Cisco IOS Source Code Theft Story Continues
securitas writes "eWEEK's Steven J. Vaughan-Nichols reports that the source code for Cisco's 'main networking device operating system was stolen on Thursday' (May 13) according to the Russian company SecurityLab. SecurityLab says that criminals broke into Cisco's network and stole 800MB of source code for IOS 12.3 and IOS 12.3t, a pre-release variant. The purported culprit(s) then bragged about the feat in an IRC session and offered 2.5 MB of the code as proof. Industry analysts Dell'Oro Group says that 'Cisco owns 62 percent of the core router market.' More at the Sydney Morning Herald and Windows Network magazine." Our original coverage was here of this story.
...if the entire internet was taken down? for an extended period of time? The world would fall into disarray. Although once upon a time the world functioned perfectly well without the internet. Amazing how technology makes us dependent just like junkies.
Forgive my ignorance, but if the code is truly solid code, without buffer overruns and the like, shouldnt this theoretically not matter (just as the code for stuff like ipfw is open)?
I realize however that Cisco code is likely more complex than the relatively simple stuff ipfw does.
I think that susceptibility will depend on what source was stolen. Was it the ENTIRE source? Or was it just pieces? They (the cracking types) may discover a hole in something that exists only in the Enterprise feature set, leaving most of the exposed routers on the Internet un-compromiseable (As most companies aren't going to pony up for the most expensive feature set when all they're doing is shuffling IP packets).
Also could find a problem in basic TCP/IP code, making every Cisco router on the planet a revolving door. I find this scenario highly unlikely, as thier base code is probably a lot more stable and reviewed than the newer, more advanced features.