MS Win2000 and WinNT source code leaked???

[BatmanNate]

Originally posted by: Descartes

Originally posted by: ThaGrandCow

The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn't bare thinking about.

If the source really was leaked, then does he think that the only people looking at it are going to be people trying to make exploits? I guess he's never heard of open source and how thousands of sets of eyes help to find bugs and exploits and get them fixed.

Plus, if the rumors I've heard are true then the source code for windows is so jumbled up it'll be years before people can even understand what's going on, what with all the hacks and workarounds in the code.

EDIT: I also like how it was ONLY the Win2k and WinNT source that was leaked. If someone has that kind of insider information, why didn't they get WinXP also? Watch this turn out to be some big publicity stunt in order to increase sales.
"2k and NT have been stolen! You will be hacked unless you upgrade to XP! Call now and save 10% in our "World's Going to End Because of This" sale!!!"

It must have taken some serious mental gymnastics to actually think of something so insidious.

Insidious is the new trend in "aggressive marketing"

 

[Ameesh]

Originally posted by: beer

Originally posted by: ultimatebob

Originally posted by: rh71
MS should look into who's been recently fired ...

My guess is that it was a cocky college student or rebelious intern who leaked the code. Microsoft gave out this source code to a LOT of colleges and corporations as part of it's "shared source" program.

Frankly, I'm amazed that this didn't happen sooner.

MS gave the ENTIRE source code, worth BILLIONs, to colleges?

SHENS!

its true. many universities have access to the full source code.

 

[rh71]

Originally posted by: ultimatebob

Originally posted by: beer

Originally posted by: ultimatebob

Originally posted by: rh71
MS should look into who's been recently fired ...

My guess is that it was a cocky college student or rebelious intern who leaked the code. Microsoft gave out this source code to a LOT of colleges and corporations as part of it's "shared source" program.

Frankly, I'm amazed that this didn't happen sooner.

MS gave the ENTIRE source code, worth BILLIONs, to colleges?

SHENS!

Yep! here's a list of the colleges who have a copy of the source code.

Personally, I think that it was those hippies at Stanford who leaked it, but I'm just guessing

$20 it was someone from West Bohemia !

 

[XZeroII]

Originally posted by: fivespeed5

Originally posted by: Descartes

Originally posted by: fivespeed5

Originally posted by: ThaGrandCow

If the source really was leaked, then does he think that the only people looking at it are going to be people trying to make exploits? I guess he's never heard of open source and how thousands of sets of eyes help to find bugs and exploits and get them fixed.

Plus, if the rumors I've heard are true then the source code for windows is so jumbled up it'll be years before people can even understand what's going on, what with all the hacks and workarounds in the code.

you really thing MS would take fixes from open source community? not to mention how many people in the open source community help MS.

They've been doing it for quite some time with several of their OSS and SSS projects, but you're free to think otherwise.

you mean the MS taking code part?

Microsoft has released the source for .NET. I'm surprised you didn't know that. After all, you see to know everything about Microsoft and their practices.

 

[Ameesh]

Originally posted by: Descartes

Originally posted by: ThaGrandCow

Originally posted by: fivespeed5

Originally posted by: ThaGrandCow

If the source really was leaked, then does he think that the only people looking at it are going to be people trying to make exploits? I guess he's never heard of open source and how thousands of sets of eyes help to find bugs and exploits and get them fixed.

Plus, if the rumors I've heard are true then the source code for windows is so jumbled up it'll be years before people can even understand what's going on, what with all the hacks and workarounds in the code.

you really thing MS would take fixes from open source community? not to mention how many people in the open source community help MS.

There have been many instances of people finding exploits in MS software through just regular poking around without the source. Many times they'll notify MS and get ignored, but once it gets posted to bugtraq MS will release a patch very quickly, especially if it's a major hole.

I believe you have a very malformed perception of how MS handles these issues. True, there have been findings left unpatched before someone decided to achieve notoriety by putting the spoit on lists, but MS is not an organization of twenty OSS devs who can go wantonly about applying ad-hoc patches to code. I know of many people who notified MS of an issue that were well taken care of as a result.

Descartes, there is no point in argiung with these guys. 99% of them have never worked for a large software house and have no idea what kind of processes it takes to get fixes out and maintained over several hundred million customers all across the world.

 

[Descartes]

Originally posted by: Ameesh

Originally posted by: Descartes

Originally posted by: ThaGrandCow

Originally posted by: fivespeed5

Originally posted by: ThaGrandCow

If the source really was leaked, then does he think that the only people looking at it are going to be people trying to make exploits? I guess he's never heard of open source and how thousands of sets of eyes help to find bugs and exploits and get them fixed.

Plus, if the rumors I've heard are true then the source code for windows is so jumbled up it'll be years before people can even understand what's going on, what with all the hacks and workarounds in the code.

you really thing MS would take fixes from open source community? not to mention how many people in the open source community help MS.

There have been many instances of people finding exploits in MS software through just regular poking around without the source. Many times they'll notify MS and get ignored, but once it gets posted to bugtraq MS will release a patch very quickly, especially if it's a major hole.

I believe you have a very malformed perception of how MS handles these issues. True, there have been findings left unpatched before someone decided to achieve notoriety by putting the spoit on lists, but MS is not an organization of twenty OSS devs who can go wantonly about applying ad-hoc patches to code. I know of many people who notified MS of an issue that were well taken care of as a result.

Descartes, there is no point in argiung with these guys. 99% of them have never worked for a large software house and have no idea what kind of processes it takes to get fixes out and maintained over several hundred million customers all across the world.

:beer:

 

[glugglug]

Like I posted in the similar thread in P&N:

This is an obvious hoax.

THe source code to all of windows does not exist in one single place. For example, messenger service would not be part of the same project or built by the same team as mmc, which would be built by a totally separate group from IE, etc. Even smaller pieces of Windows like IIS would have different subsections built by totally separate teams.

And the original source to the Microsoft TCP/IP stack (ws2_32.dll) would be at Berkeley since it is pretty much stolen from BSD.

Someone may have stolen the source to the Windows "kernel" (which oddly includes about a dozen 640x400 images as part of the binary), but the source to Windows in its entirety is built by many separate groups which all have their own source trees, and it would not ALL be sitting in one convenient spot to copy from.


Not to mention that supposed "files.txt" has lots of mistakes like "source" for FONTS, no source or lib produced from many of the DLLs that are there as part of a standard install (essential stuff like msgina.dll has no source or even a lib in that list, I see no apparent source for ntoskrnl.exe in that list, plenty of others I didn't have to look very hard to find, and it has a WOW64 directory -- AFAIK M$ has no plans on making Win2K for AMD64). ALso there should be a lot more BMPs that get embedded as resources into some of the binaries.


One more thing:

Do you really honestly believe that the source to ALL of Windows would consist of less than 1/5 the number of files that are included in the VC98 directory alone from Visual Studio 6?

 

[MercenaryForHire]

Originally posted by: EyeMWing
I've seen a very convincing file list for this theft. It looks VERY complete and spans architectures that were never released. Win2k for Alpha, MIPS, PPC, PPCmac

Either someone has an overactive imagination or this is legit.

Hell, I've got an NT4 beta disc with binaries for Alpha, MIPS, and PPC. Lemme see if I can dig it up.

- M4H

 

[parsley007]

here is a mirror for the neowin site if anyone wants to see the original article..

 

[ajpa123]

I read this in Fortune magazine regarding China.. i'm guessing it's accurate:

'In recent months it has moved to define its own standards for office software, operating systems, mobile phones, wireless computing, Internet protocols, DVD players, video compression, RFID, and other important technologies. China argues that by dictating standards it avoids potential national security risks. Of course, it could also potentially save the billions of dollars a year in licensing fees that it now shells out. Tech giants are bowing to its demands despite China's blithe attitude toward intellectual-property rights. The country recently insisted on, and won, permission to inspect Microsoft's Windows source code. '

So, you can add China to your list.. Interesting isn't it.

 

[fs5]

Originally posted by: glugglug
Someone may have stolen the source to the Windows "kernel" (which oddly includes about a dozen 640x400 images as part of the binary), but the source to Windows in its entirety is built by many separate groups which all have their own source trees, and it would not ALL be sitting in one convenient spot to copy from.

no one said they copied it.. we don't know who "stole" it. Like mentioned before many organizations had access to the source code.

