Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

189 comments

In soviet russia... (0, Offtopic)

clifgriffin (676199) | more than 10 years ago | (#9166416)

Oh never mind.

First post of the code all over the Net! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9166418)

First post of the code all over the Net!

Stolen from the #1 Security Company? (5, Insightful)

imidazole2 (776413) | more than 10 years ago | (#9166420)

Whats the deal with that!?

if true, this could cause big problems not only for Cisco, but for the entire Internet. Cisco routers are responsible for routing much of the Internet's traffic, and the company has long practiced a policy of "security through obscurity."

We're all screwed.

Re:Stolen from the #1 Security Company? (1)

BiggerIsBetter (682164) | more than 10 years ago | (#9166680)

No we're not, because there are always alternatives, even if there's a cost associated with switching (ha ha). Cisco is screwed though... share price dip in 3... 2... My money is on an inside job, whether it happened knowingly or not. Corporate espionage is part of the deal when you get as large as Cisco, and I guess they just lost this one. Personally, I'm surprised we even heard about it.

Re:Stolen from the #1 Security Company? (4, Insightful)

Knightmare (12112) | more than 10 years ago | (#9167021)

Cisco is far from the #1 security company. There has been very little emphasis on security at Cisco until the last few years. As would be evident if you have used any of their products. 90% of their products don't come standard with SSH, they all still use telnet. But for an extra fee you can install SSH, that is if you buy enough ram for the router to support that code load...

I think Cisco is working to change their security stance but, that takes time and lots of money. The money part they have covered, Cisco has an over 3 billion dollar R/D budget and if I remember correctly 2 billion of that is focused on security right now.

Re:Stolen from the #1 Security Company? (3, Informative)

Anonymous Coward | more than 10 years ago | (#9167191)

the company has long practiced a policy of "security through obscurity

Not really... every version of Cisco IOS since 6 has been leaked. The first time I've seen IOS source was probably 6-7 years ago. I'm not even sure why this is news.

Re:Stolen from the #1 Security Company? (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9167831)

This stuff is going to continue to happen as long as we offshore to these piece of shit countries.

Closed source vs Open source (5, Insightful)

Ckwop (707653) | more than 10 years ago | (#9166422)

One (of the many) problem(s) with the closed source business model is the fact that the entire company can depend on this intellectual property. The security surrounding that source has to be so huge that the problem quickly becomes intractable.

Open source however, by virtue of it being free (as in Iraq hehe), is worthless. Support contracts are alot harder to steal :P

Let's not forget that open source provides robust security (in principle) where as for closed source we can never be sure.

Why do we still use so much closed source stuff :/
Simon.

Re:Closed source vs Open source (1, Insightful)

Anonymous Coward | more than 10 years ago | (#9166440)

Because we (people) like making money. Life sort of works that way, you know?

Re:Closed source vs Open source (1, Interesting)

sydb (176695) | more than 10 years ago | (#9166467)

So you're saying that although the customers suffer, it's OK because the vendors are getting fat?

Re:Closed source vs Open source (-1)

Anonymous Coward | more than 10 years ago | (#9166487)

Yeah, because you know, customers are suffering. They're really suffering though having to use Google's search, even though their technology is closed source. And yes, the Open Source supporter companies are really selfless. I especially am amazed at Trolltechs devotion to Open Source, but making the Enterprise license very expensive. That's OSS dedication!

Re:Closed source vs Open source (0)

Anonymous Coward | more than 10 years ago | (#9166499)

Would the grandparent like some butter with his SERVING?

Re:Closed source vs Open source (1)

FauxPasIII (75900) | more than 10 years ago | (#9166713)

> Would the grandparent like some butter with his SERVING?

Oh, no you didn't. Now IT'S ON.

Re:Closed source vs Open source (0)

Anonymous Coward | more than 10 years ago | (#9166935)

No, no, it's not on. It's off, nothings on here. I'm sorry if you thought it was on. It's not on.

Re:Closed source vs Open source (-1)

Anonymous Coward | more than 10 years ago | (#9166458)

Open source however, by virtue of it being free (as in Iraq hehe), is worthless

Absolutely, I agree 100%

Re:Closed source vs Open source (0)

Anonymous Coward | more than 10 years ago | (#9166474)

"Why do we still use so much closed source stuff :/"

It's all about money, honey...

