Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday August 31 2020, @05:36AM   Printer-friendly
from the credentials-still-worked-FIVE-MONTHS-after-he-left? dept.

Engineer admits he wiped 456 Cisco WebEx VMs from AWS after leaving the biz, derailed 16,000 Teams accounts:

Sudhish Kasaba Ramesh, who worked at Cisco from July 2016 to April 2018, admitted in a plea agreement with prosecutors that he had deliberately connected to Cisco's AWS-hosted systems without authorization in September 2018 – five months after leaving the manufacturer. He then proceeded to delete virtual machines powering Cisco's WebEx video-conferencing service.

"During his unauthorized access, Ramesh admitted that he deployed a code from his Google Cloud Project account that resulted in the deletion of 456 virtual machines for Cisco's WebEx Teams application, which provided video meetings, video messaging, file sharing, and other collaboration tools," the US Attorney's Office for the Northern District of California said in a statement.

According to prosecutors, Ramesh's actions resulted in the shutdown of more than 16,000 WebEx Teams accounts for up to two weeks, which cost Cisco roughly $1.4m in employee time for remediation and over $1m in customer refunds.

[...] According to a court document[*], Ramesh is in the US on an H-1B visa and has a green card application pending.

[...] Ramesh faces up to five years in the clink and a fine of $250,000 when he is sentenced, an event scheduled for December.

[*] STIPULATION AND (PROPOSED) ORDER CONTINUING DATE FOR ENTRY OF PLEA AGREEMENT (PDF)


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Insightful) by fakefuck39 on Tuesday September 01 2020, @05:58AM (18 children)

    by fakefuck39 (6620) on Tuesday September 01 2020, @05:58AM (#1044840)

    That's a strawman. This is not an insurance plan. It's a product you bought, which did not work. Their guarantees are for the product. They do not guarantee your business meeting will go well. If they don't meet the guarantees for the product, you don't pay for the product - which is done with a refund. An insurance plan guarantees to protect you against the outcome of something in your life. Cisco's are only related to the product, not to your business. I gave plenty of comparable examples, so when one doesn't work you make stuff up.

    I literally have been selling this stuff for over a decade at various VARs. You're an idiot.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   2  
  • (Score: 1) by khallow on Tuesday September 01 2020, @10:53PM (7 children)

    by khallow (3766) Subscriber Badge on Tuesday September 01 2020, @10:53PM (#1045139) Journal

    That's a strawman. This is not an insurance plan.

    Depends what they paid for. Cisco doesn't just sell products.

    • (Score: 1) by fakefuck39 on Wednesday September 02 2020, @12:34AM (6 children)

      by fakefuck39 (6620) on Wednesday September 02 2020, @12:34AM (#1045184)

      They paid for an enterprise version of WebEx. That's made very clear by the article. Do you know what Cisco Teams, Spark, and WebEx are? Of course you don't. Nice of you to chime in as the expert on company liability of those products. Of course you're right, and the guy selling this shit for 20 years doesn't know what he's talking about. You're only right in your own little world that includes you and yourself though. Every time you open your mouth, the real world just laughs at the idiot making his idiocy visible.

      • (Score: 1) by khallow on Wednesday September 02 2020, @04:55AM (2 children)

        by khallow (3766) Subscriber Badge on Wednesday September 02 2020, @04:55AM (#1045255) Journal

        Of course you're right, and the guy selling this shit for 20 years doesn't know what he's talking about.

        Funny how true that is. I see the problem right here. You merely sell it. Classic argument from authority fallacy.

        • (Score: 1) by fakefuck39 on Wednesday September 02 2020, @06:36PM (1 child)

          by fakefuck39 (6620) on Wednesday September 02 2020, @06:36PM (#1045532)

          Right - I sell those contracts for Cisco product that you are talking about. I've seen them, written them, deployed them, and signed them with customers. You don't even know what the product is.

          • (Score: 1) by khallow on Friday September 04 2020, @02:41PM

            by khallow (3766) Subscriber Badge on Friday September 04 2020, @02:41PM (#1046324) Journal

            I sell some contracts for Cisco product

            Once again, demonstrating you don't know what you're talking about. You're just a narrow viewpoint without much in the way of relevant expertise.

            You don't even know what the product is.

            You have yet to say anything to show that is relevant.

      • (Score: 1) by khallow on Wednesday September 02 2020, @05:10AM (2 children)

        by khallow (3766) Subscriber Badge on Wednesday September 02 2020, @05:10AM (#1045263) Journal

        They paid for an enterprise version of WebEx.

        "Enterprise" is not just a label added to a product to make it cost more. It means the very things I've been talking about - insurance for various sorts of failures so that a company can apply these products to relatively valuable uses with some expectation that the damn thing will work.

        • (Score: 1) by fakefuck39 on Wednesday September 02 2020, @06:34PM (1 child)

          by fakefuck39 (6620) on Wednesday September 02 2020, @06:34PM (#1045529)

          "Enterprise" is a market vertical, such as Healthcare, Commercial, and SLED. You have no idea what you are talking about. There is no product Cisco sells where they give you insurance for failures. They give you an uptime SLA, and if it is not delivered, you get some money back. Those SLAs are the lowest for Commercial, higher for Enterprise, higher for SLED, and the highest for Healthcare. There are no guarantees on your business impact with any licensing model - only SLAs and SLOs for the product itself.

          • (Score: 1) by khallow on Thursday September 03 2020, @03:12AM

            by khallow (3766) Subscriber Badge on Thursday September 03 2020, @03:12AM (#1045705) Journal

            "Enterprise" is a market vertical, such as Healthcare, Commercial, and SLED.

            It's also a market horizontal like Walmart. Or any business that chooses to pay for more than bare bones.

            There is no product Cisco sells where they give you insurance for failures. They give you an uptime SLA, and if it is not delivered, you get some money back.

            What I find remarkable about this post is your attempt to snow us with acronyms and jargon. What was the point of bringing in the irrelevant detail of a "market vertical", that is, a niche market (not a paying Cisco customer I might add!), or undefined acronyms like SLA (service level agreement), SLED (state or local governments, or education), and SLO (service level organization). We can ignore that crap because it's irrelevant.

            Here, an uptime SLA that gives you money back if it's not delivered? That's insurance. Thanks for confirming my previous post in such an entertaining way.

  • (Score: 1) by khallow on Tuesday September 01 2020, @11:08PM (4 children)

    by khallow (3766) Subscriber Badge on Tuesday September 01 2020, @11:08PM (#1045147) Journal

    I literally have been selling this stuff for over a decade at various VARs.

    Sounds like you might need to sell this for a few more decades then. Wouldn't be the first time that someone is substantially ignorant of their own area of expertise.

    • (Score: 1) by fakefuck39 on Wednesday September 02 2020, @12:31AM (3 children)

      by fakefuck39 (6620) on Wednesday September 02 2020, @12:31AM (#1045182)

      Let's see. Two replies to the same comment. No actual rebuttal, just "you're wrong" without saying why. And a personal attack on someone who has been doing this for a living.

      You have autism. You should go to a doctor. They have pills for that.

      • (Score: 1) by khallow on Wednesday September 02 2020, @04:49AM (2 children)

        by khallow (3766) Subscriber Badge on Wednesday September 02 2020, @04:49AM (#1045253) Journal

        Let's see. Two replies to the same comment. No actual rebuttal, just "you're wrong" without saying why. And a personal attack on someone who has been doing this for a living.

        While you were doing that, I was noting relevant things like Cisco sells other things than just products.

        Companies like Cisco provide more than just a little gear. They provide guarantees against things going wrong.

        It's worth noting that Cisco doesn't price its products at bare product/commodity level. A huge part of their value add is that they provide things like repair service, reliability guarantees, etc - you know, insurance against things going wrong. Where is consideration of that in your posts?

        You might not be lying and do some sort of value added reselling or whatever it is that VAR means for you. But if you did, you probably wouldn't have chosen to defend this particular hill in the first place.

        Moving on, another thing that could bite Cisco here is their own marketing for WebEx. They promise security (for example, here [cisco.com], here [webex.com], here [cisco.com], and here [forbes.com]).

        Cisco Webex gives you strong encryption, compliance visibility and control. Inside your own organization, or even when collaborating across company lines, you get a hardened collaboration platform that helps keep your data secure.

        Best Practices Webex Administrators

        Effective security begins with Webex site administration; which allows administrators to manage and enforce security policies for host and presenter privileges. For example, an authorized administrator can customize session configurations to disable a presenter’s ability to share applications, or to transfer files on a per-site or a per-user basis.

