640-821 INTRO -- The first half of
certification, covers Cisco semesters 1 & 2 ($100)
640-811 ICND -- The second half of certification, covers Cisco
semesters 3 & 4 ($100)
My fun
with Cisco
For my Cisco class, we have to use Cisco's website to login and read the
chapters online and also for taking tests. All of our tests are done through
Cisco's website. One thing we realized is that when we login to Cisco's website,
the login is not secure (there is no little padlock in the lower right corner of
the screen). This was unheard of! Most sites have secure logins when you log
into their site. Cisco is the number one networking company of the world, and
you would expect Cisco to have a secure login for their site! In fact, one day
in class, we did some packet sniffing, and another student in class signed into
Cisco's website, and we were able to pick off his login AND password from the
wire! That is something you DON'T want to have happen to you. We didn't sign in
with his creditials, but we were shocked that it could even happen. So one day I
wrote Cisco asking them about this, and this is how it went...
(I removed the representative's name for their protection, hehe)
First email sent from me to Cisco:
Why is it that Cisco's Netacad login screen isn't secure? You would think since
Cisco promotes themselves to being the security experts of the world, the simple
fact that securing your login screen would be obvious. But it isn't. Why is
that, is this something you know about, and do you plan on fixing the problem?
In class last semester, we were able to packet sniff the network, and we got the
login and password of another student’s account information. We could easily
sign in under his account, take tests for him, and mess things up as well. But
we didn't, but what's to stop anyone else out there with bad intentions from
doing this? Your insecure login is a slap in the face to us students, and we
feel that this should be corrected ASAP.
(about a week later...)
First response back from Cisco to me:
Dear User,
Thank you for your feedback regarding the Academy Connection. The website was
designed to serve a global online community with emphasis on personalization and
intuitive navigation. We appreciate your comments and will forward your feedback
to the Academy Connection Enhancement Team.
Please let us know if you have any further questions, comments, or concerns.
Thank you,
Cisco Networking Academy Support
This response wasn't good enough for me. I felt that the response was one that
is picked from a 'template' of responses, meaning it wasn't personalized to my
question. With that in mind, the excuse I was given is still lame. You can have
emphasis on personalization and intuitive navigation with a secure login. The
whole session doesn't have to be secure, just the login. I even felt that this
was an automatic response, and no actual person even read my email, so I replied
a little differently. I typed up a response in 'l33t' so there'd be no way for a
machine to read and understand my response.
Second email sent from me to Cisco:
c@n 50m3on3 @n5W3r 7h15 w|-|0 15n'7 @ Ro807? i d0n'7 w@n7 a r3p|y fR0m A
pr3fi113d 3-M@1L f0rM. 1 f331 7h@t /\/\y qU35710n \/\/@5n't An5W3r3d 7h3 w@y 17
5h0U1d'\/3 bE3n. u bA51c@1ly 70lD m3 th@7 s3cUr17Y 15N't c15C0's |\|uM83r 1
pR1or17y. p1E@53 rE5p0nD.
(This email reads: Can someone answer this who isn't a robot? I don't want a
reply from a prefilled e-mail form. I feel taht my question wasn't answered the
way it should've been. You basically told me that security isn't Cisco's number
one priority. Please respond.)
(about one day later...)
Second response back from Cisco to me:
Mr. Dingo,
Thank you for updating your incident with your concerns. Your comments were as
follows:
"Can someone answer this who isn't a robot? I don't want to reply from a
prefilled email form. I feel that my question wasn't answered the way it
should've been. You basically told me that security isn't Cisco's number one
priority. Please respond."
I apologize that you do not feel that your question was addressed. This Support
Desk does not make changes to the Academy Connection. We are the liaison between
the user and the Academy Connection Enhancement Team. I assure you that your
comments will be forwarded for consideration.
In the future, please send your comments in a professional manner so that they
are more easily read. You will receive a faster response. Additionally, we would
appreciate your correspondence to include your Academy Connection information
for our records.
Please let us know if you have any further questions, comments, or concerns.
Thank you,
Cisco Networking Academy Support
They said, "please send your comments in a professional manner so that they are
more easily read. You will receive a faster response." While this was send in an
"unprofessional manner", my response time was only over a single day compared to
the whole week for my first response. Then they said, "we would appreciate your
correspondence to include your Academy Connection information for our records."
Yeah right! Like I am going to give them my full information about myself when
I'm screwing around with them like this. Sorry, I wasn't born yesterday.
So I left it at that...a poor excuse for something simple that should've been
done long ago. So this is just ANOTHER reason why I hate Cisco.