Slashdot Mirror
Cisco Source Code Up For Sale: Only $24,000
spackbace writes "The notorious, mysterious Source Code Club (SCC) has re-emerged, this time selling source code for a Cisco application in another blatant violation of copyright regulations.
Believed to be an anonymous collection of hackers, the SCC this week announced in a posting on a group Web site that it is offering the complete Cisco Pix 6.3.1 source code for US$24,000. Cisco Pix is a firewall application providing security, intrusion protection, network monitoring and other services for business and carrier networks."
Take a cue from SCO and drop the price to $699. That way EVERYONE will buy it!
Although I bet I'm screwed anyhow...
From my experience with PIXen, it's certainly not worth that...
Wouldn't these guys just figure that the code would get copied and shared after it gets sold. Once they sell it to someone, what keeps this guy from going and selling it for $10k? Or free?
One can only marvel at the irony - someone stealing the source code for "a firewall application providing security, intrusion protection, network monitoring and other services for business and carrier networks"!!!
[x] auto-moderate all posts by this user as insightful
there is no ebay-link this time... :)
But still i sense the good old "want to sell something? Advertise with a slashdot story" sprit
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
Anyone here has the source code for Linux OS? I'll pay roughly $2-3 grands via Yahoo Paydirect.
Cisco would charge more... They really should think about the legal fees...
with all the legal cases on "stealing" mp3s could they charge these people with posession of stolen property?
Relevant Google Search:d e+Club
http://www.google.com/search?hl=en&q=%22Source+Co
This is nothing that a little sting operation won't fix. Seriously, how do they plan on getting the payment without being traced?
"You mortals are so obtuse." -Q
and goto jail tomorrow....
Is there really such a thing in this day and age? That $24k has to go somewhere. Can't we just follow the money? It seems like this is the kind of thing that the feds would be all over. I see one of those huge multinational Interpol busts in about 5 weeks.
blarg.
but i'm in California and I don't want to pay tax on it.
If you think
Well we know people like this have a total disregard for intellectual property and therefore a total disregard for those with creative and intuitive minds. Its because of people like this that technology has the opportunity to implode... anyone got some mp3's I can download fromt them?
iSnack 2.0 - Download it now to your iToast 9.0
This is really casting a cloud over the closed source world. It seems the closed-source hackers just can't keep their hands out of the illegal pie, and won't ever respect other people's property. The more you dabble in closed-source products, the worse it gets.
Best to start open source from the beginning. F/OSS is clearly a culture of more balanced individuals.
RST
Exactly how could the SCC receive payment for this without getting a link back to who they are? Not my bag, so any info is of interest about this kind of crime.
Also on offer, apparently, is the Enterasys Dragon IDS 6.1 intrusion detection system (IDS) software for $16,000 and an old Napster file sharing code, a snip at $10,000.
The original name behind the group was one Larry Hobbles who now seems to have disappeared. The Source Code Club is now said to be hawking a list of other stolen code to anyone who buys one full copy of the source code for sale.
http://www.busyweather.com/
Grammar fascism aside, it's only a copyright violation where copyright exists. Not in, say, China.
Si la vida me da palo, yo la voy a soportar Si la vida me da palo, yo la voy a espabilar
You can buy all that and more elsewere, cheaper.
hell, some time ago ppl used to "free" source code like this just for fun. only greedy kids nowadays it seems ;) :)
and not smart... or very smart and this is a scam... If I were selling it, first thing would be to contact key agencies/companies anonymously, not this freak high-profile thing. sounds bad. and there are no md5 or something of a few files to prove it is the real thing.
Seen IOS and other srcs years ago... This is what they get for playing the closed source game: FEAR.
pssst... meet me behind the phone box, come alone.
So, for 24k, you can buy the PIX source code... For what?
You obviously can't sell a product using this stolen code. A company can't exactly buy it and roll their own version.
