http://www.eweek.com/article2/0,1759,1593870,00.asp By Steven J. Vaughan-Nichols May 16, 2004 Russian security Web site SecurityLab is reporting that the source code for Cisco Systems Inc.'s main networking device operating system was stolen on Thursday. According to the report, criminal hackers broke into Cisco's corporate network and stole 800MB of source code for IOS 12.3 and 12.3t (an early deployment version containing features not found in the vanilla 12.3 version). In addition, a 2.5MB sample of what is supposedly IOS code was released on an Internet Relay Chat channel as proof of the alleged theft. IOS 12.3 is the newest main version of San Jose, Calif.-based Cisco's popular operating system. It's used across the company's networking line, including in home office routers (the 800 Series); those for branch offices (the 3700 Series); and those that comprise the Internet backbone (the 7000 Series). Other routers that use the operating system include the 1700, 2500, 2600 and 3600 Series. eWEEK.com was unable to reach Cisco to confirm the break-in and code theft. If the report is accurate, this represents a major security threat not just for Cisco users, but for the entire Internet. According to the Dell'Oro Group, a market research firm that specializes in the networking and telecommunications industries, Cisco owns 62 percent of the core router market. With the proprietary source code in hand, criminal hackers could, in theory, create programs that could cause denial-of-service attacks in Cisco-based networks. A previous major source code theft of parts of Microsoft's NT 4.0 and Windows 2000 has not led to any security violations. However the alleged theft of the Cisco source code, since it's both the most current edition and all of the code, has the potential to be more damaging. _________________________________________ ISN mailing list Sponsored by: OSVDB.org
This archive was generated by hypermail 2b30 : Mon May 17 2004 - 03:58:14 PDT