Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cisco Source Code Up For Sale: Only $24,000

CowboyNeal posted more than 9 years ago | from the hot-products dept.

Security 292

spackbace writes "The notorious, mysterious Source Code Club (SCC) has re-emerged, this time selling source code for a Cisco application in another blatant violation of copyright regulations. Believed to be an anonymous collection of hackers, the SCC this week announced in a posting on a group Web site that it is offering the complete Cisco Pix 6.3.1 source code for US$24,000. Cisco Pix is a firewall application providing security, intrusion protection, network monitoring and other services for business and carrier networks."

cancel ×

292 comments

Sorry! There are no comments related to the filter you selected.

Take a cue from SCO (5, Funny)

Anonymous Coward | more than 9 years ago | (#10729754)

Take a cue from SCO and drop the price to $699. That way EVERYONE will buy it!

Better yet, take a cue from Autodesk (2, Insightful)

Marxist Hacker 42 (638312) | more than 9 years ago | (#10729905)

And Cisco, beat them to it by realeasing a totaly new version of the compiled firmware, then GPL'ing the source that they're trying to sell.

Re:Take a cue from SCO (5, Funny)

Plural of Mongoose (808754) | more than 9 years ago | (#10729944)

As long as they don't start selling software they steal from IBM, as then SCO would hafta sue 'em!

Can somebody loan me some money? (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#10729755)

HAXOR

Maybe Firefox users can buy it (-1)

Anonymous Coward | more than 9 years ago | (#10729757)

And change it to an advertised for Firefox's launch.

$24,000? (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10729762)

Hmmm, does that include indemnification?

(FP!)

Good thing I'm running 6.3(4) (3, Funny)

Anonymous Coward | more than 9 years ago | (#10729766)

Although I bet I'm screwed anyhow...

$24k? (5, Funny)

miles31337 (539573) | more than 9 years ago | (#10729767)

From my experience with PIXen, it's certainly not worth that...

$24k?-Going? Going? Gone? (0)

Anonymous Coward | more than 9 years ago | (#10729825)

You can buy all that and more elsewere, cheaper.

Re:$24k? (4, Insightful)

goalive (729667) | more than 9 years ago | (#10729912)

Well, I guess this will help decide once and for all if open-source software really is more secure than closed source. :-)

This is a problem for the /. crowd? (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#10729994)

Listen, why is this a big deal? All you /.ers think open source is great. Obviously this represents no problem when you're talking Apache. You guys can't have it both ways. Source code should be closed, bottom line. MS and Cisco are wise. Security by obscurity.

Pirated? (1, Interesting)

joelanders (743036) | more than 9 years ago | (#10729772)

Wouldn't these guys just figure that the code would get copied and shared after it gets sold. Once they sell it to someone, what keeps this guy from going and selling it for $10k? Or free?

Re:Pirated? (5, Insightful)

Agilis (796661) | more than 9 years ago | (#10729803)

It's not worth all that much to them sitting on their drives anyways. Who knows, some wacko might actually pay!

But really it's just to generate bad publicity for cisco

Re:Pirated? (2, Funny)

Anonymous Coward | more than 9 years ago | (#10729819)

"Wouldn't these guys just figure that the code would get copied and shared after it gets sold. Once they sell it to someone, what keeps this guy from going and selling it for $10k? Or free?"

Why would they give a fuck? They're 24k up.

Re:Pirated? (1)

diqmay (773248) | more than 9 years ago | (#10729840)

well... they've already made $24k (after the first sale), and an aditional $24k for each other buyer that pays before the code become widely avaliable on a product they didn't create in the first place, so any and all money they make is going straight into their pockets. If they were concerned about controlling the sale of something like this, do you think they would have stollen it from cisco in the first place?

Diq

Someone paying 24k (5, Insightful)

Chuck Chunder (21021) | more than 9 years ago | (#10729884)

Isn't going to start handing it out for free.

The only real reason to want the code is to find exploitable holes in the software. If you're paying 24k so you can do that you presumably want to use those exploits for a purpose. Releasing the sourcecode and risking exploits becoming public (and then patched) devalues your investment.

