[ISN] Cisco Source Code Reportedly Stolen

From: InfoSec News (isn@private)
Date: Mon May 17 2004 - 01:44:45 PDT

  • Next message: InfoSec News: "[ISN] No WLAN? You still need wireless security"

    http://www.eweek.com/article2/0,1759,1593870,00.asp
    
    By Steven J. Vaughan-Nichols 
    May 16, 2004 
    
    Russian security Web site SecurityLab is reporting that the source 
    code for Cisco Systems Inc.'s main networking device operating system 
    was stolen on Thursday. 
    
    According to the report, criminal hackers broke into Cisco's corporate 
    network and stole 800MB of source code for IOS 12.3 and 12.3t (an 
    early deployment version containing features not found in the vanilla 
    12.3 version). In addition, a 2.5MB sample of what is supposedly IOS 
    code was released on an Internet Relay Chat channel as proof of the 
    alleged theft.
    
    IOS 12.3 is the newest main version of San Jose, Calif.-based Cisco's 
    popular operating system. It's used across the company's networking 
    line, including in home office routers (the 800 Series); those for 
    branch offices (the 3700 Series); and those that comprise the Internet 
    backbone (the 7000 Series). Other routers that use the operating 
    system include the 1700, 2500, 2600 and 3600 Series. 
    
    eWEEK.com was unable to reach Cisco to confirm the break-in and code 
    theft.
    
    If the report is accurate, this represents a major security threat not 
    just for Cisco users, but for the entire Internet. According to the 
    Dell'Oro Group, a market research firm that specializes in the 
    networking and telecommunications industries, Cisco owns 62 percent of 
    the core router market.
    
    With the proprietary source code in hand, criminal hackers could, in 
    theory, create programs that could cause denial-of-service attacks in 
    Cisco-based networks.
    
    A previous major source code theft of parts of Microsoft's NT 4.0 and 
    Windows 2000 has not led to any security violations. However the 
    alleged theft of the Cisco source code, since it's both the most 
    current edition and all of the code, has the potential to be more 
    damaging.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Mon May 17 2004 - 03:58:14 PDT