Cisco products from consideration for future projects. It will also prompt us to consider replacing Cisco equipment that has not yet reached end-of-life because our industry certifications require us to be on the latest manufacturer firmware. If we can't stay on old firmware we lose compliance. If we move to new firmware we lose adherence to security policies. Solution: replace all Cisco gear.

Re:Cisco Exodus (0)

Anonymous Coward | more than 2 years ago | (#40495043)

This is for consumer grade Linksys junk, not enterprise. Cisco may be dumb, but hopefully not THAT dumb

Re:Cisco Exodus (2)

JDG1980 (2438906) | more than 2 years ago | (#40495231)

This is for consumer grade Linksys junk, not enterprise. Cisco may be dumb, but hopefully not THAT dumb

Home users may not know that Cisco = Linksys, but network administrators do. And I don't think most people are going to be very confident that a company that already screwed over one large portion of its user base in this way wouldn't do the same to the other part if it thought it could get away with it.

Boycott Cisco (2)

Openstandards.net (614258) | more than 2 years ago | (#40495111)

The last time I posted how Cisco uses their routers to sell our privacy people responded that they were just complying with laws, which I question deeply because of the EXTENT to which they improve and market their eavesdropping capability, and how they constantly boast having a lead in the market in this area, appearing to go far beyond the law.

Now we have this? Really? Someone care to argue they are just complying with CALEA to avoid being sent to guatanamo bay?

Re:Boycott Cisco (1)

Scholasticus (567646) | more than 2 years ago | (#40495375)

All right, I'm in. Just on principle, I'm not buying any more Linksys/Cisco hardware until this gets reversed. On the slightly brighter side, this looks like multiple class action lawsuits waiting to happen.

Short-term thinking (5, Insightful)

JDG1980 (2438906) | more than 2 years ago | (#40495117)

This is typical of the short-term thinking that is all too common among corporations today. They're throwing away their credibility with professional users – you know, the ones who buy the expensive Cisco gear that generates most of their profits – so they can grab a few quick bucks by data-mining the consumer market. How many network administrators are going to hear about this and rule out Cisco for future consideration? Keep in mind that the silent and unprompted nature of the update implies that there already was a back door into the routers, even before this recent change. And I don't think that Cisco can cleanly separate its credibility in the home and enterprise markets, even if this is what they're planning to do.

Free Cisco Firmware?!? (0)

Anonymous Coward | more than 2 years ago | (#40495169)

The first Cisco firmware to be released without a soul sucking smartnet contract, sucks your soul directly.

China Anyone (1)

Anonymous Coward | more than 2 years ago | (#40495259)

Are you sure these updates weren't supposed to go to China?

Class Action (0)

Anonymous Coward | more than 2 years ago | (#40495293)

Remotely modify/destroy proprietary configurations on tens of thousands of consumer routers without customers' permission? Class action lawsuit time!

FU Cisco.... (2)

LVSlushdat (854194) | more than 2 years ago | (#40495395)

I set up networks for home/small business locally and have always recommended Linksys routers, along with Tomato firmware. I also come from a 20+ year background of network support, where I ALWAYS used/recommended Cisco. I was pretty happy when Cisco acquired Linksys, and until NOW, had been reasonably pleased with where Cisco was taking Linksys. THIS Orwellian crap by Cisco terminates ANY recommendation by me for ANYTHING from Cisco. Yeah.. I realize I'm but one, but from what I'm seeing here on Slashdot and elsewhere, this move by Cisco is gonna stop ANYONE with any brains from using/recommending Cisco in the future.. Hope it was worth it, you morons in the Cisco executive suite...

Anybody got a source for used WRT54GL's?? (besides eBay, that is)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>