Re:Someone paying 24k (5, Funny)

Xerp (768138) | more than 9 years ago | (#10730001)

Sure. Yes. Pay 24k. Uh-hu. OK. Let me get my PayPal account set up. Ah, I have a buyer... "Leave the money in a brown paper bag STOP Wear a false mustache and a pink carnation STOP Make sure the bills are unmarked STOP Either that, or five copies of that wonderful Microsoft Windows XP will do STOP thank you Mr Ballmer STOP"

Re:Someone paying 24k (1)

Progman3K (515744) | more than 9 years ago | (#10730081)

This means the time has come to completely open-source router firmware development.

In the end, what choice do we have? If we take it as truth that open-source is more secure, then it also applies to routers.

BGP and other applicable protocols are available as RFCs

And anyhow, it seems BGP isn't all that secure [slashdot.org] to begin with.

Re:Someone paying 24k (1)

Tony Hoyle (11698) | more than 9 years ago | (#10730085)

Maybe not, but.

Pay 24k, sell 5 copies at 10k.

Profit!

Now that's irony! (4, Insightful)

plierhead (570797) | more than 9 years ago | (#10729775)

One can only marvel at the irony - someone stealing the source code for "a firewall application providing security, intrusion protection, network monitoring and other services for business and carrier networks"!!!

Re:Now that's irony! (5, Insightful)

PhrostyMcByte (589271) | more than 9 years ago | (#10729815)

like mitnick proved, it only takes one idiot with social skills to bypass your firewall.

Re:Now that's irony! (5, Insightful)

madprof (4723) | more than 9 years ago | (#10729881)

Indeed, as in the Mitnick case, one idiot *did* do it...

Re:Now that's irony! (3, Insightful)

drinkypoo (153816) | more than 9 years ago | (#10729964)

It might be better to say that it only takes one socially talented individual talking to one idiot inside your organization. A real idiot will make some stupid mistake during the conversation that will make it abundantly clear, even to the slowest-witted, that they are not in fact your CEO.

Re:Now that's irony! (1)

ScrewMaster (602015) | more than 9 years ago | (#10730018)

I'd call them "anti-social" skills. Maybe even "sociopathy" skills.

At least... (5, Funny)

imsabbel (611519) | more than 9 years ago | (#10729781)

there is no ebay-link this time...
But still i sense the good old "want to sell something? Advertise with a slashdot story" sprit :)

Re:At least... (0)

Anonymous Coward | more than 9 years ago | (#10730046)

But still i sense the good old "want to sell something? Advertise with a slashdot story" sprit :)

Duuuude, you're so not on the level.

Anyone with half a clue caught the original announcement on Full Disclosure. Post on any of about 6 lists in that space and you'll hit anyone in your target audience. The /. boost is just a PR bonus.

Will buy Linux (5, Funny)

Anonymous Coward | more than 9 years ago | (#10729782)

Anyone here has the source code for Linux OS? I'll pay roughly $2-3 grands via Yahoo Paydirect.

Re:Will buy Linux (4, Funny)

Anonymous Coward | more than 9 years ago | (#10729930)

$2-3 grand!? I got mine for $699 from a little company called SCO, which is currently having a closing down sale.

Re:Will buy Linux (2, Funny)

Penguinshit (591885) | more than 9 years ago | (#10729959)


I got an even better deal; I licensed my Linux for $35/month which includes DSL and unlimited lifetime OS upgrades...

Of course, the toll-free telephone support line seems disconnected: 1-800-DEV-NULL

Re:Will buy Linux (-1)

Anonymous Coward | more than 9 years ago | (#10730113)

Got only one with a BSD license. Only 50K USD!

Cisco would charge more... (1)

Temfate (753891) | more than 9 years ago | (#10729787)

Cisco would charge more... They really should think about the legal fees...

buying stolen property? (3, Insightful)

spacerodent (790183) | more than 9 years ago | (#10729788)

with all the legal cases on "stealing" mp3s could they charge these people with posession of stolen property?

Re:buying stolen property? (-1, Flamebait)

goldspider (445116) | more than 9 years ago | (#10729979)

<froth>

What was stolen here!? Does Cisco no longer have this code anymore? What financial loss did Cisco suffer as a result of this copied code? What physical property do these people now have? Cisco could have avoided this altogether of they had just been good global citizens and GPL'd this code. Information wants to be FREE!!

</froth>

No worries... (1)

slobber (685169) | more than 9 years ago | (#10729792)

This is nothing that a little sting operation won't fix. Seriously, how do they plan on getting the payment without being traced?

Re:No worries... (2, Insightful)

ikegami (793066) | more than 9 years ago | (#10729897)

Traced to where? To a country with laws favorable to them? Or maybe they rented a room using only cash and use that room as a mailbox. Hire a bum or trick a kid into picking the mail in case the house is surveiled.

Re:No worries... (0)

Anonymous Coward | more than 9 years ago | (#10730082)

Easy.... ask the payer to open a bank account, have them deposit the money into this account and then scan the ATM card and send you the data via email.

Write this to a new card and then take out the money from any ATM.

Simple.

first post? (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#10729793)

LOL

Go and help yourself to the best TV guide in the world: http://www.digiguide.com

BUY IT NOW (2, Funny)

Anonymous Coward | more than 9 years ago | (#10729795)

and goto jail tomorrow....

Anonymous collection of hackers? (4, Insightful)

jeblucas (560748) | more than 9 years ago | (#10729798)

Is there really such a thing in this day and age? That $24k has to go somewhere. Can't we just follow the money? It seems like this is the kind of thing that the feds would be all over. I see one of those huge multinational Interpol busts in about 5 weeks.

Re:Anonymous collection of hackers? (4, Insightful)

evilviper (135110) | more than 9 years ago | (#10729869)

Can't we just follow the money?

No. If we could, Nigerian scams, and old people loosing their life savings could be prevented.

Just have the money wired to you, and pick it up outside the country. Even inside the country, it's nearly impossible to track, because you can show up at any branch, anywhere.

Re:Anonymous collection of hackers? (3, Insightful)

cmowire (254489) | more than 9 years ago | (#10729887)

Oh, sure.

And we'd be able to follow the money of drug dealers, kidnappers, terrorists, etc.

It's harder than CSI makes it sound.

Re:Anonymous collection of hackers? (1)

nbowman (799612) | more than 9 years ago | (#10729907)

I'm pretty sure there are techniques to launder money so its untraceable. Which doesnt mean these "hackers" would know how to, but there are ways.

Office Space (0)

Anonymous Coward | more than 9 years ago | (#10730090)

Peter Gibbons : I can't believe what a bunch of nerds we are. We're looking up "money laundering" in the dictionary.

Re:Anonymous collection of hackers? (0)

Anonymous Coward | more than 9 years ago | (#10729919)

They've been around for over 5 months and haven't been busted so far.

Re:Anonymous collection of hackers? (1)

mpcooke3 (306161) | more than 9 years ago | (#10730089)

Western Union transfer maybe?

The DDOS blackmailers usually request money transfers using this method or "we dstroy your DNS" as they so elequently put it :)

I would buy it (5, Funny)

lateralus_1024 (583730) | more than 9 years ago | (#10729799)

but i'm in California and I don't want to pay tax on it.

Re:I would buy it (2, Informative)

spuzzzzzzz (807185) | more than 9 years ago | (#10729962)

BAHAHAHAHA!

Someone mod this funny! At the risk of ruining the joke by explaining it, it's a reference to the fact that drug dealers in California are required to pay tax.

Copyright.... whats that? (0, Troll)

hools1234 (789912) | more than 9 years ago | (#10729800)

Well we know people like this have a total disregard for intellectual property and therefore a total disregard for those with creative and intuitive minds. Its because of people like this that technology has the opportunity to implode... anyone got some mp3's I can download fromt them?

How do you like the Bush win? (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#10729801)

So how do you slashdot liberal asshats like the Bush win? What about the Senate elections? The house? In your face you morons, your leftist leanings obviously don't stand up in America. You all have a huge fucking L on your foreheads for the next 4 years. Suck it.

