Windows source code released on the Internet

[IaPuP]

Slashdot was reporting that a good bit of Windows source code was leaked onto the Internet a little while ago.

Within 45 minutes, Slashdot was offline and is now inaccessable. I hadn't had a chance to read the article, but I sure would like to!!

Anybody know more info?

Eric

 

[Twista]

Slashdot works but the site hosting it is busy which is "http://www.neowin.net/comments.php?id=17509&category=main

Windows 2000 & Windows NT 4 Source Code Leaks

 

[NuclearFusi0n]

I'm having a good chuckle.

I now only have three words: Clean Room Implementation

 

[Twista]

You know Microsoft has the Men In Black "brain flash eraser thingies right?"
[hope i dont get banned for his but heres the code below]

The Source Code to Windows 2000

Author:
Sent: Thursday, February 24, 2000 10:28 AM

/* Source Code to Windows 2000 */
#include "win31.h"
#include "win95.h"
#include "win98.h"
#include "workst~1.h"
#include "evenmore.h"
#include "oldstuff.h"
#include "billrulz.h"
#include "monopoly.h"
#define INSTALL HARD
char make_prog_look_big[1600000];
void main()
{
while(!CRASHED)
{
display_copyright_message();

display_bill_rules_message();
do_nothing_loop();
if (first_time_installation)
{

make_50_megabyte_swapfile();

do_nothing_loop();

totally_screw_up_HPFS_file_system();

search_and_destroy_the_rest_of_OS/2();

make_futile_attempt_to_damage_Linux();

disable_Netscape();

disable_RealPlayer();

disable_Lotus_Products();

hang_system();
}
write_something(anything);
display_copyright_message();
do_nothing_loop();
do_some_stuff();
if (still_not_crashed)
{

display_copyright_message();

do_nothing_loop();

basically_run_windows_3.1();

do_nothing_loop();

do_nothing_loop();
}
}
if (detect_cache())
disable_cache();
if (fast_cpu())
{

set_wait_states(lots);
set_mouse(speed,
very_slow);
set_mouse(action,
jumpy);
set_mouse(reaction,
sometimes);
}
/* printf("Welcome to Windows
3.1"); */
/* printf("Welcome to Windows
3.11"); */
/* printf("Welcome to Windows
95"); */
/* printf("Welcome to Windows NT
3.0"); */
/* printf("Welcome to Windows
98"); */
/* printf("Welcome to Windows NT
4.0"); */
printf("Welcome to Windows
2000");
if (system_ok())
crash(to_dos_prompt)
else
system_memory =
open("a:\swp0001.swp", O_CREATE);
while(something)
{
sleep(5);

get_user_input();
sleep(5);

act_on_user_input();
sleep(5);
}
create_general_protection_fault();

 

[Barnaby W. Füi]

http://slashdot.org/comments.pl?sid=96614&cid=8262354

 

[AFB]

Interesting

*cough*SCO*cough*

 

[ITJunkie]

Originally posted by: Twista
You know Microsoft has the Men In Black "brain flash eraser thingies right?"
[hope i dont get banned for his but heres the code below]

Bwaa haa haaa :beer:

 

[AFB]

Originally posted by: Twista
You know Microsoft has the Men In Black "brain flash eraser thingies right?"
[hope i dont get banned for his but heres the code below]

The Source Code to Windows 2000

Author:
Sent: Thursday, February 24, 2000 10:28 AM

/* Source Code to Windows 2000 */
#include "win31.h"
#include "win95.h"
#include "win98.h"
#include "workst~1.h"
#include "evenmore.h"
#include "oldstuff.h"
#include "billrulz.h"
#include "monopoly.h"
#define INSTALL HARD
char make_prog_look_big[1600000];
void main()
{
while(!CRASHED)
{
display_copyright_message();

display_bill_rules_message();
do_nothing_loop();
if (first_time_installation)
{

make_50_megabyte_swapfile();

do_nothing_loop();

totally_screw_up_HPFS_file_system();

search_and_destroy_the_rest_of_OS/2();

make_futile_attempt_to_damage_Linux();

disable_Netscape();

disable_RealPlayer();

disable_Lotus_Products();

hang_system();
}
write_something(anything);
display_copyright_message();
do_nothing_loop();
do_some_stuff();
if (still_not_crashed)
{

display_copyright_message();

do_nothing_loop();

basically_run_windows_3.1();

