When Bruce Schneier says of a security problem "This is serious," it makes sense to pay attention to it. And that's how he refers to a recently disclosed Cisco vulnerability alert about "an evolution in attacks against Cisco IOS Classic platforms. Cisco has observed a limited number of cases where attackers, after gaining administrative or physical access to a Cisco IOS device, replaced the Cisco IOS ROMMON (IOS bootstrap) with a malicious ROMMON image." Schneier links to Ars Technica's short description of the attack, which notes The significance of the advisory isn't that the initial firmware can be replaced. As indicated, that's a standard feature not only with Cisco gear but just about any computing device. What's important is that attackers are somehow managing to obtain the administrative credentials required to make unauthorized changes that take control of the networking gear.