So it's really only good if you want to look for bugs in PIX that you can exploit, and since this is being sold by a group of hackers, you can bet that they've already looked for everything possibly exploitable.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Due to popular demand, the Source Code Club will now offer the Linux kernel source for $50k.
well, seeing as how they got the source code in the first place, i think they could figure something out
then again, what the hell do i know? my president worked for an oil company and couldn't find oil in texas, so, who knows?
vodka, straight up, thank you!
If you follow (or try) the people that can read tcpdump (or simular) logging like plain english and then in turn generate the packets to interact (exploit) what they see. I doubt having pix source code would matter much.
Also the 'IDS' features of the pix are static and pretty mundane and not tied to the IDS product so i am sure most people know how to get around them.
members are seeing something, your seeing an ad
1)Purchase SCC's code: $24k
2)Purchase Linksys W54G from BestBuy
2.5) Port SCC code onto W54G.
3)Resell Modded Linksys W54G to Fry's Electronics
4)Profit!!!!
If you think
Isn't going to start handing it out for free.
The only real reason to want the code is to find exploitable holes in the software. If you're paying 24k so you can do that you presumably want to use those exploits for a purpose. Releasing the sourcecode and risking exploits becoming public (and then patched) devalues your investment.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
Boy I'd love to get my hands on the source of the Cisco Link Statnus meter so I could hack it and have a working LSM for my 350 series Cisco radiocard in Linux.
You're right, I wouldn't steal a car. But if it were possible, I sure as hell would download one!
If anyone here is seriously considering this, I have a bridge you might be interested in...
And Cisco, beat them to it by realeasing a totaly new version of the compiled firmware, then GPL'ing the source that they're trying to sell.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
Who'd bet this is more likely an FBI sting to get people who would use/modify/resell this code.... It wouldn't be the 1st time they did it.
So what if the source code is available? If the device is any good, availability of source code shouldn't make any difference to the security.
I'm not sure the source code to a huge programme is useful.
About the only thing you can do with it, without *understanding it*, is compile it and use the binary (and stealing the binary in the first place is much easier than the source.)
The effort required to understand a large programme is vast. It's far easier just to buy a license.
--
Toby
k......and this is in the SCC thread because...?
Anyone who would pay for this would have to be an absolute idiot. First of all there is no guarantee the source code even the real thing. If it isn't as advertised, what are you going to do? Take an anonymous Russian hacking group that you knowingly bought stoken IP from to court? It's like the guy who calls the police and files a report about his pot stash being stolen.
-R
From where I sit, you know how to whine.
puts on tinfoil hat
suppose for just a minute that you wanted to contact, trace, and/or otherwise smoke out large numbers of people interested in buying source code to security applications. Might one approach be to
(a) publicize a code theft
(b) pose as a 'known' hacker organization selling the code
(c) fully investigate everyone who contacts you
I'm leaving the tinfoil hat on, I just noticed we'll see Republicans in power for 4 more years
But seriously, how are you going to trust "SCC" not to actually be "FBI" or even "NSA"?!? What are you going to do, ask them if they're cops!?!?
Sure enough, here's the CISCO Pix file listing and the "newsletter".
The value of this intellectual property is not defined by the cut-and-pasteability of source code into a company's product. Certainly, this is not the likely application for any would-be buyers. Instead, knowing how the #1 router company in the world implements stateful packet-filtering on an embedded device is a very worthy piece of knowledge that can be used as a basis for the design of anything that touches a packet.
In addition, Cisco spends hundreds of thousands of dollars in their support organization identifying hard-to-find interoperability issues and exception cases, testing things out in the lab, and then coding up fixes. All of these real-world experiences and corresponding code work-arounds that impact every other firewall/VPN/routing product on the market are captured in this source code.
Cisco PIXes have proprietary integration with third-party products, such as IDS systems, content-filtering proxies (e.g. WebSense), etc. This source code surely exposes these APIs, which are covered by Cisco's own NDA with these companies and are coveted by anyone trying to integrate with such closed-source commercial offerings.
Were it legal, it'd be a bargain!
I wonder how they work out the values for the source they steal. Is it just based on how long it took them to get it, or do they have a formula like the Ed Norton one in Fight Club?
--
The last digit of pi is four.
