Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customise your settings, hit “Customise Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences

Necessary. Always active Read more

These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.
Tailored Advertising. Read more

These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.
Analytics. Read more

These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

Customise Settings

Security

Cisco probes source code theft

Networking crown jewels aired in public

John Leyden Mon 17 May 2004 // 11:20 UTC

Cisco has launched an investigation following reports that portions of its core networking operating system source code have been stolen and distributed online.

According to Russian security portal SecurityLab, a hacker boasting he broke into Cisco's internal network and nicked source code for some versions of Cisco's IOS has posted a 2.5MB snippet onto an IRC channel as proof. Around 800MB of code relating to Cisco IOS 12.3 and 12.3t has reportedly been nicked. IOS 12.3 is the latest version of Cisco's software, widely used home office, branch office and enterprise routers. IOS 12.3t is an earlier test version. Access to Cisco's source code might make it easier for hackers to develop exploits.

"Cisco is aware that a potential compromise of its proprietary information occurred and was reported on a public Web site just prior to the weekend," Cisco spokesman Jim Brady told C/Net. "The Cisco information security team is looking into this matter and investigating what happened."

The leak of proprietary source code would be embarrassing for Cisco given its increased focus on security over recent months but far from unprecedented within the industry. Source code for parts of Windows 2000 and Windows NT were leaked to the Internet back in February prompting a minor security flap. ®

Related stories

How to hack a network in nine easy steps
Cisco IOS DoS exploit released in the wild
MS Windows source code escapes onto Internet
Windows leak dangers exaggerated
Half Life 2 leak means no launch for Christmas

Corrections Send us news

Other stories you might like

Experimental WebAssembly port of LibreOffice released

Try it in your browser

Liam Proven in Prague Sat 19 Feb 2022 // 08:34 UTC

Almost exactly a year after we last covered it, an experimental version of LibreOffice compiled to WebAssembly (nicknamed LOWA) has appeared.
Be warned, it's about 300MB, so it takes a while to load, but you can try it here in your browser.
It's based on the still-prototype LibreOffice 7.4 codebase and is not yet ready for production use. Given that LibreOffice is a large codebase, parts of which are decades old, this is a significant vindication of WebAssembly. There's more info on the port here, from a presentation by Thorsten Behrens at FOSDEM 2022, which took place this month.

Continue reading
Linux Snap package tool fixes make-me-root bugs

Or you could think of them as a superuser password reset function

Gareth Corfield Sat 19 Feb 2022 // 00:15 UTC

The snap-confine tool in the Linux world's Snap software packaging system can be potentially exploited by ordinary users to gain root powers, says Qualys.
Snap was developed by Ubuntu maker Canonical, and can be used with Ubuntu and on other Linux distributions, if one so wishes, to install applications and services. According to infosec biz Qualys, which found and reported the security shortcomings, there are two ways Snap's internal program snap-confine can be exploited to gain superuser privileges:

Continue reading
CISA publishes list of free security tools for business protection

Agency quiet on the selection criteria but at least the price is right

Thomas Claburn in San Francisco Fri 18 Feb 2022 // 20:08 UTC

The US Cybersecurity and Infrastructure Agency (CISA) has published a web catalog of free cybersecurity resources in the hope that those overseeing critical infrastructure can use the tools to better secure their systems.
"CISA is super proud to announce the start of a new catalog of free resources available to those critical infrastructure owners and operators who would benefit from tools to help their security and resilience," said CISA director Jen Easterly in a statement.
"Many organizations, both public and private, are target rich and resource poor. The resources on this list will help such organizations improve their security posture, which is particularly critical in the current heightened threat environment."

Continue reading

Adobe warns of second critical security hole in Adobe Commerce, Magento

As sanctioned Russian infosec firm says it has working exploit code

Gareth Corfield Fri 18 Feb 2022 // 19:20 UTC

Adobe has put out a warning about another critical security bug affecting its Magento/Adobe Commerce product – and IT pros need to install a second patch after an initial update earlier this week failed to fully plug the first one.
You need to apply both patches, in order.
The new vuln has also been assigned a severity rating of the 9.8 on the CVSS scale – the same as its predecessor, for which Adobe issued an out-of-bounds patch earlier in the week. It's tracked as CVE-2022-24087 and – like the earlier vuln, CVE-2022-24086 – impacts both Magento Open Source and Adobe Commerce.

Continue reading
HPE, Samsung invest in quantum startup Classiq

Signs that interest in the market is ramping up

Dan Robinson Fri 18 Feb 2022 // 18:21 UTC

Quantum computing startup Classiq has raised $33m in a Series B funding round from investors including HPE and Samsung, a sign that interest in the emerging market may be stirring.
Tel Aviv-based Classiq provides a platform to help developers with algorithm design work for quantum software. The firm contends that coding at the quantum gate level works today, when most quantum systems only support a relatively small number of qubits and code is largely experimental, but this approach will not scale once algorithms start to require more than a few qubits.
Classiq has previously secured seed funding from Entrée Capital, which was then joined by Wing VC, Team8, IN Venture and OurCrowd in a $10.5m Series A round at the start of 2021.