        We absolutely recommend that you keep your number of administrators to a minimum. Fewer administrators means fewer opportunities for site setting errors.

        I bet if I were to drill deeper into those advised "best practices", I'd see something about revoking privileges of ex-administrators promptly. So Cisco likely isn't following their own recommended best practices - always damning evidence in a court case.

        For all these companies and agencies, security is a fundamental concern. Online collaboration must provide multiple levels of security for tasks that range from scheduling meetings to authenticating participants to sharing documents.

        Cisco makes security the top priority in the design, development, deployment, and maintenance of its networks, platforms, and applications. You can incorporate Cisco Webex Meetings solutions into your business processes with confidence, even with the most rigorous security requirements.

        Abhay Kulkarni, Vice President and General Manager of Webex Meetings, said it best when he said, "security and privacy must be at the forefront" for the tools leaders are relying on for remote working.

        Even an agressive EULA-style contract for which a user effectively waives all rights can still provide a huge opening for lawsuits, if the marketing and public statements are vastly divergent from the reality of the goods and services provided. False advertisement and fraud are things which neuter contracts. And you can be on the hook for quite a bit, if your customers' expectations concerning that marketing and what they put at stake are deemed reasonable.

        As a final remark, you termed my initial post a "straw man". Sorry, it's not. A straw man is replacing an opponent's argument with a fake one that is easier to defeat. I suggest you educate yourself on what these terms mean so that you don't make the same mistake again.

        • (Score: 1) by fakefuck39 on Wednesday September 02 2020, @06:42PM (1 child)

          by fakefuck39 (6620) on Wednesday September 02 2020, @06:42PM (#1045537)

          >repair service, reliability guarantees, etc - you know, insurance

          I do know. A support contract on equipment and soft solutions has zero to do with insurance. It also applies to the product, not to what you do with that product. You literally have zero idea of what you are talking about. A best practices guide is not a contract. It's general guidelines for implementation specialists to design the system. A technical document for the installer and administrator, not a legal document. It's like a man page for a command.

          • (Score: 1) by khallow on Thursday September 03 2020, @03:19AM

            by khallow (3766) Subscriber Badge on Thursday September 03 2020, @03:19AM (#1045708) Journal

            A support contract on equipment and soft solutions has zero to do with insurance.

            Except of course, it is insurance. After all, what is insurance? It's risk mitigation via some sort of asset or support that kicks in when things go wrong.

  • (Score: 1) by khallow on Wednesday September 02 2020, @04:51AM (4 children)

    by khallow (3766) Subscriber Badge on Wednesday September 02 2020, @04:51AM (#1045254) Journal

    Their guarantees are for the product.

    Which just stopped working.

    They do not guarantee your business meeting will go well.

    But if your business meeting doesn't go well, because well, the product didn't work, that becomes a Cisco problem. And if it didn't work because Cisco did something bone-headed stupid, I think that opens up Cisco to a lot of liability.

    • (Score: 1) by fakefuck39 on Wednesday September 02 2020, @06:38PM (3 children)

      by fakefuck39 (6620) on Wednesday September 02 2020, @06:38PM (#1045534)

      It does not become a Cisco problem, nor does it open up Cisco to any liability. If Dell sells you a laptop for a video-interview, and the laptop breaks so you miss your interview and don't get the job, they are not liable for your lost wages. They are only liable for the laptop replacement or refund.

      • (Score: 1) by khallow on Thursday September 03 2020, @03:24AM (2 children)

        by khallow (3766) Subscriber Badge on Thursday September 03 2020, @03:24AM (#1045711) Journal

        It does not become a Cisco problem, nor does it open up Cisco to any liability.

        I outline a way [soylentnews.org] it does just that. And really what's the point of insisting that blatant, poor business practices aren't a problem?

        • (Score: 1) by fakefuck39 on Thursday September 03 2020, @09:17AM (1 child)

          by fakefuck39 (6620) on Thursday September 03 2020, @09:17AM (#1045785)

          Just letting you know, I didn't read any of your new comments. You need to take your meds buddy, and put down the crack pipe.

          • (Score: 1) by khallow on Thursday September 03 2020, @01:43PM

            by khallow (3766) Subscriber Badge on Thursday September 03 2020, @01:43PM (#1045846) Journal

            Just letting you know, I didn't read any of your new comments.

            Too bad. You might have learned something, if you had let your guard down.