Slashdot Mirror


Possible Cisco Source Code Theft

OmegaBlac writes "According to Ars Technica, a Russian security site is claiming that Cisco's corporate network was comprimised and about 800MB of Cisco's source code for IOS Operating System version 12.3 was stolen. I guess Cisco forgot to implement their own Self Defending Network solutions."

2 of 189 comments (clear)

  1. WARNING copyrighted source samples ahead! by Anonymous Coward · · Score: 5, Interesting

    The rusian site contains samples of the source claimed stolen!

    If these are authentic (which I personally begin to doubth more and more) then looking at them may be problematic if you ever intend on working on IPV6 stacks from someone else then cisco. (OpenBSD?)

    Now I did have a peek at that code and I can tell it looks very fake (Obiously *don`t* take my word for it and think its safe to ignore my warning!)

    • They are attributed to only one coder per file.
    • It isn`t indented (intentional obscurity?)
    • there are way to specific includes that dont make much sence (dothis.h)
    • I have a feeling there are includes missing
    • I spotted a printf, which seams odd for an IPV6 stack or part of an OS
    • I cant see any working logic, and I cant see how the code is supposed to do what the (short and very simple) comments claim it does.
    • It looks like there are many syntax errors but without a compiler, the preprocessor directives and identation it is hard to tell.

    Also at the forum of the .ru site there is a post from someone who claim the word on the IRC channel on which the story originates is that this is a fake.... But I am not touching that channel.

  2. May not lead to anything by Felinoid · · Score: 5, Interesting

    This is one of the companys that helpped make the Internet what it is today.
    (I'm not talking about spam, trolls or worms)

    They have the experence to know what can or can not happen.
    Sure they use obscurity but I doupt they believe it to be a sereous security layor. Instead they probably have experts pooring over ios every day.

    It is possable to have "Many Eyes" while remaining closed. Just have many expert eyes constantly on the code instead of many more untrainned eyes occasionally disecting the code.

    It's expensive so don't expect it to happen too often.
    Microsoft delutes itself into thinking that is what they have with a team of programmers working on the code. But in reality the only people who actually see the code is the original coder and a code verifier. Just two people for every segment of code.

    But I would guess Cisco uses the expensive version of Many eyes that we get for free in open source.

    --
    I don't actually exist.