Re:Closed source vs Open source (2, Insightful)

m1chael (636773) | more than 10 years ago | (#9166495)

It's all about being selectively open.

Re:Closed source vs Open source (0, Offtopic)

curator_thew (778098) | more than 10 years ago | (#9166537)

Like your ass? Mr zero pointer.

Re:Closed source vs Open source (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9166541)

Because as a proud patriot and supporter of a free market economy, I strongly believe in my right to use my product for whatever ends.
The so called "flawed" closed source model is only so due to the anarchistic, liberal and communist influences that are a strong part of most if not all open source advocates, a true enemy of freedom if I ever saw one.

Re:Closed source vs Open source (1)

Gorbag (176668) | more than 10 years ago | (#9166547)

Why do we still use so much closed source stuff :/
Brilliant! And if everything were open source, we wouldn't need security either!! ;-)

Re:Open source safer ?? doubtful (5, Insightful)

mikep.maine (585648) | more than 10 years ago | (#9166956)

Let's not forget that open source provides robust security (in principle) where as for closed source we can never be sure.

Software is only secure when specific security tests are performed against it. Almost no one does much of this, or even understands it well. I doubt that in 1000 readers, more than 5 could recite the top 5, never mind the top 20 tests you must perform.

Open source is also not inherently better at security because of it must be peered reviewed. If the reviewer doesn't know what to check, then what is the point of the review?

Software must be security certified by professionals, whether open or otherwise.

Re:Open source safer ?? doubtful (2)

mirror_dude (775745) | more than 10 years ago | (#9167629)

"Certified Professionals" , right because we all know just how well "certification" works.
Now well trained professionals might make better sense.
Open source also ensures the acces of real professionals rather than "certified professionals"...

Re:Closed source vs Open source (1)

mgcsinc (681597) | more than 10 years ago | (#9167035)

Incidentally, as a side note, this is not about intellectual property, it's about trade secrets.

Not just possible, truthful (5, Funny)

CptChipJew (301983) | more than 10 years ago | (#9166424)

This did actually happen. A friend in an IRC channel I frequent was pasting large portions of it to show off.

I can't help much see a nearby future full of Cisco-powered site takeovers :(

Re:Not just possible, truthful (1, Interesting)

SeaDour (704727) | more than 10 years ago | (#9166510)

You would do well to report his nickname and IP address to the FBI.

Oh Really? No. (5, Funny)

Frequanaut (135988) | more than 10 years ago | (#9166556)

Seriously, A friend of mine, in an icq conversation told me it wasn't true. Plus my mom said so as well.

Or, to paraphrase... (3, Funny)

FreeUser (11483) | more than 10 years ago | (#9167276)

Seriously, A friend of mine, in an icq conversation told me it wasn't true. Plus my mom said so as well.

Translation: Accept information only from Official Sources(tm).

Any reports, of any event, not vetted by Your Official Corporate Public Relations Officer(tm) isn't real and has no validity.

Do not accept word of mouth. Healthy kepticism is not sufficient (for the facts may speak for themselves and undermine Our Official Position(tm)); you are to ignore any anectdotes, any word of mouth reporting, completely and utterly.

Indeed, you shall respond to any unofficial information with disparagement and hostility, as is your duty as a drone Consumer(tm).

Accept the Party Line. It is the Truth(tm), all else is Heresy.

Thank you.

Your Cisco Security.
("Stooges R Us")

Full text translation (4, Funny)

sydb (176695) | more than 10 years ago | (#9166425)

CiSCO IOS?
SecurityLab, 13 2004 CISCO IOS 12.3, 12.3t, CISCO. 800 .

, - Cisco System. Cisco System .

franz #darknet@EFnet IRC ( 2.5 ) .

100 ipv6_tcp.c ipv6_discovery_test.c.


Hope that helps!

Re:Full text translation (4, Informative)

versus (59674) | more than 10 years ago | (#9166709)

I don't know who moderated parent as Informative (hint: use +1 Funny)

Here is word-to-word translation (english is not my mother tongue):

  • As SecurityLabz was informed, in May 13, 2004 all source code of Cisco IOS 12.3, 12.3t was stolen. Cisco IOS is used in most Cisco network products. Full size of the stolen information is about 800 MBytes archived.
  • Source code leak was made possible because of Cisco's corporate network compromise. Cisco gave no official comments yet.

