Cisco investigates source code leak

[Julio Franco]

An unspecified amount of the proprietary source code that drives Cisco Systems' networking hardware has appeared on the Internet, the technology giant acknowledged early Monday.

A representative could not confirm, however, that network intruders made off with 800MB of code, as reported by a Russian security group over the weekend.

"Cisco is aware that a potential compromise of its proprietary information occurred and was reported on a public Web site just prior to the weekend," said Jim Brady, a spokesman for the company. "The Cisco information security team is looking into this matter and investigating what happened."

Read more: CNet News.

 

[Phantasm66]

This is fairly bad news.

Somewhere out there, there is a young geek looking for security holes in IOS. And I am sure that he or she will find some.

Then what? The internet goes down until we firmware patch our routers and switches? That sounds bad.

You can write exploits for routers and switches too - they are only computers, after all. Computer dedicated to a very specific purpose, but computers none the less.

I am also a little concerned about Cisco themselves being hacked into, being that they are the suppliers of most of the internet routing equipment and are supposed to be very security conscious. No. This is bad.

 

[erickdj]

I agree, this is seriously bad. I had heard before about an exploit that could make routers crash, now with leaked source code it's even worse. But that is the price we pay for having such advanced technology, going back to the stone age is not an option so we'll have to get used to viruses, hackers, etc..

 

[Didou]

One participant suggested that they might be a hoax, because "Cisco" was not capitalized in the source code. Others apparently grew tired of the discussion, changing the channel's title temporarily to "do not keep commercial code on online computers...when are people gonna learn."

I guess now they know.

 

[agissi]

Does cisco run the internet or something?

 

[DigitAlex]

Not the internet content itself, but it represents most of the links that make Internet what it is.

 

[Didou]

I'm sure this means prices will tumble.

/me will buy a high end 64 port Cisco router for his 3 home machines...:grinthumb

 

[agissi]

Wow this is a big deal =\

 

[EvilKernel]

I find it hysterical that some people actually think there is always a young pimpled faced kid behind things like this. I guess some people live under a rock and don't quite grasp the geo-political situation in which we live in today. To ignore the fact that some of these acts are perpretated by heavily organized groups is exactly what a government would want its citizens to think. Cisco makes 80% of the routers running the internet today; imagine what would happen if a terrorist group were to bring one of US's major backbones down to its knees.

This is defenetely very bad news for a company like Cisco

 

[Nodsu]

You are being way too hysterical about this. IOS is a very special piece of software built to run in hostile environments not some multi-gigabyte bloated lump of legacy dlls put together with duct tape.

If Cisco is really unable to make their product bulletproof then this is an excellent wakeup call and they deserve whatever bad comes from this source leak.

I am not saying that ther aren't any bugs in IOS but if Cisco is worth any of their reputation and experience then there will be no exploitable bugs found in IOS.

Think of all the networking gear running embedded Linux. Noone seems to be worried about the fact that a crucial part of their products' source code is freely available for anyone to read.

Software can be made a lot more secure than some companies want to make us believe.

As for terrorism. As unbelieveable as it may seem to us computer enthousiasts, most people couldn't care less if half the internet went down. Surely there would be huge finamcial losses but those will be caused to companies not people. Terrorism is about intimidating, not randomly damaging stuff. Imagine: "I can't access my web mail! Oh god I'm scared!" versus: "Oh god! My family just got blown up"

Also, I haven't heard of any cyberterrorism being done by the geopolitical enemies of US and freedom. Cybercrimes are usually criminal acts or plain vandalism.

 

[EvilKernel]

?

Surely there would be huge finamcial losses but those will be caused to companies not people.

You're kidding right? Anything that affects the economy affects the market and unless you live in Kpax, it affects you in one way or another! That would be like saying 911 events don't really matter to me because I did not live near the world trade center LOL. Statements like those in a forum such as this one really blow me away I must say.

 

[Nodsu]

9/11 was something on a completely diferent scale. Do you imagine GWB proclaiming war against insecure software/hackers (don't start with the hacker/cracker thing please!) and throwing billions into it?

Blaster worm crippled thousands of companies all over the world. How much money did you personally lose? Nothing noticeable. A disease in Costa Rica ruining the coffee crops would probably affect the world economy more than a couple of days with snail slow internet.

Even if something grand happened and both giants Yahoo! and Google went bankrupt because of net outage it would have neglible effect on your country's economy. For us computer-centered people the loss of internet would seem the end of the world but things will still get done. How do you think the world functioned till the late nineties?