Continue reading
GNOME Project retires OpenGL rendering library Clutter

RIP. You brought hardware-accelerated 3D to many Linux programs

Liam Proven in Prague Fri 18 Feb 2022 // 17:32 UTC

The GNOME Project has announced that it's retiring the Clutter library, the tool that bought OpenGL-based hardware rendering to Linux in 2006.
Clutter was originally written by now-Intel subsidiary OpenedHand and in its day was a widely used library, enabling GObject-based C code to draw user interfaces using OpenGL.
It brought hardware-accelerated 3D to a lot of Linux programs, including the Mutter window manager (Metacity + Clutter) used by GNOME Shell, System76's COSMIC desktop and Raspberry Pi's PIXEL. The Cinnamon desktop uses a fork of Mutter called Muffin.

Continue reading

UK starts to ponder how Huawei ban would work

Sanctions already in place, blockade set to be rolled into telecoms law

Lindsay Clark Fri 18 Feb 2022 // 16:23 UTC

Updated The British government has started a consultation to find ways to legally remove the equipment of telecoms giant Huawei from its 5G networks by the end of 2027.
Proposals include asking full-fibre broadband operators to stop installing Huawei equipment affected by US sanctions. UK telecoms providers have already begun to remove Huawei from the UK's 5G networks following a government announcement in July 2020.
The US has retained its opposition to using the Chinese manufacturer's equipment in essential infrastructure. Although the policy began under controversial Republican president Donald Trump, it has survived the transition to Democrat Joe Biden, who signed The Secure Equipment Act on Thursday. In 2020, Trump extended his executive order banning US companies from using or buying telecoms equipment from Chinese manufacturers Huawei and ZTE.

Continue reading
Should we expect to keep communication private in the digital age?

Reg writers and readers wrangle over rights and realities

Joe Fay Fri 18 Feb 2022 // 15:21 UTC

Register Debate Can you have a debate on privacy without mentioning Orwell and 1984 or Bentham's Panopticon?
You can certainly try, which is just what our contributors did this week, when they went head to head on the motion: In the digital age, we should not expect our communications to remain private.
I kicked off proceedings, pointing out that, according to the UN amongst others, privacy is not just nice to have, but a human right and that of course this extends to digital communications.

Continue reading
HPE, Qualcomm team for virtualized 5G network kit

Pair aim to deliver the industry's first fully optimised vDU

Dan Robinson Fri 18 Feb 2022 // 15:02 UTC

HPE continues edge into telecoms, and is now working with Qualcomm to on hardware for 5G networks, specifically a next generation of 5G distributed units based on HPE servers and Qualcomm's 5G RAN (radio access network) accelerator cards to support high capacity and low-latency workloads.
The two firms said that this new collaboration aims to meet the demands of next-generation networks, and will focus on delivering high-performance, cloud-native, OpenRAN-compliant 5G solutions for network operators.
HPE and Qualcomm said they hoped to deliver the industry's first fully optimised virtualized distributed unit (vDU) solution, where a DU includes both the baseband processing and RF functions in 5G network deployments.

Continue reading
IT vendors set to use headline inflation to justify price hike

It shouldn't affect costs, but it will, says software asset management intel org

Lindsay Clark Fri 18 Feb 2022 // 14:10 UTC

Analysis Both the UK and the US have recorded the highest inflation figures for decades. With inflation in the Eurozone hitting similar levels, the news is set to mark the end of more than a decade of ultra-low interest rates in the West.

Continue reading
Internet connection now required for Windows 11 Pro Insider setup

No more local accounts on bleeding-edge build, and you need a Microsoft account too

Richard Speed Fri 18 Feb 2022 // 12:58 UTC

Microsoft has slapped an internet connectivity requirement on the Dev Channel version of Windows 11 Pro setup and warned that a Microsoft account will be required for future builds in the Insider programme.
The notification was dropped in at the end of the impressively long list of tweaks in build 22557, of which the most eye-catching for us was the updated Task Manager.
In all honesty, we didn't notice until we put the build on a sacrificial Intel PC and noticed something different during the out-of-box experience (OOBE). Scroll down the epic list of changes in this build, and there it is:

Continue reading

ABOUT US

MORE CONTENT

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

SIGN UP TO OUR DAILY NEWSLETTER

Biting the hand that feeds IT © 1998–2022

Your Consent Options Cookies Privacy Ts&Cs