Re:How do you like the Bush win? (-1, Offtopic)

hools1234 (789912) | more than 9 years ago | (#10729828)

I've come to a startling realisation, my expression of which may or may not make sense. Most people posting their opinions on the Internet are either medium-to-way-hard left-biassed themselves, or follow in the thought patterns of others who post the aforementioned posts, but have nothing insightful to add. Most others shake their head (or choke/laugh/shudder). If the reader is right-wing biassed, they have to be WAY-HARD-RIGHT to bother arguing (let alone STARTING a right-wing thread). At these posts everyone except other way-hard-right readers shake their heads (or chokes/laughs/shudders) and don't continue the argument. Left-wing readers however will either and not argue (shake their head/choke/laugh/shudder), or reply with indignation at being questioned, depending on how far left they are. I'm sure I'm not alone in being "of the middle way" (at least I think I am, but I'm sure others will say otherwise, as they do). I'm not left-wing, nor right-wing, but I share some sentiments from both sides. Hard-left would see me as right-wing, Hard-right would see me as left-wing. All this adds up to make everywhere I've found on the internet rather dull, depressing reading. The Internet was meant to be a medium for unbiassed discussion, yet it seems the stereotype is being fulfilled quite nicely (left activism (is EVERY blog left-wing??), right conservatism, and middle-way sites/blogs I know of don't post political threads!). The political system will most likely never be good enough. Australia has a better voting system than America, but Australia also needs a better system, with more referendums, more often. At least then everyone has their say, and the majority opinion is known at issue-level, not party-level. A hard-right or hard-left approach will ALWAYS be bad. In terms of America, I believe that the Bush government was the right choice this time around, just as I believe the Howard government was the right choice in Australia. I have read enough to support both beliefs in my mind, from many points of view from BOTH sides, combined with my own principles and morals. ... taken from Gensygen at http://hoboe.net/in.php?in=hools

Re:How do you like the Bush win? (0)

Anonymous Coward | more than 9 years ago | (#10729982)

k......and this is in the SCC thread because...?

Proof open source is better. (2, Interesting)

rebeka thomas (673264) | more than 9 years ago | (#10729807)

This is really casting a cloud over the closed source world. It seems the closed-source hackers just can't keep their hands out of the illegal pie, and won't ever respect other people's property. The more you dabble in closed-source products, the worse it gets.

Best to start open source from the beginning. F/OSS is clearly a culture of more balanced individuals.

Re:Proof open source is better. (3, Insightful)

schwagner (662082) | more than 9 years ago | (#10729940)

There's a big difference between the people who write closed source code and the people who steal other people's work. This really says nothing about the quality of open vs. closed source code, or the people who write either one. It simply restates the fact that there are people out there who will do anything they want for money.

Money exchange? (1, Redundant)

darth_MALL (657218) | more than 9 years ago | (#10729812)

Exactly how could the SCC receive payment for this without getting a link back to who they are? Not my bag, so any info is of interest about this kind of crime.

Re:Money exchange? (4, Interesting)

sgant (178166) | more than 9 years ago | (#10730004)

I don't think they can. I mean, they might get away with it at the beginning...but time always catches up with them. It may take years, but in the end, they almost always get caught. There are plenty of slow, methodical crime investigators out there that will track them down. Plus, since Cisco is at the heart of this particular scam, don't you think they have a few people working for them that kinda-sorta know how to track things through the Net?

Of course, there's also the chance they could totally get away with it too...but not likely. Criminals always think they're smarter then the people after them, but they only have to make one mistake to kiss it all goodbye. Or just wait until the statute of limitations is up.

Pass on Pix (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#10729813)

Pix? Big deal. I'll put up genuine Snort source code, even throw in ipfw, and charge half of what they're asking.

Pix is totally overrated. Don't even get me started about IOS. The only reason Cisco calls themselves a software company is the absolute shock a customer has when he tears open that several thousand dollar router and discovers a mostly empty box and a 1980s vintage Motorola processor. "Uh, um.... the secret's in the software. Yea!"

Ummm (0, Redundant)

igzat (817053) | more than 9 years ago | (#10729818)

Isn't this an easy way for the hackers to get caught. How do they expect to get their money??

Re:Ummm (1)

Deliveranc3 (629997) | more than 9 years ago | (#10729832)

pssst... meet me behind the phone box, come alone.