    Someone known as franz at IRC channel #darknet@EFnet showed a small part of stolen code as the proof.

    First 100 lines of source file ipv6_tcp.c and ipv6_discovery_test.c is listed below.

wouldn't surprise me (3, Interesting)

fugas (619989) | more than 10 years ago | (#9166431)

I've worked there as a temp in 2000-2001 and the corporate network resources sure didn't seem to be that well protected... But I won't elaborate.

rah rah rah you scumbags (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9166432)

I can't stand fucking open source zealots. Enjoy your moment, you asshats!!!

Re:rah rah rah you scumbags (4, Funny)

Chicane-UK (455253) | more than 10 years ago | (#9166450)

Darl??

Babelfish translation of Russian atricle (1)

arduous (91558) | more than 10 years ago | (#9166435)

Leakage of the initial code CiSccO IOS?
As it became known SecurityLab, on 13 May, 2004, were stolen all initial codes of the operating system CISCO IOS 12.3, 12..3t, which is used in the majority of the net devices of company CISCO. The total volume of the stolen information is approximately 800Mb in the archive.

According to the information available to us, the leakage of the fragments of the initial code occurred because of the breaking of the corporate network Cisco System. Representatives Cisco System thus far in no way comment on the occurred incident.

Information flowed away from nobody man hearth no franz on # darknet@EFnet IRC where it and granted the small part of the initial codes (about 2.5 mb.) as the proof.

They are lined below on 100 first lines of the initial code of file ipv6_.tcp.c and ipv6_.discovery_.test.c.

Thank God .. (3, Funny)

Anonymous Coward | more than 10 years ago | (#9166439)

I use windows RRAS as my router and not the damned (potentially) insecure Cisco kit ;-)

Obligatory Simpsons soundeffect ... (0)

Anonymous Coward | more than 10 years ago | (#9166444)

.. "ha-HAAH" .. ala Nelson.

IOS OS (1)

zoloto (586738) | more than 10 years ago | (#9166452)

What kind of OS is this? Embedded I would assume. If not, what kinds of things can we do with it now that it's in the open, assuming one were to get a copy?

Re:IOS OS (1)

ZeNTuRe (771486) | more than 10 years ago | (#9166459)

Indestruct... oh, never mind.

Re:IOS OS (5, Insightful)

JohnFluxx (413620) | more than 10 years ago | (#9166472)

Don't touch it, don't see it, don't breathe near it, if you ever plan on contributing to linux.

Leaked code is very dangerous to open source software.

Re:IOS OS (5, Insightful)

Ithika (703697) | more than 10 years ago | (#9166644)

Surely that's only the case if being covered by software patents... which I think the general consensus in the Linux devlopment world is that's a Bad Thing(tm). Whether they will apply in Europe is still being discussed.

Copyright-protected code is obviously not allowed, but as long as there's a way of implementing the same thing in a different manner (always assuming that European s/w patents don't get ratified) I fail to see any issue in understanding how some other piece of software works.

The whole SCO debacle has done more than just piss everyone off, there's been a remarkable amount of reticence to learn from code that isn't Free. By that very logic authors shouldn't be allowed to read books and composers should be banned from listening to music.

--
This has been a scatterbrained post on behalf of the Poorly Thougt-out Argument Party

Re:IOS OS (2, Interesting)

JohnFluxx (413620) | more than 10 years ago | (#9167887)

wouldn't the comparision be to not read stolen books, and not listen to stolen music?

Re:IOS OS (0)

Anonymous Coward | more than 10 years ago | (#9166726)

Real interoperable h323 ;-)

I for one hope it's real.

review could be good (0)

Anonymous Coward | more than 10 years ago | (#9166457)

This could actually be good... I have been fighting with bugs in IOS a long time, and the big dfficulty is in trying to describe an infrequently occurring problem to them in sufficient detail.
(combined with their hautain attitude)

Usually the only result of an afternoon-long effort of describing a problem and documenting it with traces etc is "need more information".
When the source would be publicly available, it might be possible to find the actual bug and send them the patch.

Its a pity GCC isnt like that (0)

Anonymous Coward | more than 10 years ago | (#9167060)

Embedded software companies use versions of GCC with buggy optimisers in them, and they won't give us the source code so we can find out what the bug is!

