- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
More details about the computer code stolen from Cisco surfaced on Tuesday, including new samples of the source code and information on how the code was distributed, four days after a Russian Web site reported news of the theft and posted sample code files to support the claim.
Additional copies of Cisco code files for the Internetwork Operating System (IOS) may be circulating on the Internet, after the thief compromised a Sun server on Cisco's network, then briefly posted a link to the source code files on a file server belonging to the University of Utrecht in the Netherlands, according to Alexander Antipov, a security expert at Positive Technologies, a security consulting company in Moscow, who was interviewed by e-mail and instant messaging service.
A Cisco spokesman declined to comment on the new information, citing the ongoing investigation, but the company is working with the FBI, according to Robert Barlow, a company spokesman.
"Cisco will continue to take every measure to protect our intellectual property, employee and customer information. In this case, Cisco is working with the FBI on this matter," the company said in a statement.
Antipov downloaded more than 15M bytes of the stolen code, which is estimated to be around 800M bytes, after an individual using the online name "Franz" briefly posted a link to a 3M-byte compressed version of the files in a private Internet Relay Chat (IRC) forum on Friday, he said.
Antipov denied knowing Franz and said he wants to return the code to Cisco and has been communicating with a Cisco employee about the leaked source code.
The link provided was only available around ten minutes and pointed to a file on an FTP (File Transfer Protocol) server, ftp://ftp.phys.uu.nl, which belongs to the University of Utrecht in the Netherlands. That server is open to the public for hosting files of files smaller than 5M bytes, according to the University's Web page.
Examples of the additional source code files viewed by IDG News Service are different from the two code files posted on www.securitylab.ru, and appear to be written in the C programming language. One, named snmp_chain.c dates to 1993 and is credited to Robert Widmer. Another, named http_auth.c and containing a module for HTTP authentication routines is dated March, 2002 and credited to Saravanan Agasaveeran.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment