<<< Date Index >>>     <<< Thread Index >>>

FW: Hacker Group back again, this time claiming to have source code to Cisco PIX firewall



I haven't seen this posted on Bugtraq yet so I thought I'd pass it along.


Cheers!

Brian Graham
Systems Administrator, NEGT

----------------------------------------------------------------
To err is human... to really foul up requires the root password.
----------------------------------------------------------------

/"\
\ /
 X   ASCII Ribbon Campaign
/ \  Against HTML Email



-----Original Message-----
From: energyadmin@xxxxxxxxxxxxxx [mailto:energyadmin@xxxxxxxxxxxxxx]
Sent: Thursday, November 04, 2004 4:54 PM
To: Beadel, James
Subject: Hacker Group back again, this time claiming to have source code
to Cisco PIX firewall




---------------------------------------------------------------------
THREAT ALERT   from the ENERGY ISAC
---------------------------------------------------------------------

Record 1 of 1
Hacker Group back again, this time claiming to have source code to Cisco PIX 
firewall

Advisory ID:    2004-11-018

Date/Time Reported (GMT):    11/4/2004 9:45 PM

Title:    Hacker Group back again, this time claiming to have source code to 
Cisco PIX firewall 
(https://www1.energyisac.com/?requestUrl=..%2fcontent%2fview.aspx%3fPageID%3di6084%26Id%3d369816)

Risk:    2

Type of Threat:    Piracy of Software

Business Impact:    N/A

Summary:    
The Source Code Club (SCC) is reportedly back in business.  Last July the 
anonymous hacker group began peddling proprietary source code to an older 
version of Enterasys Network's Dragon IDS software (refer to ISAC Advisory ID 
2004-07-061).  SCC appears to have resurfaced, this time claiming to have a 
copy of the source code for a recent version of Cisco System's PIX firewall.

A member of the SCC posted a message to the alt.gaps.international.sales Usenet 
newsgroup on Monday, November 2nd, stating that the group is now selling the 
code for the PIX 6.3.1 firewall firmware for $24,000.  Cisco released the 
latest version (6.3.4) of the firmware this summer.

Technology:    

Description:    
The following text was extracted from the SCC members (aka Larry Hobbles) 
posting:

SCC is proud to announce the general availability of Cisco Pix 6.3.1 source
code.  This release is significant because pix is vital to the security
of many ultra-secure networks.

With the ubiquity of pix devices these days, we see a huge market for such
code.  Many intelligence agencies/government organizations will want to
know if those 1's and 0's in the pix image really are doing what was
advertised.  You must ask yourself how well you trust the pix images you
download to your appliance from cisco.com.

After reading the code, you may build the source code with one of the many
Makefiles provided in the distribution to create your own in-house pix images.
Sleep well at night knowing exactly what is sitting in your pix device's
memory.  Scroll down to the Buy section below for more information.

The price of Enterasys IDS and Napster has been raised.

SCC is a dynamic entity, always evolving and trying out new ways of doing
things.  We have made a few changes in the way we operate, all for the 
better.

We are now offering some buyer incentives.  After you purchase one full
source from SCC, you become a private member.  Private members get access
to lists of sources that are not available to the general public.  This
list may contain sources that have been deemed to sensitive to put up 
for public buying, or it may contain sources that we plan on releasing
in the future to public buyers.  Private members not only get many months
advance buying power to the sources, but will also pay less for sources
than non-members.

The source you purchase to become a private member can be any source, no
matter how cheap or expensive.  This means you will purchase every 'part'
of the source before becoming a private member.

We keep track of who is a private member by your PGP public key.  This way
a customer may always approach us from any anonymous place, and we can 
always verify he/she is a member by the public key.  So do not destroy those
PGP keys!

SCC

Buy
===

SCC is currently offering:

o Cisco Pix 6.3.1-release source code (NEW!)
o Enterasys network and host IDS source code and design documentation 
o Napster source code repository

Buying Options:
1) All at once
2) Piece by piece

Buying Instructions:
Email us with our PGP key to tell us how many pieces of which
package you wish to purchase (read FAQ if you are confused).  PUT 
YOUR PUBLIC PGP KEY INSIDE THE MESSAGE SO WE CAN RESPOND TO YOU.
We will not take orders from anyone not using PGP.

  ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  Cisco Pix Information:

  Cisco Pix is one of the leading firewall security applications on
  the market.  This firewall provides security, ipsec, vpn, intrusion
  protection, network monitoring, and much more services that can be used
  on small personal & business networks and massive gigabit carrier networks.
  For more information on this product and many other great products, please
  visit www.cisco.com ( http://www.cisco.com/ ) .

  The source package includes all sources and 'make' files to compile your own
  in-house pix images using the gcc compiler, suitable to be loaded into a pix
  appliance.

  Interested?

  Any company interested in benefiting from a product that has turned Cisco
  Enterprises into a leading key player in the networking market will be happy
  to know that we are offering Cisco Pix 6.3.1 complete source code for
  only $24,000 USD.

  What will i get in this package you offer?

  1) Complete source code to the entire Cisco Pix archive
  2) Build scripts used by developers to test pix on a multitude of platforms

  Buying options:

  1) All at once:

  The size of pix.full is 37.5 Megabytes (121 Megabytes unpacked)
  The price of the entire archive is $24,000 USD

  2) Piece by Piece:

  We are also offering the archive in 20 separate pieces at: $1,200
  USD per piece.  You are allowed to buy multiple pieces at once.
  Pieces must be purchased in sequential order.

  Each piece (pieces pix.part1 through pix.part20) is roughly 1.9 Megabytes

Recommendations:    N/A

Source(s):    http://www.eweek.com/print_article2/0,2533,a=138478,00.asp ( 
http://www.eweek.com/print_article2/0,2533,a=138478,00.asp ) 
http://www.internetweek.com/allStories/showArticle.jhtml?articleID=51202582 ( 
http://www.internetweek.com/allStories/showArticle.jhtml?articleID=51202582 ) 
http://www.techworld.com/security/news/index.cfm?NewsID=2546 ( 
http://www.techworld.com/security/news/index.cfm?NewsID=2546 ) 
http://www.computerweekly.com/articles/article.asp?liArticleID=134777&liFlavourID=1&sp=1
 ( 
http://www.computerweekly.com/articles/article.asp?liArticleID=134777&liFlavourID=1&sp=1
 ) 

Change History:    



---------------------------------------------------------------------
The content presented in this alert is provided by the ENERGY ISAC. You are 
receiving this because you have subscribed to a notification service through 
the ENERGY ISAC. If you would like to unsubscribe to this notification service, 
please modify your notification subscription settings in the ENERGY ISAC.
---------------------------------------------------------------------