Slashdot Mirror


Cisco IOS Source Code Theft Story Continues

securitas writes "eWEEK's Steven J. Vaughan-Nichols reports that the source code for Cisco's 'main networking device operating system was stolen on Thursday' (May 13) according to the Russian company SecurityLab. SecurityLab says that criminals broke into Cisco's network and stole 800MB of source code for IOS 12.3 and IOS 12.3t, a pre-release variant. The purported culprit(s) then bragged about the feat in an IRC session and offered 2.5 MB of the code as proof. Industry analysts Dell'Oro Group says that 'Cisco owns 62 percent of the core router market.' More at the Sydney Morning Herald and Windows Network magazine." Our original coverage was here of this story.

4 of 318 comments (clear)

  1. Can you imagine... by Anonymous Coward · · Score: 5, Insightful

    ...if the entire internet was taken down? for an extended period of time? The world would fall into disarray. Although once upon a time the world functioned perfectly well without the internet. Amazing how technology makes us dependent just like junkies.

  2. Secure ? by cyberfunk2 · · Score: 5, Insightful

    Forgive my ignorance, but if the code is truly solid code, without buffer overruns and the like, shouldnt this theoretically not matter (just as the code for stuff like ipfw is open)?

    I realize however that Cisco code is likely more complex than the relatively simple stuff ipfw does.

    1. Re:Secure ? by flying_mushroom · · Score: 5, Insightful

      The problem is that, with 800 MB of code it's virtually impossible to be sure that there are no serious bugs somewhere.

      Sure, it might be more solid than Windows (!), but no large software project nowadays can presume to be bug-free. It's just too much code and possible scenarios to say that it all has been tested.

  3. Vulnerability by version by RicoX9 · · Score: 5, Insightful

    I think that susceptibility will depend on what source was stolen. Was it the ENTIRE source? Or was it just pieces? They (the cracking types) may discover a hole in something that exists only in the Enterprise feature set, leaving most of the exposed routers on the Internet un-compromiseable (As most companies aren't going to pony up for the most expensive feature set when all they're doing is shuffling IP packets).

    Also could find a problem in basic TCP/IP code, making every Cisco router on the planet a revolving door. I find this scenario highly unlikely, as thier base code is probably a lot more stable and reviewed than the newer, more advanced features.