 

[EyeMWing]

Originally posted by: MercenaryForHire

Originally posted by: EyeMWing
I've seen a very convincing file list for this theft. It looks VERY complete and spans architectures that were never released. Win2k for Alpha, MIPS, PPC, PPCmac

Either someone has an overactive imagination or this is legit.

Hell, I've got an NT4 beta disc with binaries for Alpha, MIPS, and PPC. Lemme see if I can dig it up.

- M4H

So do I. But that doesn't work on Mac PPCs.

 

[damiano]

anyone has serious confirmation of this?

 

[j@cko]

oh don't worry ppl.. i just called Al Gore and he said that he will have the next gen OS very soon....!

 

[fs5]

http://news.com.com/2100-7349_3-5158496.html?tag=nefd_lede

The 203MB file expands to just under 660MB, he said, noting that the final code size almost perfectly matches the capacity of a typical CD-ROM. The entire source code, he said, is believed to be about 40GB, meaning that the file circulating Thursday would be only a fraction of the full code base--if it is authentic.

 

[XZeroII]

Originally posted by: fivespeed5
http://news.com.com/2100-7349_3-5158496.html?tag=nefd_lede

The 203MB file expands to just under 660MB, he said, noting that the final code size almost perfectly matches the capacity of a typical CD-ROM. The entire source code, he said, is believed to be about 40GB, meaning that the file circulating Thursday would be only a fraction of the full code base--if it is authentic.

I knew that it would be VERY large if it were true. However, I wonder how they found out what the file size(s) are unless they have it which would be very risky for them.

 

[TommyVercetti]

Originally posted by: XZeroII

Originally posted by: fivespeed5
http://news.com.com/2100-7349_3-5158496.html?tag=nefd_lede

The 203MB file expands to just under 660MB, he said, noting that the final code size almost perfectly matches the capacity of a typical CD-ROM. The entire source code, he said, is believed to be about 40GB, meaning that the file circulating Thursday would be only a fraction of the full code base--if it is authentic.

I knew that it would be VERY large if it were true. However, I wonder how they found out what the file size(s) are unless they have it which would be very risky for them.

I saw some links on Slashdot of official presentations by MS at a conference, and the size of the whole source code is in on of the power point slides.

 

[glugglug]

Originally posted by: XZeroII

Originally posted by: fivespeed5
http://news.com.com/2100-7349_3-5158496.html?tag=nefd_lede

The 203MB file expands to just under 660MB, he said, noting that the final code size almost perfectly matches the capacity of a typical CD-ROM. The entire source code, he said, is believed to be about 40GB, meaning that the file circulating Thursday would be only a fraction of the full code base--if it is authentic.

I knew that it would be VERY large if it were true. However, I wonder how they found out what the file size(s) are unless they have it which would be very risky for them.

The list of files & sizes linked above totals 1.4GB. They can't even keep the numbers consistent.

 

[SammyBoy]

Russian connection

While the firm's reluctance to say much is understandable, more details of the attack have been reported in New York's Wall Street Journal.

It says the security breach was discovered by staff on Wednesday. They detected internal passwords being sent remotely to an e-mail account in St Petersburg in Russia.

Electronic logs apparently showed that the passwords were being used to transfer source code.

Computer security experts say the hackers appear to have used a virus called Qaz to break into Microsoft's network.

They say Qaz first surfaced in China in July and is a "worm" virus, which makes copies of itself to spread throughout a network.

Secrets

Once installed, the Qaz program allows hackers unauthorised access to the network by, for example, relaying back to them passwords and other secret information.

It is also believed that the virus entered Microsoft's system within an inconspicuous-looking e-mail and, once inside, began replicating.

This kind of virus is known as a Trojan, after the Trojan Horse of Greek mythology, which was used to end the siege of Troy.

Astonishingly, the hackers are believed to have had access to Microsoft's network for three months before the breach was detected.

Microsoft says it has referred the attack to the US Federal Bureau of Investigation (FBI) and is working with the authorities to "protect its intellectual property".

 

[MercenaryForHire]

Originally posted by: SammyBoy

Russian connection

While the firm's reluctance to say much is understandable, more details of the attack have been reported in New York's Wall Street Journal.