do_nothing_loop();

do_nothing_loop();
}
}
if (detect_cache())
disable_cache();
if (fast_cpu())
{

set_wait_states(lots);
set_mouse(speed,
very_slow);
set_mouse(action,
jumpy);
set_mouse(reaction,
sometimes);
}
/* printf("Welcome to Windows
3.1"); */
/* printf("Welcome to Windows
3.11"); */
/* printf("Welcome to Windows
95"); */
/* printf("Welcome to Windows NT
3.0"); */
/* printf("Welcome to Windows
98"); */
/* printf("Welcome to Windows NT
4.0"); */
printf("Welcome to Windows
2000");
if (system_ok())
crash(to_dos_prompt)
else
system_memory =
open("a:\swp0001.swp", O_CREATE);
while(something)
{
sleep(5);

get_user_input();
sleep(5);

act_on_user_input();
sleep(5);
}
create_general_protection_fault();

That would be funny as hell if something similar was in there.

 

[JeremiahTheGreat]

I don't think he's joking!

 

[drag]

This isn't the first time or the last time hackers get ahold of code. Which makes the security by obscurity of "closed source" software laughable. (it can be secure in other ways, mind you.)

There are plenty of people that see windows code on a regular basis, and lots of these people have
"night jobs" if you get my drift.

 

[spyordie007]

That would be a good reason that "security by obscurity" alone is not enough to consider it secure. The point of security by obsurity is that you have a smaller pool of people with access to the source and that just buys the vendor time to write a patch, not that it makes volunerabilities untouchable...

 

[drag]

Originally posted by: spyordie007
That would be a good reason that "security by obscurity" alone is not enough to consider it secure. The point of security by obsurity is that you have a smaller pool of people with access to the source and that just buys the vendor time to write a patch, not that it makes volunerabilities untouchable...

That's ok as long as you don't depend on it.Security by obscurity is a falacy and can't be depended on. Any determined attacker can find any information about any peice of software they want. People research for months and months about specific attacks and hacks sometimes would be worth several hundred (edit: ment to say several hundred thousand) dollars to the attacker. Some are legitimate purposes, like a VP just died unexpectedly and his system is ecrypted heavily and you don't know the password so you need to get access to his account for a client, some aren't so legitimant like in corporate espionage.

So, unfortunately, what ends up happening is that only two groups of people end up with at least partially complete source codes. Those that make the programs, and those that have the time and resources to hack the programs. Everybody else is left out of the loop and doesn't have a clue what they need to look out for in some cases.

 

[horhey]

Originally posted by: amdfanboy
Interesting

*cough*SCO*cough*

haha :beer:

 

[spyordie007]

That's ok as long as you don't depend on it.Security by obscurity is a falacy and can't be depended on

Agreed, obscurity alone only keeps the less determined (or less funded) out.

 

[klah]

It's Official:

http://seattletimes.nwsource.com/html/businesstechnology/2001856792_webcode12.html

Microsoft Corp. said late Thursday that parts of its Windows source code ? the tightly guarded blueprints of its dominant operating system ? had been leaked over the Internet.

Microsoft spokesman Tom Pilla said in an interview with The Associated Press that some incomplete portions of the Windows 2000 and Windows NT4 source code had been "illegally made available on the Internet."

He did not know how much of the code had been leaked or how many people may have gained access to it. The company could not immediately pinpoint the source of the leak, and has contacted law enforcement authorities.

 

[n0cmonkey]

That "Windows source code" posted here scared me!

I don't want to see it in fear of getting tainted by licensing restrictions.

The code for 2k was taken a long time ago by some Russian guys, IIRC. Plus the code gets opened to plenty of companies with deep pockets. Not a surprise.

The US government needs to listen to you all and your security through obscurity comments so they remove idiotic and draconian crypto export laws.

 

[mrgoblin]

Wierd, when browsing the source code I found all the headers start with "Copyright, AT&T" and "Copyright, Regents of the University of California". Wonder what thats all about...

 

[Nothinman]

Wierd, when browsing the source code I found all the headers start with "Copyright, AT&T" and "Copyright, Regents of the University of California". Wonder what thats all about...

This is possibly a joke, but it's partly true anyway. MS used a good bit of BSD code in some of their networking tools, just doing something like running strings on their ftp.exe will reveal that.

 

[mrgoblin]

Glad someone had the witt to understand that one.