Stolen...? (3, Interesting)

Henrik S. Hansen (775975) | more than 10 years ago | (#9166466)

How can the source code be stolen, when Cisco still has it?

Re:Stolen...? (1)

Quill_28 (553921) | more than 10 years ago | (#9166536)

Can recipes be stolen?
Music? Design plans?
Information in a book?
etc

Re:Stolen...? (4, Funny)

real_smiff (611054) | more than 10 years ago | (#9166569)

ah, wait a sec (while i fetch me textbook of /. answers).. yes... i see, "it was not stolen... it was copy-right in-fringe-ment".. how was that? :)

Re:Stolen...? (1)

sploo22 (748838) | more than 10 years ago | (#9166819)

Ah, ain't hypocrisy wonderful?

Re:Stolen...? (2, Insightful)

Waffle Iron (339739) | more than 10 years ago | (#9166922)

Actually, it is appropriate to say that something was "stolen" in this case. That's because Cisco's code was supposed to be secret. Once their network was compromised, the secrecy is eliminated, and Cisco no longer has a secret. That's why it's common usage in English to say that somebody "stole a secret".

This is different from calling illegal file sharing "stealing", where the information being appropriated has already been openly published. An illicit activity is taking place, and it may (indirectly) economically damage the artist or publisher. However, that is no more stealing than any number of other illegal acts that cause economic damage, such as vandalizing their offices or phoning in a false bomb threat.

Re:Stolen...? (4, Insightful)

horza (87255) | more than 10 years ago | (#9167335)

How can the source code be stolen, when Cisco still has it?

How can you have identity theft if you are still you?

Phillip.

Re:Stolen...? (0)

Anonymous Coward | more than 10 years ago | (#9167781)

Well, technically it isn't identity theft to just claim someone's identity. The theft occurs when the person impersonates you to engage in transactions and incurring responsibilities and debt under your identity. So it isn't that they're stealing your identity. It's that they're using your information to put you into debt and legal trouble. It's unfortunate that the phrase "identity theft" has become so widely used.

Re:Stolen...? (1)

toddlg (319712) | more than 10 years ago | (#9167435)

http://dictionary.reference.com/search?q=steal&r=6 7
steal ( P ) Pronunciation Key (stl)
v.

1. To take (the property of another) without right or permission.

How can the source code be stolen, when Cisco still has it?

Do you have a better term to describe the act that was committed against Cisco?

If I break into your computer and digitally copy important/valuable information off of it, what's the first term to come to mind about what I did? That I "stole" your stuff, or since you still have a copy of it, did I not steal it?

Stealing is a violation of property rights (intellectual or otherwise). Copying is a way to steal IP. Whether IP/Copyright laws need to be revisited in a digital age is a topic talked about elsewhere...

(This post is prettymuch a dupe of my post below (#9167231))

This has happened before (4, Interesting)

puzzled (12525) | more than 10 years ago | (#9166469)


IOS 11.3 source is definitely in the wild - I think there is a copy of it around here somewhere. I've contacted Cisco on it and they're so excited they can't even get someone from law enforcement to come and talk to me about the information on the guy who sent it to me.

11.3 is ancient history, but 12.3 is bad bad bad ... this means new Cisco exploits as people comb through the code :-( Time to go unplug your internet connection until 12.4 is released ...

Re:This has happened before (1, Funny)

Anonymous Coward | more than 10 years ago | (#9166507)

"Time to go unplug your internet connection until 12.4 is released ..."

If you leave your mailing address I'll send you a postcard when it does.

Re:This has happened before (0)

Anonymous Coward | more than 10 years ago | (#9166558)

Oh yeah. Just like the 1000's of exploits that have shown up since Windows 2000 source got leaked. Oh, there weren't any? Never mind.

Re:This has happened before (2, Insightful)

Dave2 Wickham (600202) | more than 10 years ago | (#9166766)

Actually that wasn't the full Win2K source, and an exploit based on being able to see the code was released (see "Exploit Based On Leaked Windows Code Released" [slashdot.org] ).

Re:This has happened before (3, Interesting)

dangermen (248354) | more than 10 years ago | (#9166647)

11.3 is not ancient history. 11.3 is where Cisco began it's modular IOS conversion. You couldn't directly see it but Cisco started converting their IOS releases to a modular format in the back ground(though the images were always monolithic). 12.3 is the final step before every IOS image is the same base "IP Base" and you'd download DLLs or modules that the router could dynamically load. A release of 11.3 would be just as painfull as 12.3 because the architecture would definitely be showing is strengths and weaknesses.

