Cisco online registration not secure

April 24, 2002

http://www.silicon.com/public/door?6004REQEVENT=&REQINT1=52897&REQSTR1=silicon.com



Cisco has been forced to close an online registration form after neglecting to secure the web page.

The page was part of a marketing programme which offered Cisco's second-tier resellers in Europe the chance to increase marketing funds if they upped sales of certain Cisco products.

But applicants registering for the programme online discovered their banking and company details were going onto an open web page. When one irate silicon.com reader called the Cisco helpdesk, he was informed that the company was aware of the problem because several other users had complained.

Helpdesk staff recommended that users enter fake details on the web and forward the real information in the post, a course of action our reader regarded as an extreme waste of time.

In a statement, Cisco said it had pulled the registration URL for 48 hours to install SSL (secure sockets layer) - a common way of securing web pages.

A spokesman for the company said: "I can only put it down to an unfortunate oversight in corporate procedure¬ a great deal of people have been affected but that's no excuse."

The registration site had been running for 10 days before it was taken down on Monday. Cisco said just 100 people had registered in that time.


main page ATTRITION feedback