By Keith Regan E-Commerce Times
05/17/04 8:12 AM PT
Unlike a Windows code leak that occurred earlier this year and was soon made available on dozens of Web sites, the Cisco code appeared to have been removed from the Russian site by Monday morning.
How Much is 'Free' Costing You? Learn how DaveRamsey.com saw a 567% uplift in ROI with Omniture. This complimentary guide and webinar cover the most important factors in selecting an analytics solution. Download Now.
Cisco Systems (Nasdaq: CSCO) is investigating whether part of the source code that powers its networking hardware has been revealed on the Internet -- a potentially embarrassing development for a company making a huge push into the network security business.
Reports swept the Web last weekend that the code had been published on the Russian site SecurityLab. However, the equipment giant is still calling the event a "potential" compromise of its proprietary source code.
Various accounts suggested that as much as 800 MB of source code for Cisco's Internet Operating System versions 12.3 and 12.3t had been stolen in a hacker attack.
Offering Proof
A sample of the code, believed to be about 2.5 MB in size, was released on an Internet Relay Chat (IRC) channel over the weekend, a move intended to prove to doubters that the code was legitimate.
Cisco spokesperson Jim Brady confirmed to the E-Commerce Times that Cisco is aware of the reports of a breach and that its security response team has been investigating since the weekend to determine if they are true.
He referred additional questions, such as whether Cisco will suggest measures for customers to take in the meantime, to another spokesperson who could not be reached before deadline.
Cisco has been actively expanding its presence in the security area. Starting early last year with its purchase of intrusion detection firm Okena, the company has bought several smaller firms that specialize in network security software. As recently as March, it acquired virtual private network security firm Twingo Systems.
Misery Loves Company
Should the code hack prove legitimate, Cisco can take some comfort in knowing it is not alone.
Microsoft (Nasdaq: MSFT) acknowledged earlier this year that part of its vigorously guarded Windows source code had been leaked onto the Web. Although the code was not complete and came from two older versions of the operating system, Microsoft still found itself scrambling to respond and was forced to issue patches to address exploits that were developed based on the code, which was widely circulated.
Industry observers are split on the authenticity of the Cisco code and its impact. Although Cisco's products power much of the Internet backbone as well as corporate networks, the company may benefit from being a less-attractive target to hackers than Microsoft and other software vendors.
In addition, unlike the Windows code, which was soon made available on dozens of Web sites after the leak, the Cisco code appeared to have been removed from the Russian site by Monday morning.
Still Significant
However, Ken Dunham, director of malicious code at iDefense, said the Cisco
code leak, if true, would be "very signficant."
"We're still seeing exploits come out based on the Windows source
that was leaked months ago," Dunham told the E-Commerce Times, noting
that a Trojan exploiting that code was discovered in the wild in the past
few days. "In that case, you're dealing with operating system on a client
machine. Here, you're dealing with gateway-facing devices that could leave
entire networks at risk."
On the other hand, he added that even if the code was stolen by a hack, the incident should not detract from what Cisco has been able to achieve in terms of adding layers of security to networks.
"No one incident really tells you what you need to know about a company's seurity," he added. "Cisco is still a great company that builds stable products. I'd look at this as an unfortunate incident for them."
Bad Timing
The episode comes just days after Cisco turned in one of its strongest financial performances in recent years.
The company beat expectations, reporting US$1.2 billion in earnings on $5.6 billion in sales in its third fiscal quarter, and provided a glimmer of hope for long-suffering tech-sector workers by saying it is poised to add as many as 1,200 jobs during 2004.
Cisco shares tumbled in early trading Monday, falling nearly 2 percent to $20.90, though it was unclear whether the security breach had sparked the selloff or if the company was simply caught up in a falling overall stock market.
Can the Good Guys Win the Phishing Wars? May 15, 2004
Dean Richardson, vice president of technology at MessageGate, told the E-Commerce Times that his compay's MessageGate Perimeter Protection software examines each e-mail message as it arrives and compares several components, such as its delivery mechanism and header. If it claims to be from Citibank but has been routed through a server in Romania, it is quarantined.
Related Stories
Cisco Shares Slip Despite Strong Outlook May 12, 2004
Despite a reported profit gain and relatively rosy outlook, Cisco shares slipped in early trading Wednesday, falling about 2 percent to $21.79.
Cisco, IBM Synergize Switches and Servers April 30, 2004
Yankee Group senior analyst Zeus Kerravala told TechNewsWorld that the move comes mainly from Cisco's Business Ready Data Center strategy. "I think Cisco does have value in the datacenter and the Business Ready Data Center environment is it," Kerravala said.
Cisco Buys Riverhead for $39 Million in Cash March 23, 2004
"This gives Cisco a great opportunity to go after DDoS and take on a very critical concern in its own customer base as well as look for upsell opportunities," AMR Research senior analyst Louis Columbus told the E-Commerce Times. "This is a company that is among the best in the world at taking software that is a differentiator and burning it into firmware."
Cisco Expands Security Portfolio with New OS, Hardware March 10, 2004
Yankee Group senior analyst Eric Ogren said Cisco needs to do more in the autonomous space, but he said he believes the company's mention of autonomic functionality in its latest product offering means it soon will announce products with such capabilities.
NetScreen, Cisco Shift to Network Security Super-Device December 20, 2003
Both NetScreen and Cisco have partnered with Trend Micro, a longtime developer of network antivirus and Internet content security software, to add Trend Micro's capabilities to their products.
Related News Alerts
More by Keith Regan
Yahoo Slaps Fresh Coat of Gloss on Microsoft Deal Defense June 30, 2008
With its shareholders meeting set to take place in less than five weeks, Yahoo has put together a 32-page presentation, emphasizing why the investors should vote to keep the current board in place. The company also reiterated why it chose to partner with Google instead of letting Microsoft buy part of it.
French Court Stings eBay With $63M Judgment Over Knockoff Sales June 30, 2008
eBay is planning to appeal a ruling by a French court that ordered it to pay $63 million to the luxury goods maker Louis Vuitton Moet Hennessey. The court also barred the online auctioneer from selling four brands of perfume on its Web sites accessible in France.
New Auto Loan Leads Marketplace Shifts Into Drive June 30, 2008
Reply.com's move into the auto finance market is a logical one the company, as automotive advertising spending is moving online in increasingly greater amounts. The company is partnering with the Detroit Trading Company to create a massive repository of auto finance leads online.
Headline Feeds
Talkback: 