Information wants to cost 24 thousand dollars!
I submitted the same story too... here's some more info you won't find on the EST site.
The first time these guys surfaced was on FullDisclosure mailing list. Here's the message. Their website which, apparently, doesn't work anymore. Techworld article can link you to a lot more information.
My other dog is a Wienerschnitzel.
They should be extorting/blackmailing CISCO themselves for millions, with the threat to release their source code to the general public.
It would be in CISCO's best interests to make sure that doesn't happen, as their firewall security would be severly compromised if their code was exposed to hackers worldwide... :)
The friendliest digital photography forums on the net!
Peter Gibbons : I can't believe what a bunch of nerds we are. We're looking up "money laundering" in the dictionary.
pssst, there is another firewall you can download from here for free!!! Can you believe that??? But shhh! keep it quiet or they'll shut down the mirror.
___
If you think big enough, you'll never have to do it.
Geez, 6.3.1 is so old, I've already had to upgrade my Pix twice due to software errors that would cause the box to reset itself under moderate load. Current version is 6.3.4, and there have been a load of fixes. Maybe someone will want to buy it so they can write their own fixes & see if they work better than Cisco's updated version.
These people looked deep into my soul and assigned me a number based on the order in which I joined.
Here's the newsletter that they just posted to alt.gap.international.sales.
duh!
Whoa, you mean you can't just download the source code from cisco.com already?
And people actually trust their businesses to this stuff? Yeah we use PIXen and other Cisco products but they don't seem to have much advantage these days.
C'mon Cisco, you can solve this problem pretty easily. Put the source code up on your web site for $0.
Get Your Red Hot source Code! Only 24k for you, today!
This could just be a scam. I scanned the article, and saw nothing of cisco confirming this. How does one trust these people, and if they do shaft the people buying the code (i.e giving them fake files) what recourse do the buyers have? Kinda like one of those 419 scams, think you get rich by cooeraationg with dishonest people, only to find out that they hosed you.
And I *swear* I'm not a cop...
I've thought (sterotypically) that old Eastern block countries are backward and generally lawless (everything is for sale.) So ASS-U-ME'ing the thieves are from one of "those" countries, what's to prevent one of these companies that had their code "stolen" to put out a contract on those thieves? Once the word gets out, I think it would be a much more effective deterrant than say... a couple years in jail.
ELOI, ELOI, LAMA SABACHTHANI!?
I disagree with the above statement.
Having the source to even a large program can be incredibly useful. Obtaining the source would lead to a higher level of understanding of the way Pix firewalls work. Knowing exactly how it is coded, being a closed-source product, you would now have the possiblity to have exclusive knowledge to flaws in the code.
Now, one hacker trying to sort through all of the code by oneself could take a very long while, unless it is well documented. Consider the possiblity that a hacker group acquired it. Say 12 hackers. You could divide it up and find flaws much quicker.
Given the wide use of Pix firewalls, it could end up being a skeleton key to thousands of corporate networks, assuming of course that it is the real deal.
All code has at least one bug...
Wanna buy a camo colored, flame resistant suit? Only $699! And you can close it as well; there's a zipper in the back!
Buy! BUY!!
"The only clear view is from atop the mountain of our dead selves." - Peter Carroll
Because willingly opening up source code is not the same as selling stolen code?
When the source is open(ed), its a great thing.
This is not!
The system had the verbosity of HTML combined with all the readability of compiled assembly viewed as bitmap images
Shhh...
Help Brendan pay off his student loans
I would rather have the source code for MS bob than
a pix firewall.
Got Code?
If it is the real thing and is worth 24K why would you advertise it for sale. Seems you would sell it black market to someone who realy needs it (Netgear) and not on a street corner like you would crack.
They're interested in embarassing the company. Either they're trying a blackmail scheme and this is the "or else". Or this may be their way of bragging about having stolen the source.
Second, what's so great about security through obscurity? Anyone is capable of scanning software for buffer overflows, etc, even for binaries. Plenty of packages exist for doing just that. The obscurity buys you exactly nothing. Unless you also sell such scanners, in which case it gets you a few sales of those.
Third, what's "Open Source" got to do with Stolen Source? Unless you're from SCO, there's no relationship. And even then, I'd question as to who was doing the stealing.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
The offer to sell the source code wasn't "posted on the group's Web site", no matter what Enterprise Security Today claims. It was done via a newsgroup posting. Go read it if you want to actually learn what the Source Code Club says about communicating and paying them anonymously, instead of reading rubbish written by lazy journalists whose legal departments won't let them link to interesting things.
Sigs? Sigs? We don't need no steenkin' sigs.
if someone stole the source then its not a very effective at keeping people out, is it?
$24KUSD? dont think so.
http://www.digifuzz.net
okay slashdot. why on earth do you both modding someone up just because they typed "source code club" into google and posted a search link.
a +bunch+of+knobs&btnG=Google+Search&meta=/
r ator+iq+zero&btnG=Search&meta=/
e +noise%2C+dammit&btnG=Search&meta=/
i di ots
i mean, i didn't get points when i suggested:
http://www.google.ca/search?hl=en&q=you+guys+are+
http://www.google.ca/search?hl=en&q=slashdot+mode
http://www.google.ca/search?hl=en&q=filter+out+th
yours faithfully,
another anonymous coward
who-doesn't-have-a-nick-because-the-masses-are-
Do Not Pass Go.
Do Not Collect $24000.
Buy Steampunk Clothing Online!
Comment removed based on user account deletion
Not that I particularly trust Cisco, but I wouldn't trust these guys - or any such shadowy group - without going through a MAJOR code audit first. Not sure I'd even pay 24,000 without some guarantee of getting the code.
remote root is pretty fucking significant. jesus christ what a stupid comment you made.
The SCC are my new hero's - i'm sure they'll be caught sooner than later, but damn thats fucking awesome in a hilarious way.
Ave Molech Setting
Whoever is behind the SCC is laying bait for indivuals who have access to and are willing to obtain proprietary source code. It's simple misdirection.
From the newsgroup thread...
The SCC team does not expect you to trust us. To address this problem, we will split up the information into many files and you may purchase each part for a fraction of the total price. As your confidence grows with SCC, you may feel compelled to purchase these parts in bulk. Here is an example:
We are offering you a ~1 gigabyte compressed file for $10,000. We offer this file in 20 50 megabyte parts at $500 per part (10,000/20). You send us $500, we send you part 1. You send another $500, we send part 2. You choose to send $1000 and we send parts 3 and 4, etc etc. The rate that you purchase pieces is entirely up to you. As your confidence grows, we know that you will choose bigger pieces.
We also include detailed instructions on how to decrypt and put together the peices, it is a simple process that can be done with any unix computer.
The problem with this scheme is that critical elements of the source can be intentionally withheld and that those pieces could be sold in all likelihood at a ridiculous amount. I mean if a moronic company actually decided to buy source code from these guys, and they are spending $5,000 on each "piece" of the code, they will want the entire thing. This goes beyond just scamming the software companies... this is almost similar to a Nigerian 419 scam in a way.
Karma police, arrest this man, he talks in maths....
your statement is the most ignorant statement I've ever heard. Please go rm -rf yourself
Put it on eBay and people will pay 4 times what it's worth, then re-sell it for half what they bought it for 2 months later. Reverse-economics.
R(k)
Completely closed sourced company, nothing ever released to the public, opern source alternatives available....
BUT NO BASHING A LA MICROSOFT?
wonder why not?
If their security didn't suck, the leak wouldn't really matter.
Obviously there are holes that they were just hoping that nobody would find in time, but that are obvious with the source.
Looks like it sucks to be them.
Your right! They did answer.
/.'ers will call too?
Wonder how many others
we need a Source Code Industry of America (SCIA) to handle such flagrant copyright violations by suing the snot out of anyone transferring unauthorized source code.
The SCIA would need a web spider to go around checking pages for appropriate keywords so that it could send out generic Cease and Desist orders via email. Adding Generic Legal Threats(tm) optional.
