Jul 16 2004
Selling Source Code
Yahoo! News - Online Hacker Shop Shuts Down
Hackers had set up a web site dedicated to selling the source code for Dragon by Enterasys and Napster, now owned by Roxio. The price for the code was $16k and $10k respectively. Fear of prosecution has forced the hackers to close the website down.
On one hand, I find it very disturbing that the source code for Dragon and Napster is out there somewhere, on the other hand, I say, ‘So what?’
A skilled hacker is going to be able to get much of the same information from working with a product directly and observing the results as they would from looking at the source code directly. It is unlikely that there would be any more holes discovered because of the leak, just that they’d be uncovered more quickly.
Even with the source code for Dragon, I doubt a hacker will be able to take great advantage of it. They might be able to discover a way to disguise an attack based on the algorythms used by Dragon, but I doubt (hope) there are any vulnerabilites that will enable a hacker to take control of a Dragon box, especially if it and the network it protects are properly setup.
Napster, on the other hand, could be a bigger problem. They have a much bigger installed client base, and the discovery of a vulnerability in their product could have larger consequences.
In either case, the price was going to keep the casual hacker from getting the code. Of course the whole thing could have been a ruse to get attention. Why would a hacker group that has the capability to get the source code for these two products ever post to a public website? Maybe they’re just stupid hackers.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}