Time for a new motto (1, Offtopic)

jbellis (142590) | more than 10 years ago | (#9166473)

Slashdot: Read [slashdot.org] today's [slashdot.org] ArsTechnica [slashdot.org] tomorrow! [slashdot.org]

Re:Time for a new motto (5, Funny)

ch-chuck (9622) | more than 10 years ago | (#9166723)

How about, " The next Slashdot story will be ready soon, but readers of ArsTechnica can beat the rush and see it early!"

WARNING copyrighted source samples ahead! (5, Interesting)

Anonymous Coward | more than 10 years ago | (#9166481)

The rusian site contains samples of the source claimed stolen!

If these are authentic (which I personally begin to doubth more and more) then looking at them may be problematic if you ever intend on working on IPV6 stacks from someone else then cisco. (OpenBSD?)

Now I did have a peek at that code and I can tell it looks very fake (Obiously *don`t* take my word for it and think its safe to ignore my warning!)

  • They are attributed to only one coder per file.
  • It isn`t indented (intentional obscurity?)
  • there are way to specific includes that dont make much sence (dothis.h)
  • I have a feeling there are includes missing
  • I spotted a printf, which seams odd for an IPV6 stack or part of an OS
  • I cant see any working logic, and I cant see how the code is supposed to do what the (short and very simple) comments claim it does.
  • It looks like there are many syntax errors but without a compiler, the preprocessor directives and identation it is hard to tell.

Also at the forum of the .ru site there is a post from someone who claim the word on the IRC channel on which the story originates is that this is a fake.... But I am not touching that channel.

Re:WARNING copyrighted source samples ahead! (2, Insightful)

sydb (176695) | more than 10 years ago | (#9166539)

I spotted a printf, which seams odd for an IPV6 stack or part of an OS

IOS does interact with the user through a terminal session so printfs aren't all that unlikely.

Of course they ought not to be in the IPv6 stack. Unless they populate packets as formatted strings.

Re:WARNING copyrighted source samples ahead! (1)

cyb97 (520582) | more than 10 years ago | (#9166731)

Of course they ought not to be in the IPv6 stack. Unless they populate packets as formatted strings.
It would make more sense to use a sprintf, or even more sense to use a stack-safe function...

Re:WARNING copyrighted source samples ahead! (1, Interesting)

Anonymous Coward | more than 10 years ago | (#9166667)

Now I did have a peek at that code and I can tell it looks very fake

No they don't: one is a *test* of IPv6 functions, so there is a printf. Second if it was a fake, people taking the time to write those, would have least take the time to compile them, I mean, why spent 12 hours writing fake code, and not compiling it?

Re:WARNING copyrighted source samples ahead! (1, Insightful)

Anonymous Coward | more than 10 years ago | (#9166932)

No they don't: one is a *test* of IPv6 functions, so there is a printf.

Agreed, also the code is indented, but rather then using a pre (formated) tag the newlines have been replace by br`s in the .ru site. The spaces are still there to be restored. I guess I just didn`t wan`t to believe this.

Re:WARNING copyrighted source samples ahead! (5, Informative)

cide1 (126814) | more than 10 years ago | (#9166683)

Yeah, I'd like to believe you, but I've seen people get away with murder in source code before. Open source coders worry a lot more about things like indentation, and filenames that make sense. In closed source shops, a lot of times what is quickly coded as a prototype becomes the shipping product, and things like indent cant be used because it breaks diffs. As much as I'd like to look with my own eyes, this sounds like one of the things it would be best if I just ignored it.

Re:WARNING copyrighted source samples ahead! (0)

Anonymous Coward | more than 10 years ago | (#9167178)

In closed source shops, a lot of times what is quickly coded as a prototype becomes the shipping product, and things like indent cant be used because it breaks diffs

haha wtf? if i was working at a company and checked out source code with no indents, i would quit on the spot. i think you're lying.

Re:WARNING copyrighted source samples ahead! (1)

pomac (159163) | more than 10 years ago | (#9166830)

If it was posted on irc, and this is just grabed from the logs... Then the loss of indentation might be due to the ircclients used.

Just FYI.

