Possible Cisco Source Code Theft
OmegaBlac writes "According to Ars Technica, a Russian security site is claiming that Cisco's corporate network was comprimised and about 800MB of Cisco's source code for IOS Operating System version 12.3 was stolen. I guess Cisco forgot to implement their own Self Defending Network solutions."
The rusian site contains samples of the source claimed stolen!
If these are authentic (which I personally begin to doubth more and more) then looking at them may be problematic if you ever intend on working on IPV6 stacks from someone else then cisco. (OpenBSD?)
Now I did have a peek at that code and I can tell it looks very fake (Obiously *don`t* take my word for it and think its safe to ignore my warning!)
Also at the forum of the .ru site there is a post from someone who claim the word on the IRC channel on which the story originates is that this is a fake.... But I am not touching that channel.
This is one of the companys that helpped make the Internet what it is today.
(I'm not talking about spam, trolls or worms)
They have the experence to know what can or can not happen.
Sure they use obscurity but I doupt they believe it to be a sereous security layor. Instead they probably have experts pooring over ios every day.
It is possable to have "Many Eyes" while remaining closed. Just have many expert eyes constantly on the code instead of many more untrainned eyes occasionally disecting the code.
It's expensive so don't expect it to happen too often.
Microsoft delutes itself into thinking that is what they have with a team of programmers working on the code. But in reality the only people who actually see the code is the original coder and a code verifier. Just two people for every segment of code.
But I would guess Cisco uses the expensive version of Many eyes that we get for free in open source.
I don't actually exist.