Possible Cisco Source Code Theft 189
OmegaBlac writes "According to Ars Technica, a Russian security site is claiming that Cisco's corporate network was comprimised and about 800MB of Cisco's source code for IOS Operating System version 12.3 was stolen. I guess Cisco forgot to implement their own Self Defending Network solutions."
Stolen from the #1 Security Company? (Score:5, Insightful)
if true, this could cause big problems not only for Cisco, but for the entire Internet. Cisco routers are responsible for routing much of the Internet's traffic, and the company has long practiced a policy of "security through obscurity."
We're all screwed.
Closed source vs Open source (Score:5, Insightful)
Open source however, by virtue of it being free (as in Iraq hehe), is worthless. Support contracts are alot harder to steal
Let's not forget that open source provides robust security (in principle) where as for closed source we can never be sure.
Why do we still use so much closed source stuff
Simon.
Re:Closed source vs Open source (Score:1, Insightful)
Re:IOS OS (Score:5, Insightful)
Leaked code is very dangerous to open source software.
Re:Closed source vs Open source (Score:1, Insightful)
Other vendors (Score:3, Insightful)
This could hurt more than just cisco.
Re:WARNING copyrighted source samples ahead! (Score:3, Insightful)
IOS does interact with the user through a terminal session so printfs aren't all that unlikely.
Of course they ought not to be in the IPv6 stack. Unless they populate packets as formatted strings.
Heh... (Score:2, Insightful)
Why do we still use so much closed source stuff
SO, if you don't like it, you go out and make an OS for the Cisco routers and put it out for free - go ahead, no one is stopping you. Or go out and try and convince everyone to use your little Linux boxes as routers...oh, wait, there's just as many security issues in Linux as there are in Windows..
But wait, there's more! With IOS, there's a small set of software that can cause trouble. Using something else, esp based on Linux, can cause even more problems - they can gain access by any other means, shutdown or change some OTHER critical system, and it shutdown the routing...Use your frickin head.
Re:IOS OS (Score:5, Insightful)
Copyright-protected code is obviously not allowed, but as long as there's a way of implementing the same thing in a different manner (always assuming that European s/w patents don't get ratified) I fail to see any issue in understanding how some other piece of software works.
The whole SCO debacle has done more than just piss everyone off, there's been a remarkable amount of reticence to learn from code that isn't Free. By that very logic authors shouldn't be allowed to read books and composers should be banned from listening to music.
--
This has been a scatterbrained post on behalf of the Poorly Thougt-out Argument Party
Re:Heh... (Score:2, Insightful)
Apart from the fact that CISCO does not provide the necessary hardware specs, nor development kits for their products?
blabla
Billy? Is that you?
Re:This has happened before (Score:3, Insightful)
Theft? Wasnt there a backup? (Score:2, Insightful)
I cant belive it was 'stolen' from them.
Yes that was sarcasm. Just pisses me off how the world 'theft' is perversed when it comes to digital content.
They COPIED it people. It wasnt STOLEN. ( yes, still illegal, but much different of a concept )
Re:Stolen...? (Score:2, Insightful)
This is different from calling illegal file sharing "stealing", where the information being appropriated has already been openly published. An illicit activity is taking place, and it may (indirectly) economically damage the artist or publisher. However, that is no more stealing than any number of other illegal acts that cause economic damage, such as vandalizing their offices or phoning in a false bomb threat.
Re:WARNING copyrighted source samples ahead! (Score:1, Insightful)
No they don't: one is a *test* of IPv6 functions, so there is a printf.
Agreed, also the code is indented, but rather then using a pre (formated) tag the newlines have been replace by br`s in the .ru site. The spaces are still there to be restored. I guess I just didn`t wan`t to believe this.
Re:Open source safer ?? doubtful (Score:5, Insightful)
Software is only secure when specific security tests are performed against it. Almost no one does much of this, or even understands it well. I doubt that in 1000 readers, more than 5 could recite the top 5, never mind the top 20 tests you must perform.
Open source is also not inherently better at security because of it must be peered reviewed. If the reviewer doesn't know what to check, then what is the point of the review?
Software must be security certified by professionals, whether open or otherwise.
Re:Stolen from the #1 Security Company? (Score:5, Insightful)
I think Cisco is working to change their security stance but, that takes time and lots of money. The money part they have covered, Cisco has an over 3 billion dollar R/D budget and if I remember correctly 2 billion of that is focused on security right now.
Re:Theft? Wasnt there a backup? (Score:2, Insightful)
steal ( P ) Pronunciation Key (stl)
v.
1. To take (the property of another) without right or permission.
http://dictionary.reference.com/search?q=theft&
theft ( P ) Pronunciation Key (thft)
n.
1. The act or an instance of stealing; larceny.
Just pisses me off how the world 'theft' is perversed when it comes to digital content.
They COPIED it people. It wasnt STOLEN. ( yes, still illegal, but much different of a concept )
Care to explain to me how copying vs. stealing/theft is a much different concept? How does this perverse the definition of theft?
If I break into your computer and digitally copy important/valuable information off of it, what's the first term to come to mind about what I did? That I "copied" your stuff or that I "stole" your stuff?
COPYING is the method that they used to STEAL Cisco's stuff. Stealing is a violation of property rights (intellectual or otherwise). Copying is a way to steal IP. Whether IP/Copyright laws need to be revisited in a digital age is a topic talked about elsewhere...
Re:Stolen...? (Score:5, Insightful)
How can you have identity theft if you are still you?
Phillip.
Re:Thats not all it does. (Score:2, Insightful)
Makes perfect sense to me. (Score:1, Insightful)
Re:This has happened before (Score:5, Insightful)
Re:This really means nothing. (Score:2, Insightful)