Re:WARNING copyrighted source samples ahead! (0)

Anonymous Coward | more than 10 years ago | (#9167088)

wtf?

you mean, if someone pasted the code to a channel?

that's incredibly stupid!

dcc bot, binary transfer, hello?

Re:WARNING copyrighted source samples ahead! (0)

Anonymous Coward | more than 10 years ago | (#9166962)

snork! I can't believe this is modded to 5. Oh, wait, this is slashdot...

nevermind.

Rumour has it ... (4, Funny)

BabyDave (575083) | more than 10 years ago | (#9166486)

... that their remote access software had a default username/password built in that couldn't be disabled. A high-level Ciso executive has threatened to sue the software providers for including such a stupid 'feature' [slashdot.org] in their product

May not lead to anything (5, Interesting)

Felinoid (16872) | more than 10 years ago | (#9166500)

This is one of the companys that helpped make the Internet what it is today.
(I'm not talking about spam, trolls or worms)

They have the experence to know what can or can not happen.
Sure they use obscurity but I doupt they believe it to be a sereous security layor. Instead they probably have experts pooring over ios every day.

It is possable to have "Many Eyes" while remaining closed. Just have many expert eyes constantly on the code instead of many more untrainned eyes occasionally disecting the code.

It's expensive so don't expect it to happen too often.
Microsoft delutes itself into thinking that is what they have with a team of programmers working on the code. But in reality the only people who actually see the code is the original coder and a code verifier. Just two people for every segment of code.

But I would guess Cisco uses the expensive version of Many eyes that we get for free in open source.

Re:May not lead to anything (4, Funny)

curator_thew (778098) | more than 10 years ago | (#9166551)

"Instead they probably have experts pooring over ios every day."

Unfortunately those experts are figuring out how to draw the release structure diagram and name the branches. I don't think cisco engineers have time to work on new code, there's too much old code to figure out.

Re:May not lead to anything (0)

Anonymous Coward | more than 10 years ago | (#9166926)

I wish that were "funny". It's "insightful".

Other vendors (2, Insightful)

Quill_28 (553921) | more than 10 years ago | (#9166525)

What about other companies that supply cisco with software?

This could hurt more than just cisco.

cisco (1)

Mr804 (12397) | more than 10 years ago | (#9166544)

pwned!

Settle down... (4, Interesting)

Graftweed (742763) | more than 10 years ago | (#9166560)

This reminds me of the buzz that surrounded MS's source code theft/leak. There are a couple of different things being discussed here.

First there are the security implications. Having the source out there for all to see isn't the endgame for the internet people, with MS people thought it was a big issue because their code is, well... crappy. I don't think this is true with Cisco, and unless there are some very obvious and very damaging security holes the internet will live to see another day, so all you doomsayers out there screaming that the world is coming to an end... settle down.

It does highlight once again the shortcomings of a security through obscurity model, but let's not go down that road again.

The second thing, which is where the story really lies, is how this could have happened. It's Cisco after all, how could their network be compromised? Probably someone there really dropped the ball. Any specifics on how this happened?

Re:Settle down... (0)

Anonymous Coward | more than 10 years ago | (#9167290)

I think the big difference is that you can typically protect most of MS networks via firewalls, antivirus or whatever (and most of us do that already). Routers on the other hand often either cannot be firewalled or it would be a huge pain in the arse. It's also pretty easy to protect yourself from other hosts on a network, but protecting yourself from your gateway is a bit more complex. Hell you could easily creat all sorts of havoc just sending ICMP redirects.

With the MS exploits I wouldn't really care - I mean there are enough already. But how many hops across how many cisco routers does it take to get to each website you visit? The gravity of the situation makes this much more dire, but I think you are right that cisco probably on average produces decent code, and it's dedicated twards a purpose, not an everything but the kitchen sink problems that MS tends to have.

Heh... (2, Insightful)

Anonymous Coward | more than 10 years ago | (#9166572)

Let's not forget that open source provides robust security (in principle) where as for closed source we can never be sure.

Why do we still use so much closed source stuff :/


SO, if you don't like it, you go out and make an OS for the Cisco routers and put it out for free - go ahead, no one is stopping you. Or go out and try and convince everyone to use your little Linux boxes as routers...oh, wait, there's just as many security issues in Linux as there are in Windows..

