Home > Archive > General Discussion > May 2004 > CiSCO IOS 12.* source code stolen





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author CiSCO IOS 12.* source code stolen
darthfeces

2004-05-16, 4:36 pm

RE: CiSCO IOS 12.* source code stolen

From:
Date: Sat May 15 16:49:27 2004

--------------------------------------------------------------------------------

Rough translation of:
http://www.securitylab.ru/45221.html

May, 15 2004

Leak of code CiSCO IOS source code?

As it became known to SecurityLab, the source code of operating system
CISCO IOS 12.3, 12.3t, which is used in the majority of Cisco network
devices has been stolen on May 13, 2004. The total volume of the stolen
information represents about 800MB in an archive file.

According to the information available to us, the leak of fragments of
the source code occurred because of a break-in into the corporate
network of Cisco System.

Representatives of Cisco System have not made any comments about the
break-in so far.

A person whose alias on *darknet@EFnet IRC is "franz" has given a small
parts of the source code (about 2.5 Mb) as proof.

Below are links to the first 100 first lines of source code of:

ipv6_tcp.c:
http://www.securitylab.ru/45222.html

ipv6_discovery_test.c:
http://www.securitylab.ru/45223.html
Sexy Lexy

2004-05-16, 5:29 pm

That is frightening, just think of all the IOS exploits this could bring about.

Just one question, how on earth did you stumble upon a Russian web site?
darthfeces

2004-05-16, 6:35 pm

it's a rumor right now
could be real , could be a hoax
though the sample source looks real enough
i'm sure it's got cisco's attension.

http://www.merit.edu/mail.archives/nanog/msg04263.html

http://arstechnica.com/news/posts/1084683212.html


this hit an hour ago

http://www.eweek.com/article2/0,1759,1593870,00.asp


http://news.google.com/news?q=cisco...F-8&sa=N&tab=nn
Sexy Lexy

2004-05-16, 6:59 pm

Above everything else, if these reports are true, the embarrassment of being hacked in the first place is shameful enough.

Never mind the possibility of exploits in the IOS as a whole.

This will be interesting.

However, none of this comes close to the stupidity of posting the source code and an alias on the internet.

Like every other fame starved hacker, they will get attention soon enough; probably not the recognition they expected though.

Sounds like a job for the F.B.I.
Boulware5

2004-05-17, 3:56 pm

I saw this on slashdot.
Sexy Lexy

2004-05-17, 4:50 pm

It has made the register as well:

http://www.theregister.co.uk/2004/0...isco_code_leak/

darthfeces

2004-05-18, 2:15 pm

http://www.infoworld.com/article/04...fbicisco_1.html
HOOLIGAN

2004-05-20, 9:14 am

Its true. My company is an outsource for Cisco, and we got this Email yesterday,

Please be advised that Equant has been informed by Cisco that they are investigating the alleged availability of its proprietary information to individuals outside the company. Cisco treats any breach of its proprietary information as serious and is working with the appropriate organizations to address the matter.
Goonigoogoo

2004-05-20, 10:58 am

Someone tell me please ... how freakin difficult is it to protect a code, sheesh if i were in charge heads would role, if i were in charge of protecting it, no one would have gotten anything.
darthfeces

2004-05-22, 11:20 am

http://www.computerworld.com/securi...1,93339,00.html
Sponsored Links





Free Braindumps | MCSE braindumps software forum

Copyright 2003 - 2008 examnotes.net