Re:Ummm (1)

Triumph The Insult C (586706) | more than 9 years ago | (#10729874)

well, seeing as how they got the source code in the first place, i think they could figure something out

then again, what the hell do i know? my president worked for an oil company and couldn't find oil in texas, so, who knows?

Re:Ummm (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#10730003)

Hey dickhead, I think your sig is a little outdated. You're welcome for the education, you putz!

Re:Ummm (0)

Anonymous Coward | more than 9 years ago | (#10730013)

"what the hell do i know?"

From where I sit, you know how to whine.

A bit more (5, Informative)

erick99 (743982) | more than 9 years ago | (#10729821)

I found this in another article about the same story:

Also on offer, apparently, is the Enterasys Dragon IDS 6.1 intrusion detection system (IDS) software for $16,000 and an old Napster file sharing code, a snip at $10,000.

The original name behind the group was one Larry Hobbles who now seems to have disappeared. The Source Code Club is now said to be hawking a list of other stolen code to anyone who buys one full copy of the source code for sale.

Re:A bit more (2, Funny)

ion_ (176174) | more than 9 years ago | (#10730054)

Also on offer, apparently, is the Enterasys Dragon IDS 6.1 intrusion detection system (IDS) software for $16,000 and an old Napster file sharing code, a snip at $10,000.

Yes, and they also offer a BSD-licensed copy of Linux for $50,000.

Re:A bit more (1)

erick99 (743982) | more than 9 years ago | (#10730093)

If I bought that, I'd have to skip lunch tomorrow.

"blatant violation of copyright regulations" (0)

bodrell (665409) | more than 9 years ago | (#10729824)

I think it ought to be flagrant, since it's seen and not heard.

Grammar fascism aside, it's only a copyright violation where copyright exists. Not in, say, China.

Re:"blatant violation of copyright regulations" (1)

technothrasher (689062) | more than 9 years ago | (#10729936)

I think it ought to be flagrant, since it's seen and not heard.


The 'blatant' vs 'flagrant' distinction isn't between seen and heard, even though blatant's roots are from 'to blab'. The difference is that blatant describes something that's done in an exessively noticeable manner, where flagrant describes something that's done is so excessively it's noticeable. Note the difference.

Here's the post on usenet (1)

Alejo (69447) | more than 9 years ago | (#10729831)

hell, some time ago ppl used to "free" source code like this just for fun. only greedy kids [google.co.uk] nowadays it seems ;)
and not smart... or very smart and this is a scam... If I were selling it, first thing would be to contact key agencies/companies anonymously, not this freak high-profile thing. sounds bad. and there are no md5 or something of a few files to prove it is the real thing.
Seen IOS and other srcs years ago... This is what they get for playing the closed source game: FEAR. :)

Re:Here's the post on usenet (2, Insightful)

erick99 (743982) | more than 9 years ago | (#10729848)

I suspect they are after attention and notoriety more than money.

Pretty Pointless... (4, Insightful)

evilviper (135110) | more than 9 years ago | (#10729838)

So, for 24k, you can buy the PIX source code... For what?

You obviously can't sell a product using this stolen code. A company can't exactly buy it and roll their own version.

So it's really only good if you want to look for bugs in PIX that you can exploit, and since this is being sold by a group of hackers, you can bet that they've already looked for everything possibly exploitable.

Re:Pretty Pointless... (1)

KefabiMe (730997) | more than 9 years ago | (#10729942)

So it's really only good if you want to look for bugs in PIX that you can exploit, and since this is being sold by a group of hackers, you can bet that they've already looked for everything possibly exploitable.

Hell, I would expect them to add some backdoors to the code!

Re:Pretty Pointless... (0)

Anonymous Coward | more than 9 years ago | (#10730014)

yea you can. Eastern European companies will have a use

Not even close (5, Insightful)

Plasmic (26063) | more than 9 years ago | (#10730025)

The value of this intellectual property is not defined by the cut-and-pasteability of source code into a company's product. Certainly, this is not the likely application for any would-be buyers. Instead, knowing how the #1 router company in the world implements stateful packet-filtering on an embedded device is a very worthy piece of knowledge that can be used as a basis for the design of anything that touches a packet.

