Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security

Possible Cisco Source Code Theft 189

Posted by CmdrTaco from the gotta-hate-when-that-happens dept.
OmegaBlac writes "According to Ars Technica, a Russian security site is claiming that Cisco's corporate network was comprimised and about 800MB of Cisco's source code for IOS Operating System version 12.3 was stolen. I guess Cisco forgot to implement their own Self Defending Network solutions."
This discussion has been archived. No new comments can be posted.

Possible Cisco Source Code Theft More

Possible Cisco Source Code Theft

Comments Filter:

  • Stolen from the #1 Security Company? (Score:5, Insightful)

    by imidazole2 ( 776413 ) on Sunday May 16, 2004 @09:11AM (#9166420) Homepage Journal
    Whats the deal with that!?

    if true, this could cause big problems not only for Cisco, but for the entire Internet. Cisco routers are responsible for routing much of the Internet's traffic, and the company has long practiced a policy of "security through obscurity."

    We're all screwed.

  • Closed source vs Open source (Score:5, Insightful)

    by Ckwop ( 707653 ) * on Sunday May 16, 2004 @09:11AM (#9166422) Homepage
    One (of the many) problem(s) with the closed source business model is the fact that the entire company can depend on this intellectual property. The security surrounding that source has to be so huge that the problem quickly becomes intractable.

    Open source however, by virtue of it being free (as in Iraq hehe), is worthless. Support contracts are alot harder to steal :P

    Let's not forget that open source provides robust security (in principle) where as for closed source we can never be sure.

    Why do we still use so much closed source stuff :/
    Simon.

  • Re:Closed source vs Open source (Score:1, Insightful)

    by Anonymous Coward on Sunday May 16, 2004 @09:14AM (#9166440)
    Because we (people) like making money. Life sort of works that way, you know?

  • Re:IOS OS (Score:5, Insightful)

    by JohnFluxx ( 413620 ) on Sunday May 16, 2004 @09:22AM (#9166472)
    Don't touch it, don't see it, don't breathe near it, if you ever plan on contributing to linux.

    Leaked code is very dangerous to open source software.

  • Re:Closed source vs Open source (Score:1, Insightful)

    by m1chael ( 636773 ) on Sunday May 16, 2004 @09:30AM (#9166495)
    It's all about being selectively open.

  • Other vendors (Score:3, Insightful)

    by Quill_28 ( 553921 ) on Sunday May 16, 2004 @09:39AM (#9166525) Journal
    What about other companies that supply cisco with software?

    This could hurt more than just cisco.

  • Re:WARNING copyrighted source samples ahead! (Score:3, Insightful)

    by sydb ( 176695 ) * <michael@Nospam.wd21.co.uk> on Sunday May 16, 2004 @09:43AM (#9166539)
    I spotted a printf, which seams odd for an IPV6 stack or part of an OS

    IOS does interact with the user through a terminal session so printfs aren't all that unlikely.

    Of course they ought not to be in the IPv6 stack. Unless they populate packets as formatted strings.

  • Heh... (Score:2, Insightful)

    by Anonymous Coward on Sunday May 16, 2004 @09:50AM (#9166572)
    Let's not forget that open source provides robust security (in principle) where as for closed source we can never be sure.

    Why do we still use so much closed source stuff :/

    SO, if you don't like it, you go out and make an OS for the Cisco routers and put it out for free - go ahead, no one is stopping you. Or go out and try and convince everyone to use your little Linux boxes as routers...oh, wait, there's just as many security issues in Linux as there are in Windows..

    But wait, there's more! With IOS, there's a small set of software that can cause trouble. Using something else, esp based on Linux, can cause even more problems - they can gain access by any other means, shutdown or change some OTHER critical system, and it shutdown the routing...Use your frickin head.

  • Re:IOS OS (Score:5, Insightful)

    by Ithika ( 703697 ) on Sunday May 16, 2004 @10:04AM (#9166644) Homepage
    Surely that's only the case if being covered by software patents... which I think the general consensus in the Linux devlopment world is that's a Bad Thing(tm). Whether they will apply in Europe is still being discussed.

    Copyright-protected code is obviously not allowed, but as long as there's a way of implementing the same thing in a different manner (always assuming that European s/w patents don't get ratified) I fail to see any issue in understanding how some other piece of software works.

    The whole SCO debacle has done more than just piss everyone off, there's been a remarkable amount of reticence to learn from code that isn't Free. By that very logic authors shouldn't be allowed to read books and composers should be banned from listening to music.

    --
    This has been a scatterbrained post on behalf of the Poorly Thougt-out Argument Party

  • Re:Heh... (Score:2, Insightful)

    by sesaetaen ( 637921 ) on Sunday May 16, 2004 @10:17AM (#9166696)
    SO, if you don't like it, you go out and make an OS for the Cisco routers and put it out for free - go ahead, no one is stopping you.

    Apart from the fact that CISCO does not provide the necessary hardware specs, nor development kits for their products?

    blabla ... Using something else, esp based on Linux, can cause even more problems - they can gain access by any other means, shutdown or change some OTHER critical system, and it shutdown the routing...Use your frickin head.

    Billy? Is that you?

  • Re:This has happened before (Score:3, Insightful)

    by Dave2 Wickham ( 600202 ) * on Sunday May 16, 2004 @10:32AM (#9166766) Journal
    Actually that wasn't the full Win2K source, and an exploit based on being able to see the code was released (see "Exploit Based On Leaked Windows Code Released" [slashdot.org]).

  • Theft? Wasnt there a backup? (Score:2, Insightful)

    by nurb432 ( 527695 ) on Sunday May 16, 2004 @10:43AM (#9166820) Homepage Journal
    You would think that a company as large as CISCO would have had a backup.

