Tech Industry

Week in review: Code breaking

Source code was again under attack, as Cisco Systems investigated a leak, and two popular repository applications were found to have vulnerabilities.

Source code was again under attack this week, as Cisco Systems investigated a leak, and two popular repository applications were found to have vulnerabilities.

Some of the proprietary source code that drives Cisco's networking hardware appeared on the Internet late last week, but the company could not confirm whether network intruders made off with 800MB of code, as reported by a Russian security group over the weekend.

Regardless, security experts say the source code leak won't result in the discovery of a large number of vulnerabilities.

"Cisco code needs specialized hardware, so most people aren't going to be able to compile the files," said Johannes Ullrich, chief technology officer of the Internet Storm Center, an online service that monitors threats on the Internet.

This is the second time this year that a major technology company's product source code has been made public without authorization. In February, source code for parts of Microsoft's Windows 2000 and Windows NT were leaked to the Internet. One security researcher claimed that he had discovered a minor Internet Explorer flaw by analyzing that source code.

Meanwhile, flaws in two popular source code repository applications could allow attackers to access and corrupt open-source software projects. One vulnerability affects the Concurrent Versions System (CVS), an application used by many developers to store program code. The other flaw affects a newer system, known as Subversion, which is less widely used.

The CVS software is run by many large open-source projects to create servers that maintain multiple versions of a program under development. Groups developing the Gnome and KDE Linux desktops, the Apache Web server and large Linux distributions are among those that use servers with the source code databases.

Apple harvest
Usually immune to the majority of software vulnerabilities that surface on the Net, Apple Computer got hit by a double whammy this week, when a security researcher publicized a pair of flaws in Mac OS X that, when used together, could let attackers place a malicious program on a Mac and then run the file.

The flaws could be used to create a virus that spreads through a Web link sent via e-mail messages. An attacker would also have to create a Web site with special programming.

Those new versions of Mac OS X will keep coming out, but the company won't continue releasing upgrades at at quite the pace it's maintained in recent years. Since rolling out the first version of Mac OS X in 2001, Apple has released three updates, and it plans to show off a new version of the operating system, code-named Tiger, at its worldwide developer conference next month.

"We're slowing that (pace) down a little bit...because that's not a sustainable rate," said Avie Tevanian, Apple's chief software technology officer. "But you'll still see us go really fast."

Apple is also looking to patent a method of making windows within the operating system translucent. Translucency, specifically windows that become more see-through after they are unused for a period of time, has been a feature of Mac OS X since its inception in 2001 and has also shown up as a planned feature for Longhorn, the next version of Windows, due in 2006.

Open-source battle lines
A controversial report says it's hard to imagine that Linus Torvalds could have launched Linux without directly using earlier operating-system work. The 92-page report, from a 14-person Washington, D.C., think tank called the Alexis de Tocqueville Institution, suggests that more Linux credit should go to the developer of a system called Minix.

According to the study, it makes sense that Minix designer Andrew Tanenbaum, who had years of OS experience and who had seen the Unix source code, could create Minix in three years. "However, it is highly questionable that Linus, still just a student, with virtually no operating-systems development experience, could do the same, especially in one-sixth of the time," says the study, which was written by Ken Brown, president of the group.

Torvalds disputes Brown's study, and Minix designer Andrew Tanenbaum has been harshly critical of it as well.

"Linus didn't sit down in a vacuum and suddenly type in the Linux source code. He had my book, was running Minix and undoubtedly knew the history (since it is in my book). But the code was his," Tanenbaum said in a Web posting.

Meanwhile, the Linux-Unix battle heated up, as a leading free-software group vowed to fight portions of a request to release information that could help the SCO Group in its legal battle. In the latest twist in SCO's $5 billion lawsuit against IBM, the Free Software Foundation has said it does not plan to turn over certain internal documents and communications between key open-source proponents, as SCO had asked in a subpoena.

"I'm not going to permit a fishing expedition at the Free Software Foundation from a party that has shown a great deal of hostility to the Free Software Foundation and its community," said Eben Moglen, the organization's general counsel.

Also, IBM asked the court presiding over the dispute to issue a prompt ruling that Big Blue did not infringe on SCO's copyrights. In its motion, IBM argues that SCO has produced no evidence to back up its copyright claims and is unlikely to do so. As a result, IBM states, the copyright claims should be dumped from the case.

It's in the e-mail
Web portal Lycos has followed Google and Yahoo into the race to provide e-mail users with massive amounts of storage, and it claims to already be beating these rivals. Lycos announced on Tuesday that it is upgrading its service in the United Kingdom to give consumers 1 gigabyte of e-mail storage. But unlike some rival services being developed, the Lycos service is not free. Users will have to pay a monthly fee of about $6.

Google caused considerable excitement last month, when it announced that it was developing a free service called Gmail and that it would give all users of this service 1GB of storage space--far more than the 2MB offered by MSN's Hotmail, for example.

This week, Google appeared at first to be upping the ante against Lycos by a factor of 1,000, when it raised storage limits for some users of its e-mail service to 1 million megabytes, or 1 terabyte. But the increase was the result of a glitch that the company said it was working to reverse.

Also of note
AT&T said it plans to re-enter the wireless market with Sprint...Apple is splitting its product development group into two divisions--one focused on the Mac and the other focused on iPod digital music player...Broadband access has taken off on a Lufthansa flight equipped with Connexion by Boeing's mobile communications service...As Congress considers legislation to restrict the use of electronic voting machines, 13 House of Representatives members have asked for an investigation into the security problems of e-voting machines.