Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

How Dangerous Was The Cisco Code Theft?: Page 2 of 4

Johannes Ullrich, chief technology officer for the SANS Internet Storm Center, an analysis service that publishes warnings about security vulnerabilities and bugs, believes it's unlikely a hacker with stolen code could find flaws that Cisco hasn't already found.

"It's not easy to analyze that code if you don't know the hardware it's running on," Ullrich said. "It's harder to analyze the Cisco IOS (Internetwork Operating System) than a Linux application that runs on standard hardware."

Authorities believe Cisco's stolen code was uploaded to a Russian website, where it may have been distributed to people who would use it to discover more vulnerabilities in Cisco-powered computer systems.

"The hackers will find more vulnerabilities with that source code out there," said Jack Koziol, a senior instructor at the Infosec Institute and author of "The Shellcoder's Handbook: Discovering and Exploiting Security Holes."

"This kid got into the TeraGrid," Koziol said. "This is supposedly one of the most secure systems in the world and a 16 year old got in. ...It shows just how bad security is in government and in industry all around the world."