Slashdot Mirror
More on Last Year's Cisco Source Code Theft
grazzy writes "The New York Times has a story about last year's theft of Cisco source code:
The incident seemed alarming enough: a breach of a Cisco Systems network in which an intruder seized programming instructions for many of the computers that control the flow of the Internet. "
It's infringement!
Oh wait, sorry, we're talking about code not music. It's theft!
Why alarming ? The internet is still up and running since that last years theft.
(I guess it should be read last year's)
Sensationnal breaking news !
The programming instructions of Linux and Free/Net/OpenBSD, which run many of big corporations servers, is avalaible to the sight of anybody! That's alarming!
I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
So let me get this straight. This lady knew that someone had breached her system and she a.) kept right on using it and b.) taunted the person who had breached her system? What was she thinking? If your machine has been compromised, pull the plug and clean it!
If you dont watch TV how did you see that?
only if there are flaws in said code.
On one hand, the article claims that "With such information, sophisticated intruders would potentially be able to compromise security on router computers of Cisco customers running the affected programs" and on the other hand that Cisco itself claims that "the improper publication of this information does not create increased risk to customers' networks". These statements are, IMHO, in direct contradiction of each other. Who the hell should we believe?
...that all the discovered breaches are by inept, pimply-faced teens (regardless of how many times some news article quotes some 'expert' about how 'particularly clever' the idiot was), and that the really serious harm is being done by real pros who never leave a trace.
Scary...
Generally, bash is superior to python in those environments where python is not installed.
As a good number of regular slashdot readers are no doubt aware, full source code to Linux, Apache, etc. is available to anyone and they are more secure than their counterparts for this reason. If access to the source code for Cisco routers makes it possible to write a whole bunch of backbone-targeting virii that would really drop my opinion of Cisco routers considerably.
If you actually read the article, the exploit was not big deal either; some guy just distributed a trojan'd SSH client to a bunch of people and collected their passwords and then ran a bunch of rootkits. Nothing to see here.
I used to read Caltizzle. I was a lot cooler than you.
No, likely not.
1) Cisco IOS does not run the *whole* Internet. Different IOS versions apply as well.
2) Revealed source code != massive untapped exploits.
3) IOS doesn't have an execution environment with "open" interfaces like a desktop OS. Routers don't execute transport data or routing data. This means no script kiddies. There are of course other ways to crash a router.
4) IOS is mature and (obviously) well tested. People have been throwing all sorts of strange things as Cisco routers for a long time now. Outside the main "train," any exploit would be a real chore to find.
I kinda wonder about this sometimes. As a for instance, here is an excellent example of how to write an SMTP client in the TCL shell included in recent IOS versions. Of course, getting the shell to start out with is left as an exercise to the reader, but routers operate more and more heavily on the data that passes through them and arrives at them. On a modern IOS router, you have a bunch of routing processes handling routing protocols, as you would expect, and then you've also got a telnet server, an ssh server, a couple of small tcp/udp services (if for who knows what reason you've decided to turn them on), snmp support, a web server with the capability of executing scripted code directly on the router... In short, there's a lot that's potentially explotiable there.
Of course, I completely agree with your basic assertion that the leak of the source code isn't a particularly big deal, from a security standpoint. The best evidence of this, for me, is the fact that I don't feel at all insecure with the linux-based routers I use, and (sarcasm) I understand the source code to linux got leaked quite a while ago. (/sarcasm)
Pound! Bang! Bin! Bash! is this a shell script or a Batman comic?
Or mo'ronics, either way...
Better timing than the Lone Gunmen show that showed the World Trade Center being attacked by a hijacked airliner - six months before 9/11.
Whereupon Condi Rice says, "Who knew?"
Right, Condi, and your title was what then?
You knew, all right. That's why you told Willie Brown not to fly that day.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
Nope, once it is used that sequence is removed from the valid pool. This is to insure against replay attacks just as you describe. I've done it to myself before where I hit disconnect on accident and was unable to relogin until the next number came up on the fob.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Last night on "24"...And people wonder why I don't watch television. Sad..just sad.
Obviously, you do watch television.
One other thing you should be aware of: Pull, don't push, data. In other words, don't log into a remote system and then use scp to send the data back to your system. That exposes your password on your local system to the remote system. Instead, use one shell window to find what you want to get, then open a separate shell window on your system to pull the data from the remote system, or use any one of the many graphical SCP clients to log in, navigate around, and pull data back down.
I have seen several incidents where the former pattern was used and it resulted in a compromise of the users password. The lab where I work has gone to 2 factor authentication to make exploiting this pattern more difficult, but with session hijacking, it is nearly impossible to eliminate.
I also want to point something out to those that have been critisizing Cisco's network security. The failure wasn't on the Cisco side of things. The actual security breach happened on a network 1 or more hops away from the Cisco network. As far as Cisco was concerned, a legitimate network transaction was happening. Someone with valid credentials logged on to the system, and until they do something out of the ordinary (install a root kit, scan the network, etc...) they are virtually undetectable, as they don't differ from normal valid network usage.
IANAL... But I play one on
IMHO, there are two models that work: tight security on source code and open source, the former because black hats have less tools to find security holes, the latter because the white hats vastly outnumber the black hats. Closed source that leaks is probably the worst of both worlds.
Check out my sci-fi/humor trilogy at PatriotsBooks.
only if there are flaws in said code.
which translates into: yes!
"Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen