Cisco Source Code Up For Sale: Only $24,000 292
spackbace writes "The notorious, mysterious Source Code Club (SCC) has re-emerged, this time selling source code for a Cisco application in another blatant violation of copyright regulations.
Believed to be an anonymous collection of hackers, the SCC this week announced in a posting on a group Web site that it is offering the complete Cisco Pix 6.3.1 source code for US$24,000. Cisco Pix is a firewall application providing security, intrusion protection, network monitoring and other services for business and carrier networks."
Again? This is the first time I'd heard of them (Score:2, Informative)
http://www.google.com/search?hl=en&q=%22Source+Co
A bit more (Score:5, Informative)
Also on offer, apparently, is the Enterasys Dragon IDS 6.1 intrusion detection system (IDS) software for $16,000 and an old Napster file sharing code, a snip at $10,000.
The original name behind the group was one Larry Hobbles who now seems to have disappeared. The Source Code Club is now said to be hawking a list of other stolen code to anyone who buys one full copy of the source code for sale.
FBI Sting (Score:2, Informative)
Shouldn't matter (Score:2, Informative)
So what if the source code is available? If the device is any good, availability of source code shouldn't make any difference to the security.
White Elephant (Score:2, Informative)
About the only thing you can do with it, without *understanding it*, is compile it and use the binary (and stealing the binary in the first place is much easier than the source.)
The effort required to understand a large programme is vast. It's far easier just to buy a license.
--
Toby
Re:I would buy it (Score:3, Informative)
Someone mod this funny! At the risk of ruining the joke by explaining it, it's a reference to the fact that drug dealers in California are required to pay tax.
Details (Score:5, Informative)
Sure enough, here's the CISCO Pix file listing [google.com] and the "newsletter" [google.com].
Here's their newsletter (Score:3, Informative)
Original Story is WRONG (Score:1, Informative)
Re:Anonymous collection of hackers? (Score:2, Informative)
Re:Now that's irony! (Score:2, Informative)
Funny, it used to be called social engineering.
Non-News Item (Score:2, Informative)
Between all the 0-days for Checkpoint and PIX, I honestly don't understand why anyone in their right mind would want to use these firewalls. This source offer is for eager script kiddies and nothing more.
Re:Will buy Linux (Score:3, Informative)
Here is the original usenet post from SCC (Score:2, Informative)
--
TABLE OF CONTENTS
1) Contact Information
2) News
3) Buy
4) FAQ
5) About
Contact Information
Two ways to contact us:
1) Post a PGP message encrypted with our public key via usenet to: alt.gap.international.sales This method of contact is preferred.
2) Send email to: dmitrysky@rediffmail.com
THE EMAIL COULD CHANGE OR GO DOWN. If you absolutely must get a message to SCC, we recommend using usenet. The SCC PGP public key is located on full disclosure mailing list archives, usenet, and the end of this newsletter. It is wise to make sure they all match, for your safety. This public key will NEVER change. Only PGP encrypted email will be responded to.
News
SCC is proud to announce the general availability of Cisco Pix 6.3.1 source code. This release is significant because pix is vital to the security of many ultra-secure networks.
With the ubiquity of pix devices these days, we see a huge market for such code. Many intelligence agencies/government organizations will want to know if those 1's and 0's in the pix image really are doing what was advertised. You must ask yourself how well you trust the pix images you download to your appliance from cisco.com.
After reading the code, you may build the source code with one of the many Makefiles provided in the distribution to create your own in-house pix images. Sleep well at night knowing exactly what is sitting in your pix device's memory. Scroll down to the Buy section below for more information.
The price of Enterasys IDS and Napster has been raised. SCC is a dynamic entity, always evolving and trying out new ways of doing things. We have made a few changes in the way we operate, all for the
better.
We are now offering some buyer incentives. After you purchase one full source from SCC, you become a private member. Private members get access to lists of sources that are not available to the general public. This list may contain sources that have been deemed to sensitive to put up
for public buying, or it may contain sources that we plan on releasing in the future to public buyers. Private members not only get many months advance buying power to the sources, but will also pay less for sources than non-members.
The source you purchase to become a private member can be any source, no matter how cheap or expensive. This means you will purchase every 'part' of the source before becoming a private member.
We keep track of who is a private member by your PGP public key. This way a customer may always approach us from any anonymous place, and we can always verify he/she is a member by the public key. Do do not destroy those PGP keys!
Buy
SCC is currently offering:
o Cisco Pix 6.3.1-release source code (NEW!)
o Enterasys network and host IDS source code and design documentation
o Napster source code repository
Buying Options:
1) All at once
2) Piece by piece
Buying Instructions:
Email us with our PGP key to tell us how many pieces of which package you wish to purchase (read FAQ if you are confused). PUT YOUR PUBLIC PGP KEY INSIDE THE MESSAGE SO WE CAN RESPOND TO YOU. We will not take orders from anyone not using PGP.
Cisco Pix Information:
Cisco Pix is one of the leading firewall security applications on the market. This firewall provides security, ipsec, vpn, intrusion protection, network monitoring, and much more services that can be used
on small personal & business networks and massive gigabit carrier networks. For more information on this product and many other great products, please visit www.cisco.com.
The source package includes all sources and 'make' files to compi