Cisco Source Code Up For Sale: Only $24,000
spackbace writes "The notorious, mysterious Source Code Club (SCC) has re-emerged, this time selling source code for a Cisco application in another blatant violation of copyright regulations.
Believed to be an anonymous collection of hackers, the SCC this week announced in a posting on a group Web site that it is offering the complete Cisco Pix 6.3.1 source code for US$24,000. Cisco Pix is a firewall application providing security, intrusion protection, network monitoring and other services for business and carrier networks."
Take a cue from SCO and drop the price to $699. That way EVERYONE will buy it!
Although I bet I'm screwed anyhow...
From my experience with PIXen, it's certainly not worth that...
One can only marvel at the irony - someone stealing the source code for "a firewall application providing security, intrusion protection, network monitoring and other services for business and carrier networks"!!!
[x] auto-moderate all posts by this user as insightful
there is no ebay-link this time... :)
But still i sense the good old "want to sell something? Advertise with a slashdot story" sprit
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
Anyone here has the source code for Linux OS? I'll pay roughly $2-3 grands via Yahoo Paydirect.
with all the legal cases on "stealing" mp3s could they charge these people with posession of stolen property?
Is there really such a thing in this day and age? That $24k has to go somewhere. Can't we just follow the money? It seems like this is the kind of thing that the feds would be all over. I see one of those huge multinational Interpol busts in about 5 weeks.
blarg.
but i'm in California and I don't want to pay tax on it.
If you think
It's not worth all that much to them sitting on their drives anyways. Who knows, some wacko might actually pay!
But really it's just to generate bad publicity for cisco
Also on offer, apparently, is the Enterasys Dragon IDS 6.1 intrusion detection system (IDS) software for $16,000 and an old Napster file sharing code, a snip at $10,000.
The original name behind the group was one Larry Hobbles who now seems to have disappeared. The Source Code Club is now said to be hawking a list of other stolen code to anyone who buys one full copy of the source code for sale.
http://www.busyweather.com/
So, for 24k, you can buy the PIX source code... For what?
You obviously can't sell a product using this stolen code. A company can't exactly buy it and roll their own version.
So it's really only good if you want to look for bugs in PIX that you can exploit, and since this is being sold by a group of hackers, you can bet that they've already looked for everything possibly exploitable.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
If you follow (or try) the people that can read tcpdump (or simular) logging like plain english and then in turn generate the packets to interact (exploit) what they see. I doubt having pix source code would matter much.
Also the 'IDS' features of the pix are static and pretty mundane and not tied to the IDS product so i am sure most people know how to get around them.
members are seeing something, your seeing an ad
1)Purchase SCC's code: $24k
2)Purchase Linksys W54G from BestBuy
2.5) Port SCC code onto W54G.
3)Resell Modded Linksys W54G to Fry's Electronics
4)Profit!!!!
If you think
Isn't going to start handing it out for free.
The only real reason to want the code is to find exploitable holes in the software. If you're paying 24k so you can do that you presumably want to use those exploits for a purpose. Releasing the sourcecode and risking exploits becoming public (and then patched) devalues your investment.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
There's a big difference between the people who write closed source code and the people who steal other people's work. This really says nothing about the quality of open vs. closed source code, or the people who write either one. It simply restates the fact that there are people out there who will do anything they want for money.
Where's Gilda Radner when I need her?
I don't think they can. I mean, they might get away with it at the beginning...but time always catches up with them. It may take years, but in the end, they almost always get caught. There are plenty of slow, methodical crime investigators out there that will track them down. Plus, since Cisco is at the heart of this particular scam, don't you think they have a few people working for them that kinda-sorta know how to track things through the Net?
Of course, there's also the chance they could totally get away with it too...but not likely. Criminals always think they're smarter then the people after them, but they only have to make one mistake to kiss it all goodbye. Or just wait until the statute of limitations is up.
"Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
Anyone who would pay for this would have to be an absolute idiot. First of all there is no guarantee the source code even the real thing. If it isn't as advertised, what are you going to do? Take an anonymous Russian hacking group that you knowingly bought stoken IP from to court? It's like the guy who calls the police and files a report about his pot stash being stolen.
-R
Sure enough, here's the CISCO Pix file listing and the "newsletter".
