Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Simson Garfinkel

A View from Simson Garfinkel

FBI Investigating Cisco Source Code Leak

Computerworld continues its reporting of Cisco’s source code leak, which has many ISPs and major companies re-examining their access control lists. The problem, apparently, is that 800MB of Cisco source code for the Internetworking Operating System 12.3 and 12.3T systems…

  • May 24, 2004

Computerworld continues its reporting of Cisco’s source code leak, which has many ISPs and major companies re-examining their access control lists.

The problem, apparently, is that 800MB of Cisco source code for the Internetworking Operating System 12.3 and 12.3T systems was found on a Russian website. The Russians took the site down when requested by Cisco, but the feeling is that the bad guys have this code and are exploring it for weaknesses.

Is this a serious threat? Hard to tell. On the one hand, exploits have been found against various operating systems without having the source-code handy. On the other hand, having the source might make it easier to turn a router-crashing exploit into one that might result in a router compromise.

Personally, I think that the real risk in having the source code out is a legal one. With the code out, some enterprising hacker might discover that Cisco’s IOS actually has some copylefted code in it. If that code is present, then it would mean that all of IOS is contaminated and needs to be published as open source… I’m not saying that this has happened, but you gotta let a guy have his dreams…

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.