I haven't seen this posted on Bugtraq yet so I thought I'd pass it along.
Cheers!
Brian Graham
Systems Administrator, NEGT
----------------------------------------------------------------
To err is human... to really foul up requires the root password.
----------------------------------------------------------------
/"\
\ /
X ASCII Ribbon Campaign
/ \ Against HTML Email
-----Original Message-----
From:
energyadmin@energyisac.com [mailto:energyadmin@energyisac.com]
Sent: Thursday, November 04, 2004 4:54 PM
To: Beadel, James
Subject: Hacker Group back again, this time claiming to have source code
to Cisco PIX firewall
---------------------------------------------------------------------
THREAT ALERT from the ENERGY ISAC
---------------------------------------------------------------------
Record 1 of 1
Hacker Group back again, this time claiming to have source code to Cisco PIX firewall
Advisory ID: 2004-11-018
Date/Time Reported (GMT): 11/4/2004 9:45 PM
Title: Hacker Group back again, this time claiming to have source code to Cisco PIX firewall (
https://www1.energyisac.com/?request...%26Id%3d369816)
Risk: 2
Type of Threat: Piracy of Software
Business Impact: N/A
Summary:
The Source Code Club (SCC) is reportedly back in business. Last July the anonymous hacker group began peddling proprietary source code to an older version of Enterasys Network's Dragon IDS software (refer to ISAC Advisory ID 2004-07-061). SCC appears to have resurfaced, this time claiming to have a copy of the source code for a recent version of Cisco System's PIX firewall.
A member of the SCC posted a message to the alt.gaps.international.sales Usenet newsgroup on Monday, November 2nd, stating that the group is now selling the code for the PIX 6.3.1 firewall firmware for $24,000. Cisco released the latest version (6.3.4) of the firmware this summer.
Technology:
Description:
The following text was extracted from the SCC members (aka Larry Hobbles) posting:
SCC is proud to announce the general availability of Cisco Pix 6.3.1 source
code. This release is significant because pix is vital to the security
of many ultra-secure networks.
With the ubiquity of pix devices these days, we see a huge market for such
code. Many intelligence agencies/government organizations will want to
know if those 1's and 0's in the pix image really are doing what was
advertised. You must ask yourself how well you trust the pix images you
download to your appliance from cisco.com.
After reading the code, you may build the source code with one of the many
Makefiles provided in the distribution to create your own in-house pix images.
Sleep well at night knowing exactly what is sitting in your pix device's
memory. Scroll down to the Buy section below for more information.
The price of Enterasys IDS and Napster has been raised.
SCC is a dynamic entity, always evolving and trying out new ways of doing
things. We have made a few changes in the way we operate, all for the
better.
We are now offering some buyer incentives. After you purchase one full
source from SCC, you become a private member. Private members get access
to lists of sources that are not available to the general public. This
list may contain sources that have been deemed to sensitive to put up
for public buying, or it may contain sources that we plan on releasing
in the future to public buyers. Private members not only get many months
advance buying power to the sources, but will also pay less for sources
than non-members.
The source you purchase to become a private member can be any source, no
matter how cheap or expensive. This means you will purchase every 'part'
of the source before becoming a private member.
We keep track of who is a private member by your PGP public key. This way
a customer may always approach us from any anonymous place, and we can
always verify he/she is a member by the public key. So do not destroy those
PGP keys!
SCC
Buy
===
SCC is currently offering:
o Cisco Pix 6.3.1-release source code (NEW!)
o Enterasys network and host IDS source code and design documentation
o Napster source code repository
Buying Options:
1) All at once
2) Piece by piece
Buying Instructions:
Email us with our PGP key to tell us how many pieces of which
package you wish to purchase (read FAQ if you are confused). PUT
YOUR PUBLIC PGP KEY INSIDE THE MESSAGE SO WE CAN RESPOND TO YOU.
We will not take orders from anyone not using PGP.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Cisco Pix Information:
Cisco Pix is one of the leading firewall security applications on
the market. This firewall provides security, ipsec, vpn, intrusion
protection, network monitoring, and much more services that can be used
on small personal & business networks and massive gigabit carrier networks.
For more information on this product and many other great products, please
visit
www.cisco.com (
http://www.cisco.com/ ) .
The source package includes all sources and 'make' files to compile your own
in-house pix images using the gcc compiler, suitable to be loaded into a pix
appliance.
Interested?
Any company interested in benefiting from a product that has turned Cisco
Enterprises into a leading key player in the networking market will be happy
to know that we are offering Cisco Pix 6.3.1 complete source code for
only $24,000 USD.
What will i get in this package you offer?
1) Complete source code to the entire Cisco Pix archive
2) Build scripts used by developers to test pix on a multitude of platforms
Buying options:
1) All at once:
The size of pix.full is 37.5 Megabytes (121 Megabytes unpacked)
The price of the entire archive is $24,000 USD
2) Piece by Piece:
We are also offering the archive in 20 separate pieces at: $1,200
USD per piece. You are allowed to buy multiple pieces at once.
Pieces must be purchased in sequential order.
Each piece (pieces pix.part1 through pix.part20) is roughly 1.9 Megabytes
Recommendations: N/A
Source(s):
http://www.eweek.com/print_article2/...=138478,00.asp (
http://www.eweek.com/print_article2/...=138478,00.asp )
http://www.internetweek.com/allStori...cleID=51202582 (
http://www.internetweek.com/allStori...cleID=51202582 )
http://www.techworld.com/security/ne...fm?NewsID=2546 (
http://www.techworld.com/security/ne...fm?NewsID=2546 )
http://www.computerweekly.com/articl...avourID=1&sp=1 (
http://www.computerweekly.com/articl...avourID=1&sp=1 )
Change History:
---------------------------------------------------------------------
The content presented in this alert is provided by the ENERGY ISAC. You are receiving this because you have subscribed to a notification service through the ENERGY ISAC. If you would like to unsubscribe to this notification service, please modify your notification subscription settings in the ENERGY ISAC.
---------------------------------------------------------------------
Reply With Quote