In addition, Cisco spends hundreds of thousands of dollars in their support organization identifying hard-to-find interoperability issues and exception cases, testing things out in the lab, and then coding up fixes. All of these real-world experiences and corresponding code work-arounds that impact every other firewall/VPN/routing product on the market are captured in this source code.

Cisco PIXes have proprietary integration with third-party products, such as IDS systems, content-filtering proxies (e.g. WebSense), etc. This source code surely exposes these APIs, which are covered by Cisco's own NDA with these companies and are coveted by anyone trying to integrate with such closed-source commercial offerings.

Were it legal, it'd be a bargain!

Re:Pretty Pointless... (1)

Lord_Dweomer (648696) | more than 9 years ago | (#10730106)

"You obviously can't sell a product using this stolen code. A company can't exactly buy it and roll their own version."

I think SCO would beg to differ...

CMDRTACO IS A FAGGOT (-1, Troll)

Anonymous Coward | more than 9 years ago | (#10729867)

also he likes to touch little boys in the pee pee

For their next performance (1, Funny)

Anonymous Coward | more than 9 years ago | (#10729870)

Due to popular demand, the Source Code Club will now offer the Linux kernel source for $50k.

oh well (4, Interesting)

hpavc (129350) | more than 9 years ago | (#10729875)

If you follow (or try) the people that can read tcpdump (or simular) logging like plain english and then in turn generate the packets to interact (exploit) what they see. I doubt having pix source code would matter much.

Also the 'IDS' features of the pix are static and pretty mundane and not tied to the IDS product so i am sure most people know how to get around them.

Weekend project (4, Interesting)

lateralus_1024 (583730) | more than 9 years ago | (#10729877)

1)Purchase SCC's code: $24k
2)Purchase Linksys W54G from BestBuy
2.5) Port SCC code onto W54G.
3)Resell Modded Linksys W54G to Fry's Electronics
4)Profit!!!!

Cisco Link Status Meter (1)

Kethinov (636034) | more than 9 years ago | (#10729885)

Boy I'd love to get my hands on the source of the Cisco Link Statnus meter so I could hack it and have a working LSM for my 350 series Cisco radiocard in Linux.

Items for sale (1, Funny)

Anonymous Coward | more than 9 years ago | (#10729890)

If anyone here is seriously considering this, I have a bridge you might be interested in...

FBI Sting (1, Informative)

Honest Man (539717) | more than 9 years ago | (#10729917)

Who'd bet this is more likely an FBI sting to get people who would use/modify/resell this code.... It wouldn't be the 1st time they did it.

Shouldn't matter (2, Informative)

Anonymous Coward | more than 9 years ago | (#10729926)

So what if the source code is available? If the device is any good, availability of source code shouldn't make any difference to the security.

Re:Shouldn't matter (1)

Honest Man (539717) | more than 9 years ago | (#10730062)

That depends on if the people who find the holes in security are black-hats or not........

White Elephant (2, Informative)

Toby The Economist (811138) | more than 9 years ago | (#10729952)

I'm not sure the source code to a huge programme is useful.

About the only thing you can do with it, without *understanding it*, is compile it and use the binary (and stealing the binary in the first place is much easier than the source.)

The effort required to understand a large programme is vast. It's far easier just to buy a license.

--
Toby

Pointless (3, Insightful)

retro128 (318602) | more than 9 years ago | (#10730006)

Anyone who would pay for this would have to be an absolute idiot. First of all there is no guarantee the source code even the real thing. If it isn't as advertised, what are you going to do? Take an anonymous Russian hacking group that you knowingly bought stoken IP from to court? It's like the guy who calls the police and files a report about his pot stash being stolen.

Is it a sting operation? (1)

javaxman (705658) | more than 9 years ago | (#10730019)

I know it's probably not, I'd be impressed if law enforcement was smart enough to try this, and it would likely be viewed as entrapment if they did, but...

puts on tinfoil hat

suppose for just a minute that you wanted to contact, trace, and/or otherwise smoke out large numbers of people interested in buying source code to security applications. Might one approach be to
(a) publicize a code theft
(b) pose as a 'known' hacker organization selling the code
(c) fully investigate everyone who contacts you

I'm leaving the tinfoil hat on, I just noticed we'll see Republicans in power for 4 more years

But seriously, how are you going to trust "SCC" not to actually be "FBI" or even "NSA"?!? What are you going to do, ask them if they're cops!?!?