The value of this intellectual property is not defined by the cut-and-pasteability of source code into a company's product. Certainly, this is not the likely application for any would-be buyers. Instead, knowing how the #1 router company in the world implements stateful packet-filtering on an embedded device is a very worthy piece of knowledge that can be used as a basis for the design of anything that touches a packet.
In addition, Cisco spends hundreds of thousands of dollars in their support organization identifying hard-to-find interoperability issues and exception cases, testing things out in the lab, and then coding up fixes. All of these real-world experiences and corresponding code work-arounds that impact every other firewall/VPN/routing product on the market are captured in this source code.
Cisco PIXes have proprietary integration with third-party products, such as IDS systems, content-filtering proxies (e.g. WebSense), etc. This source code surely exposes these APIs, which are covered by Cisco's own NDA with these companies and are coveted by anyone trying to integrate with such closed-source commercial offerings.
Were it legal, it'd be a bargain!
I wonder how they work out the values for the source they steal. Is it just based on how long it took them to get it, or do they have a formula like the Ed Norton one in Fight Club?
--
The last digit of pi is four.
Information wants to cost 24 thousand dollars!
pssst, there is another firewall you can download from here for free!!! Can you believe that??? But shhh! keep it quiet or they'll shut down the mirror.
___
If you think big enough, you'll never have to do it.
Here's the newsletter that they just posted to alt.gap.international.sales.
I disagree with the above statement.
Having the source to even a large program can be incredibly useful. Obtaining the source would lead to a higher level of understanding of the way Pix firewalls work. Knowing exactly how it is coded, being a closed-source product, you would now have the possiblity to have exclusive knowledge to flaws in the code.
Now, one hacker trying to sort through all of the code by oneself could take a very long while, unless it is well documented. Consider the possiblity that a hacker group acquired it. Say 12 hackers. You could divide it up and find flaws much quicker.
Given the wide use of Pix firewalls, it could end up being a skeleton key to thousands of corporate networks, assuming of course that it is the real deal.
All code has at least one bug...
Wanna buy a camo colored, flame resistant suit? Only $699! And you can close it as well; there's a zipper in the back!
Buy! BUY!!
"The only clear view is from atop the mountain of our dead selves." - Peter Carroll
Because willingly opening up source code is not the same as selling stolen code?
When the source is open(ed), its a great thing.
This is not!
The system had the verbosity of HTML combined with all the readability of compiled assembly viewed as bitmap images
if someone stole the source then its not a very effective at keeping people out, is it?
$24KUSD? dont think so.
http://www.digifuzz.net
From the newsgroup thread...
The SCC team does not expect you to trust us. To address this problem, we will split up the information into many files and you may purchase each part for a fraction of the total price. As your confidence grows with SCC, you may feel compelled to purchase these parts in bulk. Here is an example:
We are offering you a ~1 gigabyte compressed file for $10,000. We offer this file in 20 50 megabyte parts at $500 per part (10,000/20). You send us $500, we send you part 1. You send another $500, we send part 2. You choose to send $1000 and we send parts 3 and 4, etc etc. The rate that you purchase pieces is entirely up to you. As your confidence grows, we know that you will choose bigger pieces.
We also include detailed instructions on how to decrypt and put together the peices, it is a simple process that can be done with any unix computer.
The problem with this scheme is that critical elements of the source can be intentionally withheld and that those pieces could be sold in all likelihood at a ridiculous amount. I mean if a moronic company actually decided to buy source code from these guys, and they are spending $5,000 on each "piece" of the code, they will want the entire thing. This goes beyond just scamming the software companies... this is almost similar to a Nigerian 419 scam in a way.
Karma police, arrest this man, he talks in maths....
Funny! Microsoft had a firewall do this before Cisco! 'Course, they don't have a financial interest in maintaining the distinction that a "Firewall is not a Router".
"Flyin' in just a sweet place,
Never been known to fail..."
Since when does anyone actually have to STEAL anything to get the SCO to sue them?
First, why should source code be closed?
It is closed because they wrote the code and they have the right to release it as they please. They have to respsct your decision to open your source code and you have to respect theirs to keep theirs closed. It is a product that they sell. If they open the source, they lose much of the capibility to sell it. It's really not that hard to understand.
Not everything is analogous to cars. Car analogies rarely work.