    I cant belive it was 'stolen' from them.

    Yes that was sarcasm. Just pisses me off how the world 'theft' is perversed when it comes to digital content.

    They COPIED it people. It wasnt STOLEN. ( yes, still illegal, but much different of a concept )

  • Re:Stolen...? (Score:2, Insightful)

    by Waffle Iron ( 339739 ) on Sunday May 16, 2004 @10:57AM (#9166922)
    Actually, it is appropriate to say that something was "stolen" in this case. That's because Cisco's code was supposed to be secret. Once their network was compromised, the secrecy is eliminated, and Cisco no longer has a secret. That's why it's common usage in English to say that somebody "stole a secret".

    This is different from calling illegal file sharing "stealing", where the information being appropriated has already been openly published. An illicit activity is taking place, and it may (indirectly) economically damage the artist or publisher. However, that is no more stealing than any number of other illegal acts that cause economic damage, such as vandalizing their offices or phoning in a false bomb threat.

  • Re:WARNING copyrighted source samples ahead! (Score:1, Insightful)

    by Anonymous Coward on Sunday May 16, 2004 @11:00AM (#9166932)

    No they don't: one is a *test* of IPv6 functions, so there is a printf.

    Agreed, also the code is indented, but rather then using a pre (formated) tag the newlines have been replace by br`s in the .ru site. The spaces are still there to be restored. I guess I just didn`t wan`t to believe this.

  • Re:Open source safer ?? doubtful (Score:5, Insightful)

    by mikep.maine ( 585648 ) on Sunday May 16, 2004 @11:04AM (#9166956) Homepage
    Let's not forget that open source provides robust security (in principle) where as for closed source we can never be sure.

    Software is only secure when specific security tests are performed against it. Almost no one does much of this, or even understands it well. I doubt that in 1000 readers, more than 5 could recite the top 5, never mind the top 20 tests you must perform.

    Open source is also not inherently better at security because of it must be peered reviewed. If the reviewer doesn't know what to check, then what is the point of the review?

    Software must be security certified by professionals, whether open or otherwise.

  • Re:Stolen from the #1 Security Company? (Score:5, Insightful)

    by Knightmare ( 12112 ) on Sunday May 16, 2004 @11:13AM (#9167021) Homepage
    Cisco is far from the #1 security company. There has been very little emphasis on security at Cisco until the last few years. As would be evident if you have used any of their products. 90% of their products don't come standard with SSH, they all still use telnet. But for an extra fee you can install SSH, that is if you buy enough ram for the router to support that code load...

    I think Cisco is working to change their security stance but, that takes time and lots of money. The money part they have covered, Cisco has an over 3 billion dollar R/D budget and if I remember correctly 2 billion of that is focused on security right now.

  • Re:Theft? Wasnt there a backup? (Score:2, Insightful)

    by toddlg ( 319712 ) on Sunday May 16, 2004 @11:52AM (#9167231)
    http://dictionary.reference.com/search?q=steal&r=6 7
    steal ( P ) Pronunciation Key (stl)
    v.

    1. To take (the property of another) without right or permission.

    http://dictionary.reference.com/search?q=theft&r =6 7
    theft ( P ) Pronunciation Key (thft)
    n.

    1. The act or an instance of stealing; larceny.


    Just pisses me off how the world 'theft' is perversed when it comes to digital content.

    They COPIED it people. It wasnt STOLEN. ( yes, still illegal, but much different of a concept )

    Care to explain to me how copying vs. stealing/theft is a much different concept? How does this perverse the definition of theft?

    If I break into your computer and digitally copy important/valuable information off of it, what's the first term to come to mind about what I did? That I "copied" your stuff or that I "stole" your stuff?

    COPYING is the method that they used to STEAL Cisco's stuff. Stealing is a violation of property rights (intellectual or otherwise). Copying is a way to steal IP. Whether IP/Copyright laws need to be revisited in a digital age is a topic talked about elsewhere...

  • Re:Stolen...? (Score:5, Insightful)

    by horza ( 87255 ) on Sunday May 16, 2004 @12:09PM (#9167335) Homepage
    How can the source code be stolen, when Cisco still has it?

    How can you have identity theft if you are still you?

    Phillip.

  • Re:Thats not all it does. (Score:2, Insightful)

    by $0 31337 ( 225572 ) on Sunday May 16, 2004 @12:26PM (#9167457) Homepage
    My ice coffee just shot out of my nose all over the fucking monitor... great comment :)

  • Makes perfect sense to me. (Score:1, Insightful)

    by Anonymous Coward on Sunday May 16, 2004 @01:44PM (#9167918)
    One thing you learn in the IT industry real quick is the cobbler's sons are the last shod.

  • Re:This has happened before (Score:5, Insightful)

    by AaronW ( 33736 ) on Sunday May 16, 2004 @02:21PM (#9168116) Homepage
    Good luck. Where I work we legally have access to Cisco IOS, although we're very strict and only a handful of engineers have the permissions to access it (me being one of them). The code is very clean and when I've browsed it looking to see if there's any exploits, I have thus far come up empty. The code does not look like the Microsoft code I've seen, which tends to be overly complex IMO. That's not to say we don't find bugs in Cisco's code, but generally it's very high quality.

  • Re:This really means nothing. (Score:2, Insightful)

    by Kenja ( 541830 ) on Sunday May 16, 2004 @04:40PM (#9168795)
    Thank god there aren't a bunch of old routers out there being used by people who think they are still secure.

Slashdot Top Deals

"When it comes to humility, I'm the greatest." -- Bullwinkle Moose

Close