Slashdot Mirror

← Back to Stories (view on slashdot.org)

Possible Cisco Source Code Theft

Posted by CmdrTaco on from the gotta-hate-when-that-happens dept.

OmegaBlac writes "According to Ars Technica, a Russian security site is claiming that Cisco's corporate network was comprimised and about 800MB of Cisco's source code for IOS Operating System version 12.3 was stolen. I guess Cisco forgot to implement their own Self Defending Network solutions."

12 of 189 comments (clear)

  1. Stolen from the #1 Security Company? by imidazole2 · · Score: 5, Insightful

    Whats the deal with that!?

    if true, this could cause big problems not only for Cisco, but for the entire Internet. Cisco routers are responsible for routing much of the Internet's traffic, and the company has long practiced a policy of "security through obscurity."

    We're all screwed.

    --

    -Imidazole2
  2. Closed source vs Open source by Ckwop · · Score: 5, Insightful

    One (of the many) problem(s) with the closed source business model is the fact that the entire company can depend on this intellectual property. The security surrounding that source has to be so huge that the problem quickly becomes intractable.

    Open source however, by virtue of it being free (as in Iraq hehe), is worthless. Support contracts are alot harder to steal :P

    Let's not forget that open source provides robust security (in principle) where as for closed source we can never be sure.

    Why do we still use so much closed source stuff :/
    Simon.

  3. Not just possible, truthful by CptChipJew · · Score: 5, Funny

    This did actually happen. A friend in an IRC channel I frequent was pasting large portions of it to show off.

    I can't help much see a nearby future full of Cisco-powered site takeovers :(

    --
    Vonal Declosion
  4. Re:IOS OS by JohnFluxx · · Score: 5, Insightful

    Don't touch it, don't see it, don't breathe near it, if you ever plan on contributing to linux.

    Leaked code is very dangerous to open source software.

  5. WARNING copyrighted source samples ahead! by Anonymous Coward · · Score: 5, Interesting

    The rusian site contains samples of the source claimed stolen!

    If these are authentic (which I personally begin to doubth more and more) then looking at them may be problematic if you ever intend on working on IPV6 stacks from someone else then cisco. (OpenBSD?)

    Now I did have a peek at that code and I can tell it looks very fake (Obiously *don`t* take my word for it and think its safe to ignore my warning!)

    • They are attributed to only one coder per file.
    • It isn`t indented (intentional obscurity?)
    • there are way to specific includes that dont make much sence (dothis.h)
    • I have a feeling there are includes missing
    • I spotted a printf, which seams odd for an IPV6 stack or part of an OS
    • I cant see any working logic, and I cant see how the code is supposed to do what the (short and very simple) comments claim it does.
    • It looks like there are many syntax errors but without a compiler, the preprocessor directives and identation it is hard to tell.

    Also at the forum of the .ru site there is a post from someone who claim the word on the IRC channel on which the story originates is that this is a fake.... But I am not touching that channel.

    1. Re:WARNING copyrighted source samples ahead! by cide1 · · Score: 5, Informative

      Yeah, I'd like to believe you, but I've seen people get away with murder in source code before. Open source coders worry a lot more about things like indentation, and filenames that make sense. In closed source shops, a lot of times what is quickly coded as a prototype becomes the shipping product, and things like indent cant be used because it breaks diffs. As much as I'd like to look with my own eyes, this sounds like one of the things it would be best if I just ignored it.

      --
      -- the computer doesn't want any beer, no matter how much you think it does. NEVER, EVER feed your computer beer.
  6. May not lead to anything by Felinoid · · Score: 5, Interesting

    This is one of the companys that helpped make the Internet what it is today.
    (I'm not talking about spam, trolls or worms)

    They have the experence to know what can or can not happen.
    Sure they use obscurity but I doupt they believe it to be a sereous security layor. Instead they probably have experts pooring over ios every day.

    It is possable to have "Many Eyes" while remaining closed. Just have many expert eyes constantly on the code instead of many more untrainned eyes occasionally disecting the code.

    It's expensive so don't expect it to happen too often.
    Microsoft delutes itself into thinking that is what they have with a team of programmers working on the code. But in reality the only people who actually see the code is the original coder and a code verifier. Just two people for every segment of code.

    But I would guess Cisco uses the expensive version of Many eyes that we get for free in open source.

    --
    I don't actually exist.
  7. Oh Really? No. by Frequanaut · · Score: 5, Funny

    Seriously, A friend of mine, in an icq conversation told me it wasn't true. Plus my mom said so as well.

  8. Re:IOS OS by Ithika · · Score: 5, Insightful

    Surely that's only the case if being covered by software patents... which I think the general consensus in the Linux devlopment world is that's a Bad Thing(tm). Whether they will apply in Europe is still being discussed.

    Copyright-protected code is obviously not allowed, but as long as there's a way of implementing the same thing in a different manner (always assuming that European s/w patents don't get ratified) I fail to see any issue in understanding how some other piece of software works.

    The whole SCO debacle has done more than just piss everyone off, there's been a remarkable amount of reticence to learn from code that isn't Free. By that very logic authors shouldn't be allowed to read books and composers should be banned from listening to music.

    --
    This has been a scatterbrained post on behalf of the Poorly Thougt-out Argument Party

    --
    the layman's guide to computer science
  9. Re:Time for a new motto by ch-chuck · · Score: 5, Funny

    How about, " The next Slashdot story will be ready soon, but readers of ArsTechnica can beat the rush and see it early!"

    --
    try { do() || do_not(); } catch (JediException err) { yoda(err); }
  10. Re:Open source safer ?? doubtful by mikep.maine · · Score: 5, Insightful
    Let's not forget that open source provides robust security (in principle) where as for closed source we can never be sure.

    Software is only secure when specific security tests are performed against it. Almost no one does much of this, or even understands it well. I doubt that in 1000 readers, more than 5 could recite the top 5, never mind the top 20 tests you must perform.

    Open source is also not inherently better at security because of it must be peered reviewed. If the reviewer doesn't know what to check, then what is the point of the review?

    Software must be security certified by professionals, whether open or otherwise.

    --
    Mike www.sharecube.com
  11. Thats not all it does. by CodePyro · · Score: 5, Funny

    "I guess Cisco forgot to implement their own Self Defending Network solutions"

    No they did implement it. But when it found out that it was outnumbered by the hackers, the self-surrender module(also know as the french module) went into effect.