Slashdot Mirror
Cisco IOS Source Code Theft Story Continues
securitas writes "eWEEK's Steven J. Vaughan-Nichols reports that the source code for Cisco's 'main networking device operating system was stolen on Thursday' (May 13) according to the Russian company SecurityLab. SecurityLab says that criminals broke into Cisco's network and stole 800MB of source code for IOS 12.3 and IOS 12.3t, a pre-release variant. The purported culprit(s) then bragged about the feat in an IRC session and offered 2.5 MB of the code as proof. Industry analysts Dell'Oro Group says that 'Cisco owns 62 percent of the core router market.' More at the Sydney Morning Herald and Windows Network magazine." Our original coverage was here of this story.
"As SecurityLab discovered, on the 13th of May all the source code of the CISCO IOS operating system, which is used in the majority of CISCO's network installations was stolen. The full extent of the stolen information runs to about 800MB compressed.
:)
According to our information, the release of fragments of the source code came about due to a break-in to the corporate network of Cisco System. Representatives of Cisco System have meanwhile made no comment on the incident.
The information came from a certain individual under the nick of franz on darknet@EFNet IRC, where he also presented a small part of the source code (about 2.5MB) as evidence.
Below are links to the first 100 lines of source code from the files ipv6_tcp.c and ipv6_discovery_test.c."
Apologies for any errors - my technical Russian's a little rusty.
++ Say to Elrond "Hello.".
Elrond says "No.". Elrond gives you some lunch.
You've got a real-time operating system, a basic file-system, the TCP/IP and all the other protocol stacks, the SNMP/MIB support and proprietary routing algorithms. Presumably, the source code would be documented to some extent, along with SCCS archiving. All of this could easily add up to over 800 Megabytes.
you are correct, Microsoft Internet Explorer Integer Overflow in Processing Bitmap Files Lets Remote Users Execute Arbitrary Code
Have you been reduced to only reading the slashdot headlines? If you had even read the writeup you would have seen that the person got two versions(12.3 and 12.3t). And you said it yourself - linux is just a kernel. Imagine how big the source code is for a full GNU/linux operating system. 800 megs does not sound entirely unreasonable for two versions of an operating system.
The source code to IOS was floating round the net about 5 years ago. Obviously not the same as the latest version...
as far as i remember the founders of Cisco are from Stanford not Berkeley.
- Back off man. I am a scientist
No, actually Cisco 'Classic' router IOS in its current state is much more closely related to an old DEC operating system. About 10-12 years ago, Cisco paid an 'unspecified' sum of money to DEC for the rights.
Also, please remember that IOS is partially a marketing term; the software running on the 800 series is not entirely the same, identical code running on a 7500. The RAM requirements alone make that absurd.
And the Cisco founders started at Stanford, not Berkeley.
Anonymous CCIE and former long-time Cisco employee
Not much chance that this will be seen now, but according to CNet Cisco has confirmed that "unspecified amount" of code been leaked. The article is here