Code breaking

Source code was again under attack this week, as Cisco Systems investigated a leak, and two popular repository applications were found to have vulnerabilities. Some of the proprietary source code that drives Cisco's networking hardware appeared on the Internet late last week, but the company could not confirm whether network intruders made off with 800MB of code, as reported by a Russian security group over the weekend. Regardless, security experts say the source code leak won't result in the discovery of a large number of vulnerabilities.

"Cisco code needs specialized hardware, so most people aren't going to be able to compile the files," said Johannes Ullrich, chief technology officer of the Internet Storm Center, an online service that monitors threats on the Internet.

This is the second time this year that a major technology company's product source code has been made public without authorization. In February, source code for parts of Microsoft's Windows 2000 and Windows NT were leaked to the Internet. One security researcher claimed that he had discovered a minor Internet Explorer flaw by analyzing that source code.

Read Full Story