But wait, there's more! With IOS, there's a small set of software that can cause trouble. Using something else, esp based on Linux, can cause even more problems - they can gain access by any other means, shutdown or change some OTHER critical system, and it shutdown the routing...Use your frickin head.

Re:Heh... (2, Insightful)

sesaetaen (637921) | more than 10 years ago | (#9166696)

SO, if you don't like it, you go out and make an OS for the Cisco routers and put it out for free - go ahead, no one is stopping you.

Apart from the fact that CISCO does not provide the necessary hardware specs, nor development kits for their products?

blabla ... Using something else, esp based on Linux, can cause even more problems - they can gain access by any other means, shutdown or change some OTHER critical system, and it shutdown the routing...Use your frickin head.

Billy? Is that you?

Re:Heh... (2, Informative)

billygr (751676) | more than 10 years ago | (#9166743)

"SO, if you don't like it, you go out and make an OS for the Cisco routers and put it out for free - go ahead, no one is stopping you"

Who said that there isn't somethink like this ?

http://www.uclinux.org/ports/
From uClinux page: uClinux has successfully been ported to the Cisco 2500, 3000, 4000 routers. The patch allowing uClinux to run on the Cisco 2500/3000/4000 routers was completed by Koen De Vleeschauwer"

You mean... (0)

Anonymous Coward | more than 10 years ago | (#9166685)


we get to see that 1/2 of their code was GPL'd opensource that they were using illegally?

HAHAhahahaha.. ..sorry

Impact on Undocumented commands? (project DOTU) (4, Interesting)

bertboerland (31938) | more than 10 years ago | (#9166718)

Cisco's IOS is full of uncdomented commands. An old list is available on my site
http://boerland.com/dotu [boerland.com] .

So opening the code might reveal more undocumented commands.

(btw: I will migrated this data towards a real CMS as hosted at home; http://willy.boerland.com/myblog [boerland.com] .)

At least the name of the programmer matches... (3, Interesting)

wallclimber21 (563789) | more than 10 years ago | (#9166739)

A quick google search on 'Ole Troan' leads to Cisco Systems, Inc. 250 Longwater Avenue Reading RG2 6GB United Kingdom If this is a fake, then at least these Russians did their homework. :-)

Stolen? (0)

Anonymous Coward | more than 10 years ago | (#9166770)

Don't you mean Liberated?

Theft? Wasnt there a backup? (2, Insightful)

nurb432 (527695) | more than 10 years ago | (#9166820)

You would think that a company as large as CISCO would have had a backup.

I cant belive it was 'stolen' from them.

Yes that was sarcasm. Just pisses me off how the world 'theft' is perversed when it comes to digital content.

They COPIED it people. It wasnt STOLEN. ( yes, still illegal, but much different of a concept )

Re:Theft? Wasnt there a backup? (0)

Anonymous Coward | more than 10 years ago | (#9166968)

awwww.. your getting mad on the internet... its not that big of a deal, i promise.

Re:Theft? Wasnt there a backup? (0)

Anonymous Coward | more than 10 years ago | (#9167116)

hey you just made me sad - on the internet.

Re:Theft? Wasnt there a backup? (2, Insightful)

toddlg (319712) | more than 10 years ago | (#9167231)

http://dictionary.reference.com/search?q=steal&r=6 7
steal ( P ) Pronunciation Key (stl)
v.

1. To take (the property of another) without right or permission.

http://dictionary.reference.com/search?q=theft&r =6 7
theft ( P ) Pronunciation Key (thft)
n.

1. The act or an instance of stealing; larceny.


Just pisses me off how the world 'theft' is perversed when it comes to digital content.

They COPIED it people. It wasnt STOLEN. ( yes, still illegal, but much different of a concept )


Care to explain to me how copying vs. stealing/theft is a much different concept? How does this perverse the definition of theft?

If I break into your computer and digitally copy important/valuable information off of it, what's the first term to come to mind about what I did? That I "copied" your stuff or that I "stole" your stuff?

COPYING is the method that they used to STEAL Cisco's stuff. Stealing is a violation of property rights (intellectual or otherwise). Copying is a way to steal IP. Whether IP/Copyright laws need to be revisited in a digital age is a topic talked about elsewhere...