It says the security breach was discovered by staff on Wednesday. They detected internal passwords being sent remotely to an e-mail account in St Petersburg in Russia.

Electronic logs apparently showed that the passwords were being used to transfer source code.

Computer security experts say the hackers appear to have used a virus called Qaz to break into Microsoft's network.

They say Qaz first surfaced in China in July and is a "worm" virus, which makes copies of itself to spread throughout a network.

Secrets

Once installed, the Qaz program allows hackers unauthorised access to the network by, for example, relaying back to them passwords and other secret information.

It is also believed that the virus entered Microsoft's system within an inconspicuous-looking e-mail and, once inside, began replicating.

This kind of virus is known as a Trojan, after the Trojan Horse of Greek mythology, which was used to end the siege of Troy.

Astonishingly, the hackers are believed to have had access to Microsoft's network for three months before the breach was detected.

Microsoft says it has referred the attack to the US Federal Bureau of Investigation (FBI) and is working with the authorities to "protect its intellectual property".

Email attachment > Microsoft.

- M4H

 

[Spencer278]

Originally posted by: MercenaryForHire

Originally posted by: SammyBoy

Russian connection

While the firm's reluctance to say much is understandable, more details of the attack have been reported in New York's Wall Street Journal.

It says the security breach was discovered by staff on Wednesday. They detected internal passwords being sent remotely to an e-mail account in St Petersburg in Russia.

Electronic logs apparently showed that the passwords were being used to transfer source code.

Computer security experts say the hackers appear to have used a virus called Qaz to break into Microsoft's network.

They say Qaz first surfaced in China in July and is a "worm" virus, which makes copies of itself to spread throughout a network.

Secrets

Once installed, the Qaz program allows hackers unauthorised access to the network by, for example, relaying back to them passwords and other secret information.

It is also believed that the virus entered Microsoft's system within an inconspicuous-looking e-mail and, once inside, began replicating.

This kind of virus is known as a Trojan, after the Trojan Horse of Greek mythology, which was used to end the siege of Troy.

Astonishingly, the hackers are believed to have had access to Microsoft's network for three months before the breach was detected.

Microsoft says it has referred the attack to the US Federal Bureau of Investigation (FBI) and is working with the authorities to "protect its intellectual property".

Email attachment > Microsoft.

- M4H

That will teach them not to use out look.

 

[Goosemaster]

Originally posted by: Spencer278

Originally posted by: MercenaryForHire

Originally posted by: SammyBoy

Russian connection

While the firm's reluctance to say much is understandable, more details of the attack have been reported in New York's Wall Street Journal.

It says the security breach was discovered by staff on Wednesday. They detected internal passwords being sent remotely to an e-mail account in St Petersburg in Russia.

Electronic logs apparently showed that the passwords were being used to transfer source code.

Computer security experts say the hackers appear to have used a virus called Qaz to break into Microsoft's network.

They say Qaz first surfaced in China in July and is a "worm" virus, which makes copies of itself to spread throughout a network.

Secrets

Once installed, the Qaz program allows hackers unauthorised access to the network by, for example, relaying back to them passwords and other secret information.

It is also believed that the virus entered Microsoft's system within an inconspicuous-looking e-mail and, once inside, began replicating.

This kind of virus is known as a Trojan, after the Trojan Horse of Greek mythology, which was used to end the siege of Troy.

Astonishingly, the hackers are believed to have had access to Microsoft's network for three months before the breach was detected.

Microsoft says it has referred the attack to the US Federal Bureau of Investigation (FBI) and is working with the authorities to "protect its intellectual property".

Email attachment > Microsoft.

- M4H

That will teach them not to use out look.

When in a hole, create a quazi virus to blame everything on.

I guess they just went with Qaz.

 

[beer]

"The more (that) creators of viruses know about how antivirus mechanisms in Windows operating systems work, the easier it will be to create viruses or disable or destroy those mechanisms,"

Microsoft Windows has antivirus mechanisms?

 

[Chiropteran]

Originally posted by: beer

Microsoft Windows has antivirus mechanisms?

Yes. Add/remove programs, uninstall outlook to activate builtin antivirus features.

 

[BuckNaked]

http://apnews.myway.com/article/20040213/D80M46CO1.html