Details (5, Informative)

Rabin Vincent (642528) | more than 9 years ago | (#10730024)

The group posted to FullDisclosure [seclists.org] that they will post further announcements in alt.gap.international.sales [google.com] .

Sure enough, here's the CISCO Pix file listing [google.com] and the "newsletter" [google.com] .

Here's their newsletter (3, Informative)

enosys (705759) | more than 9 years ago | (#10730098)

Here's the newsletter [google.com] that they just posted to alt.gap.international.sales.

$24K ...hmm. (4, Funny)

SinaSa (709393) | more than 9 years ago | (#10730032)

I wonder how they work out the values for the source they steal. Is it just based on how long it took them to get it, or do they have a formula like the Ed Norton one in Fight Club?

It's like the mantra goes.... (3, Funny)

Anonymous Coward | more than 9 years ago | (#10730051)

Information wants to cost 24 thousand dollars!

More info... (1)

sl0wp0is0n (708422) | more than 9 years ago | (#10730052)

I submitted the same story too... here's some more info you won't find on the EST site.
The first time these guys surfaced was on FullDisclosure mailing list. Here's [seclists.org] the message. Their website [splitto.com.ua] which, apparently, doesn't work anymore. Techworld article [techworld.com] can link you to a lot more information.

Wrong way (1)

cuteseal (794590) | more than 9 years ago | (#10730072)

Aren't they going the wrong way about this?

They should be extorting/blackmailing CISCO themselves for millions, with the threat to release their source code to the general public.

It would be in CISCO's best interests to make sure that doesn't happen, as their firewall security would be severly compromised if their code was exposed to hackers worldwide... :)

wow! firewall! (4, Funny)

RelliK (4466) | more than 9 years ago | (#10730091)

pssst, there is another firewall you can download from here [kernel.org] for free!!! Can you believe that??? But shhh! keep it quiet or they'll shut down the mirror.

Out of Date (2, Interesting)

msaulters (130992) | more than 9 years ago | (#10730097)

Geez, 6.3.1 is so old, I've already had to upgrade my Pix twice due to software errors that would cause the box to reset itself under moderate load. Current version is 6.3.4, and there have been a load of fixes. Maybe someone will want to buy it so they can write their own fixes & see if they work better than Cisco's updated version.

So you're wondering who they think would buy it? (1)

Captain McCrank (583414) | more than 9 years ago | (#10730101)

They're hoping for a certain Russian Tony Soprano to pony up. I speculate that they imagine it would benefit certain organizations attempting to gaining some leverage with online casino sites come Superbowl Sunday.

duh!

trusting closed source security product? (0)

Anonymous Coward | more than 9 years ago | (#10730102)

Whoa, you mean you can't just download the source code from cisco.com already?

And people actually trust their businesses to this stuff? Yeah we use PIXen and other Cisco products but they don't seem to have much advantage these days.

C'mon Cisco, you can solve this problem pretty easily. Put the source code up on your web site for $0.

Source Code! (1)

glowimperial (705397) | more than 9 years ago | (#10730117)

Get Your Red Hot source Code! Only 24k for you, today!

trust theives? (0)

Anonymous Coward | more than 9 years ago | (#10730124)

This could just be a scam. I scanned the article, and saw nothing of cisco confirming this. How does one trust these people, and if they do shaft the people buying the code (i.e giving them fake files) what recourse do the buyers have? Kinda like one of those 419 scams, think you get rich by cooeraationg with dishonest people, only to find out that they hosed you.

I'll Buy it! (0)

Anonymous Coward | more than 9 years ago | (#10730130)

And I *swear* I'm not a cop...

Eastern block blockheads (1)

Lead Butthead (321013) | more than 9 years ago | (#10730133)

I've thought (sterotypically) that old Eastern block countries are backward and generally lawless (everything is for sale.) So ASS-U-ME'ing the thieves are from one of "those" countries, what's to prevent one of these companies that had their code "stolen" to put out a contract on those thieves? Once the word gets out, I think it would be a much more effective deterrant than say... a couple years in jail.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>