The Internet Doesn't Run On Cisco (3, Interesting)

Anonymous Coward | more than 10 years ago | (#9166860)

As anyone who works for an ISP of any size and importance will tell you, Cisco routers don't do much when it comes to the big, hard-core routing that takes place at the NAPs or even at aggregation points. Their products have historically not been up to par for the high-end demands in these environments.

If a Juniper bug comes out, then it's time to be concerned about pieces of the Internet falling off. But then this is mitigated because there are relatively few aggregation points that can be upgraded hopefully quickly.

Sure, a large Cisco IOS bug will hit mom and pop and small to medium business, but the big boys just don't use Cisco.

Not as serious as it sounds.. (1)

SlowCoder (99587) | more than 10 years ago | (#9167086)

Of course, I'm not going to downplay the effects this could have for Cisco and in the long run for possibly tainted opensource projects.. The comments in here speak for themselves that people can't keep their hands off the source-code.

I've seen the 12.3 sourcecode before, under NDA, and several institutions outside of Cisco has legal access to it. Several universities, most of the larger security-firms such as ISS and whatnot have had access to it for years. So it's been combed through pretty well before. Sure there might be an odd exploit released from this source, but I don't count it as very probable, and certainly not as a threat to internet stability.

Thats not all it does. (5, Funny)

CodePyro (627236) | more than 10 years ago | (#9167100)

"I guess Cisco forgot to implement their own Self Defending Network solutions"

No they did implement it. But when it found out that it was outnumbered by the hackers, the self-surrender module(also know as the french module) went into effect.

Re:Thats not all it does. (2, Insightful)

$0 31337 (225572) | more than 10 years ago | (#9167457)

My ice coffee just shot out of my nose all over the fucking monitor... great comment :)

800 MB (-1)

illumina+us (615188) | more than 10 years ago | (#9167118)

800 MB? What? Valve didn't even lose that much and the Cisco IOS can fit on a floppy.

This really means nothing. (4, Informative)

corrosive_nf (744601) | more than 10 years ago | (#9167141)

Cisco had already announced a few weeks ago that version 13 of IOS was coming out and in June they were going to dump IOS fully for a totally new os for their routers that was going to be pluggable and more secure

http://news.com.com/2100-1033_3-5210745.html

Re:This really means nothing. (0)

Anonymous Coward | more than 10 years ago | (#9167668)

How can you possibly say this means nothing? Did you even read that article you linked to? This new OS is specfically designed for the "HFR($500K-1M dollar)" next-gen router and is NOT a drop in replacement for every Cisco router out there. The new OS will also be A) missing several important features when it comes out and B) need at least a year to stabilize. So how in the hell does this solve the problems of everyone who is using Cisco latest IOS? Huh? Please tell me because I'd love to know.

If the source was indeed leaked then this is a huge fucking problem will not be easily solved.

China? (0)

DAldredge (2353) | more than 10 years ago | (#9167152)

There is a good chance that this leak came from one of the 'partners' in china that Cisco uses.

China doesn't have the same regard for foreign IP that the USA does.

I am not shocked... (0)

Anonymous Coward | more than 10 years ago | (#9167472)

If one was to go to Cisco's network acadamy and login, One would find (If they were using a packet sniffer) that the passwords are in clear text.

When this was brought to cisco's attention the reaction was it was not worth fixing.

What a great way to start teaching the next generation.

Darth Nader (0)

Anonymous Coward | more than 10 years ago | (#9167707)

I hope Ralph Nader's portfolio takes a hit. Nader is a multi-millionaire due to his Cisco investments. Cisco is much more of a monopoly in its field than Microsoft is in its field, yet the perennial left-wing fascist and election spoiler rails against the Microsoft Monopoly.

Here's to poverty Ralph!

Hardware architecture more important (1)

cpghost (719344) | more than 10 years ago | (#9167723)

IOS source code is no big deal. It's Cisco's hardware implementation and architecture that is the real interesting part. At least for the core router functionality. Some fringe aspects would be interesting to study, but it's not really that critical.

Re:Hardware architecture more important (1)

markom (220743) | more than 10 years ago | (#9167859)

This is very much wrong. Cisco's hardware is nothing special, really. Just another telco box. What makes Cisco hardware work the way it does is IOS.

Marko.

Makes perfect sense to me. (1, Insightful)

Anonymous Coward | more than 10 years ago | (#9167918)

One thing you learn in the IT industry real quick is the cobbler's sons are the last shod.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...