Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Theft of Cisco Source Code Stirs Fears of Security Threat

Vendor's reticence leaves users uneasy about extent of risk

May 24, 2004 12:00 PM ET

Computerworld - The theft of proprietary operating system source code from Cisco Systems Inc. poses a potentially serious security threat to corporate networks that use the company's technology, users and analysts said.
And the paucity of information released by the networking giant in the wake of last week's disclosure that the code had been stolen is raising troubling questions about what exactly happened and the real extent of the compromise, they added.
"We are all waiting to hear what Cisco has to say," said Stephen Smith, network manager at Keystone Mercy Health Plan in Philadelphia.
Cisco has been "unnaturally and unproductively quiet," added John Pescatore, an analyst at Gartner Inc. "That gives the impression that they are still unsure about the scope of the breach. Or they are sure, and it's much worse than has come out so far," he said.
Unidentified attackers last week stole an unspecified amount of source code for Cisco's Internetworking Operating System 12.3 and 12.3T software, which is widely used in switches and other networking equipment. A Russian Web site posted about 13MB of what it claimed was the stolen code on May 15, saying that as much as 800MB of code appeared to have been stolen.
Alexander Antipov, a security expert at Moscow-based Positive Technologies, which owns the Web site that posted the code, claimed that the company downloaded it via a link provided over an Internet Relay Chat channel by someone using the online name Franz.
The supposed Cisco code samples, a copy of which was sent to Computerworld, were removed from Positive Technologies' site at Cisco's request on May 18, Antipov said.
In a prepared statement posted on its Web site last week, Cisco confirmed that a "portion" of IOS code had been illegally copied and publicly posted for several days. It appeared that the occurrence was not the result of flaw in any Cisco product or service, the note said. It is also unlikely that the action was taken by a Cisco employee or contractor, it added. The company refused to provide any further details, citing an ongoing investigation into the matter, but said it believed that "the improper publication of this information does not create increased risk to customers' Cisco equipment."

"We will continue to closely monitor this matter and provide updates as appropriate to customers," a company spokesman said.
The theft raises security concerns, especially since Cisco's technology is widely used on corporate networks, users said.
"Now that the code is available to scrutinize, it will be easier to find holes



Jump to comments

Security

Additional Resources

Xerox
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Save time and mitigate security risk. Deploy it now.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.  

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Why Email Must Operate 24/7 and How to Make This Happen
Learn how to avoid an email outage by implementing a hosted email continuity solution.  

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...