A Collection of Articles
Edit
Simson Garfinkel

A View from Simson Garfinkel

FBI Investigating Cisco Source Code Leak

Computerworld continues its reporting of Cisco’s source code leak, which has many ISPs and major companies re-examining their access control lists. The problem, apparently, is that 800MB of Cisco source code for the Internetworking Operating System 12.3 and 12.3T systems…

  • May 24, 2004

Computerworld continues its reporting of Cisco’s source code leak, which has many ISPs and major companies re-examining their access control lists.

The problem, apparently, is that 800MB of Cisco source code for the Internetworking Operating System 12.3 and 12.3T systems was found on a Russian website. The Russians took the site down when requested by Cisco, but the feeling is that the bad guys have this code and are exploring it for weaknesses.

Is this a serious threat? Hard to tell. On the one hand, exploits have been found against various operating systems without having the source-code handy. On the other hand, having the source might make it easier to turn a router-crashing exploit into one that might result in a router compromise.

Personally, I think that the real risk in having the source code out is a legal one. With the code out, some enterprising hacker might discover that Cisco’s IOS actually has some copylefted code in it. If that code is present, then it would mean that all of IOS is contaminated and needs to be published as open source… I’m not saying that this has happened, but you gotta let a guy have his dreams…

Uh oh–you've read all five of your free articles for this month.

Insider basic

$29.95/yr US PRICE

Subscribe
What's Included
  • 1 year (6 issues) of MIT Technology Review magazine in print OR digital format
  • Access to the entire online story archive: 1997-present
  • Special discounts to select partners
  • Discounts to our events

You've read of free articles this month.