--- Asking inconvenient questions for over 30 years...
I hate to be the only one to bring this up, but who says they are breaking copyright law? Assume they only have one copy, and they are selling THAT one copy. If a Cisco employee legally produced a copy of the source code then there is no *COPYRIGHT* law against that copy changing hands as many times as the possessor desires, for profit or otherwise. Yes, someone somewhere probably broke a contract, which carries separate legal ramifications, but in this scenario absolutely no copyright laws have been broken, and likely the SCC has broken no laws whatsoever.
Really, I really don't understand why this is a big deal. Anyone worth their salt in trying to take the code and develop the 'sploits doesn't need the source to get 'em. Many groups out there have already reverse-engineered the OS without the source and have plenty of 0-day exploits for the PIX, as well as Checkpoint and many other vendors. These groups are commerical R&D groups as well as hackers.
Between all the 0-days for Checkpoint and PIX, I honestly don't understand why anyone in their right mind would want to use these firewalls. This source offer is for eager script kiddies and nothing more.
Just to show this is for real, here is some of the PIX code:
10 PRINT "WHAT IS YOUR INTERNET ADDRESS"
20 INPUT I$
30 IF I$ = "JUNIPER.NET" THEN PRINT "FULL ACCESS GRANTED"
40 GOTO 10
...as CCNE's and the like.
I am NaN
I can break the law for free!
“Common sense is not so common.” — Voltaire
Here are some banks to use for your transaction: http://www.aa419.org/ladvampire.html
Irene KHAAAAAAN!
All the newsgroup posting that Larry person has made (4) come from finnish hosts. It's only two different IPs, so it's hard to say whether this actually means anything, but it does make you wonder, ne? Did he just use cracked boxes to make those posts, or does he actually live in Finland? In the latter case, the police could probably find him relatively easily, considering one of the computers is also the webserver of a finnish school.
quidquid latine dictum sit altum videtur.
Hey everybody-- I got into Kernel.Org's repository and managed to download the source code for Linux, and many security-related utilities. This is the same codebase that is used on some Cisco products.
I will sell a copy to anyone for $24,000
Oh wait....
Now I feel a lot safer about using Linux for my firewall appliances (Yeah, OpenBSD would work too)...
LedgerSMB: Open source Accounting/ERP
With the Pix code, we are not talking about something where we are likely to jsut be able to put a binary in and run it to look for buffer overruns, so this is not really an issue. However, this makes the theft much more significant.
WHich would you rather be running? Microsoft ISA Server where the hood is welded shut or Linux?
If you are using ISA Server (or PIX in this case) and the source code is stolen, this means that only the bad guys get to look at it. This means more problems for you (unlikely to get problems fixed in time). If you are running Linux, you have peer review, and if you are wise about your choise of security programs to run on it, will have a much more attack-resistant box in part because of the open source nature.
LedgerSMB: Open source Accounting/ERP
They thought that by leaking the source code, they could pull a Microsoft stunt (http://www.cnn.com/2004/TECH/biztech/02/13/micros oft.source/)
in the hopes that the open source stance would help their product development.
Then claim the proposed changes to be trade secret violation, suing all contributor while secretly rolling them into the next version.
(somehow BSD kernel developers would be accused and then SCO would file suit to Cisco claiming that SCO invented limits.h )
Ok people, let's go over it once more.
The first rule of the Source Code Club, is that you don't talk about the Source Code Club.The second rule of the Source Code Club is- you DO NOT talk about Source Code Club.
Open Source Java Web Forum with LDAP authentication
Why bother buying PIX sourcecode when you can just download OpenBSD?
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
Oh yeah of course, and KFC are slipping arsenic and cyanide into the recipe which is why they're keeping it secret as well.
3.5) ????
You can mod your friends, you can mod your nose, but you can't mod your friend's nose.
Heh, and you might want to change your sig there sparky...
Jaysyn
There is a war going on for your mind.
Since when does anyone actually have to STEAL anything to get the SCO to sue them?
I am not a left winger, and I have a (sometimes) political blog.
Pubcrawler.ca
.
