CryptoBox
Sunday, May 16, 2004
Slashdot reported today that another site, ArsTechnica says that Cisco's source code was stolen recently. The original post was on a Russian site securitylab.ru. Apparently, part of the code was posted on an IRC channel. This could mean annoying stuff like buffer overflow exploits coming out and tedious/painful IOS upgrades all around the world. Or it could mean nothing at all. I've heard rumors for years that people in the hacker/warez communities have had Cisco's source.
I've often wondered if the IOS kernel was coded from scratch or if its a decendant from one of the old BSD or AT&T branches.
My guess is that this will probably be anonther security non-event despite the great scandal-value for the IT media. The recent TCP vulnerability was a real scare (with regard to BGP), but I don't think it has amounted to anything, thankfully. However, it does remind us that the Cisco IOS is one of those mysterious embeded Unixish OSs that is not transparent at all. Contrast that with Juniper's willingness to give admins a real csh shell before dropping them into the JunOS shell environment. The Russian site even has a couple of code snippets of IPv6 stuff. I don't read C but the comments are interesting. FYI the translation done by World Lingo seems better that what I'm used to from URL translating sites.
Comments:
The FBI is on this now. The only news of note is that, unlike the recent Windows NT source-code leak, these guys not sharing the code on P2P or IRC channels. The article speculates that they're looking to sell the code possibly.
This is another example of what we've been increasingly seeing for a couple years now: hackers (in the widest and most malicous definition of that word) are increasingly turning to entreprenuerial (no spell check here) activities as a motivator instead of the usual quest for peer recognition, credibility, etc.
Post a Comment
This is another example of what we've been increasingly seeing for a couple years now: hackers (in the widest and most malicous definition of that word) are increasingly turning to entreprenuerial (no spell check here) activities as a motivator instead of the usual quest for peer recognition, credibility, etc.