"In your face you morons"
Dick Cheney posts to slashdot?
Classy.
The Democrats had a pathetic showing. I almost felt sorry for them. Amost.
1. Find highly illegal idea you normally wouldn't be able to advertise through traditional means.
2. Submit story to slashdot
3. Profit!!!
No, it's not like them slipping arsenic in, it's just like Micky Dee's not nessessarily checking if the meat is fresh because they can ship it out the door faster and quicker if they don't.
:p )
(the arsenic comment would probably be more appliciable to microsoft
If it was truly secure, then a source leak would be an IP problem, not a security issue.
Or make them Open source and claim for their own! (after all if it's close source, who knows where it came from). (joke).
If CISCO would have placed its source code behind a quality router, it would not have been available. Therefore, Watson, the maid and butler are on the suspect list. Who at CISCO recently did not get that raise that thought they were entitled?
Oh, wait, I was thinking of SSC , not SCC, never mind.
You know, there are only so many TLD's (Three Letter Dohickies) to go around, I suppose... wait, I've just been told it is TLA, Three Letter Acronym, and that TLD is something else, but that they too are running in short supply.
Ok, everyone, obviously we must move to a Four Letter based society - anyone know any good four letter words to start things off?
This issue is a bit more complicated than you think.
--
TABLE OF CONTENTS
1) Contact Information
2) News
3) Buy
4) FAQ
5) About
Contact Information
Two ways to contact us:
1) Post a PGP message encrypted with our public key via usenet to: alt.gap.international.sales This method of contact is preferred.
2) Send email to: dmitrysky@rediffmail.com
THE EMAIL COULD CHANGE OR GO DOWN. If you absolutely must get a message to SCC, we recommend using usenet. The SCC PGP public key is located on full disclosure mailing list archives, usenet, and the end of this newsletter. It is wise to make sure they all match, for your safety. This public key will NEVER change. Only PGP encrypted email will be responded to.
News
SCC is proud to announce the general availability of Cisco Pix 6.3.1 source code. This release is significant because pix is vital to the security of many ultra-secure networks.
With the ubiquity of pix devices these days, we see a huge market for such code. Many intelligence agencies/government organizations will want to know if those 1's and 0's in the pix image really are doing what was advertised. You must ask yourself how well you trust the pix images you download to your appliance from cisco.com.
After reading the code, you may build the source code with one of the many Makefiles provided in the distribution to create your own in-house pix images. Sleep well at night knowing exactly what is sitting in your pix device's memory. Scroll down to the Buy section below for more information.
The price of Enterasys IDS and Napster has been raised. SCC is a dynamic entity, always evolving and trying out new ways of doing things. We have made a few changes in the way we operate, all for the
better.
We are now offering some buyer incentives. After you purchase one full source from SCC, you become a private member. Private members get access to lists of sources that are not available to the general public. This list may contain sources that have been deemed to sensitive to put up
for public buying, or it may contain sources that we plan on releasing in the future to public buyers. Private members not only get many months advance buying power to the sources, but will also pay less for sources than non-members.
The source you purchase to become a private member can be any source, no matter how cheap or expensive. This means you will purchase every 'part' of the source before becoming a private member.
We keep track of who is a private member by your PGP public key. This way a customer may always approach us from any anonymous place, and we can always verify he/she is a member by the public key. Do do not destroy those PGP keys!
Buy
SCC is currently offering:
o Cisco Pix 6.3.1-release source code (NEW!)
o Enterasys network and host IDS source code and design documentation
o Napster source code repository
Buying Options:
1) All at once
2) Piece by piece
Buying Instructions:
Email us with our PGP key to tell us how many pieces of which package you wish to purchase (read FAQ if you are confused). PUT YOUR PUBLIC PGP KEY INSIDE THE MESSAGE SO WE CAN RESPOND TO YOU. We will not take orders from anyone not using PGP.
Cisco Pix Information:
Cisco Pix is one of the leading firewall security applications on the market. This firewall provides security, ipsec, vpn, intrusion protection, network monitoring, and much more services that can be used
on small personal & business networks and massive gigabit carrier networks. For more information on this product and many other great products, please visit www.cisco.com.
The source package includes all sources and 'make' files to compi
I am selling the linux source code for $50000 Just mail me your check and I will send you a link to download it from :)
cheers,
Osho
Create enough disgruntled US programmers and this was bound to happen. Of course, $24,000 is 3 times more then the average Indian programmer is making so I guess that was bound to happen too.
according to several sources, there have been lists floating around offering money for laptops of top executives. it's not a stretch that these guys are willing to break into the homes (or home boxes) of programmers. i've often thought that the weak link is the use of VPN technologies on the same LAN as kids' machines running vulnerable apps. enumerate a bit, nail a kid through a trillian hole, jump to his dad's machine, prance past the firewall to the corp. easy as pie.
This looks to be the only way of finding and then removing the hole.
OSS stateful packet firewalling is open to finding holes etc. How come that isn't causing the fall of the Linux empire?
This "find an exploit" problem is only a problem is the code is buggy and is not going to get fixed.
It is a benefit to customers if perusing the code finds a backdoor. Buyers of the kit *must* be allowed to find out.
Hmmm, Maybe they meant Source Code Organization (SCO)
Those guys could be behind any and all kinds of theft.
I am the unwilling control for my Origin.
Open source is great partly because if you spot a security flaw, you can fix it. I suspect Cisco aren't going to take too kindly to someone emailing them with "I've just bought a stolen copy of your source code and you've got a bug in line 254".
First, why should source code be closed?
It is closed because they wrote the code and they have the right to release it as they please. They have to respsct your decision to open your source code and you have to respect theirs to keep theirs closed. It is a product that they sell. If they open the source, they lose much of the capibility to sell it. It's really not that hard to understand.
Not everything is analogous to cars. Car analogies rarely work.
You sit there and wonder... Why the hell are they asking for $24,000 USD? Isn't it an odd amount to ask for? Get off your america-is-the-center-of-the-world attitude and look at some interesting conversions. There are a number of countries that are involved with these happenings, russia, south africa, findland, india, uzbekistan(spelling? don't care), and some others.
Lets take a brief look at some currency conversions.
24,000.00 USD United States Dollars = 25,082,065.34 UZS Uzbekistan Sums
24,000.00 USD United States Dollars = 1,091,064.00 INR India Rupees
25 million UZS's, or 1 million Rupees, sounds much more "hostage like" then $24,000.
Carry on with country specific flaming. Here i'll give you a topic, not only are good IT jobs being outsourced but so are black hats! You better protect your black-hat interests before it's too late.
Why pay $10,000? File sharing code compatible with the old Napster is available here.
Get Your Red Hot source Code! Only 24k for you
Want Red Hat source code? I can beat your price here.
That's called the Business Software Alliance, the one with the copyright weasel.
Slashdot stories about the BSA
Because 'stolen' is not the same as 'illegally copied'.
Maybe it's Cisco trying to get some money from the product before replacing it.
Maybe it's Cisco trying to get some money out of its product before replacing it.
Mayhaps the PIX doesn't have a pretty GUI or other bells, but there's a very good reason why it is the #1 firewall for highly sensitive networks: it does exactly what you tell it to do for near infinity.
Cisco is not obligated to release their code under any specific license, they merely choose to release it under a Closed Source license. Whether Closed is better/worse than Open for commerce is irrelevent, their choice is the only decision that matters.
Having said that, IBM are making significant money off their Open Source software. Given they have 10,000 programmers on their Open Source team, their costs must be high. So, if they're still making tens of millions off it, I'm willing to wager that the license isn't seriously hurting their ability to make money.
So, I have to say I think you're wrong on just about all points.
Oh, and nobody has to "respect" anybody's decision on anything. Respect is also a choice. That's why there's a legal system. If respect simply existed, or could be mandated, we would never need to take anybody to court.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Here is the original announcement of the sale
Bwahahahaha.
That is the funniest thing I've seen all week.
Stop it.
Lost at C:>. Found at C.