Valhalla Legends Forums Archive | General Discussion | Windows 2000 and Windows NT source code leaked?

AuthorMessageTime
Denial
http://slashdot.org/articles/04/02/12/2114228.shtml?tid=109&tid=187



fo-sho.org/oh.txt

files listed here

30915 files
February 12, 2004, 11:02 PM
Telos
ed2k://|file|windows_2000_source_code.zip.torrent| 16496|5506C49CCCA12204BAB6FE960CE5602C|/

The torrent for anyone who wants it
February 13, 2004, 12:49 AM
MrRaza
slowly slowly downloading!
February 13, 2004, 2:30 AM
Naem
[quote author=Telos link=board=2;threadid=5253;start=0#msg43933 date=1076633369]
ed2k://|file|windows_2000_source_code.zip.torrent| 16496|5506C49CCCA12204BAB6FE960CE5602C|/

The torrent for anyone who wants it
[/quote]

edonkeying a torrent?
ehh
February 13, 2004, 2:51 AM
SNiFFeR
2 hours and 56 minutes remaining 8)
February 13, 2004, 2:51 AM
Probe
why do you guys download it? what exactly are you going to do with it
February 13, 2004, 3:16 AM
Null
Maybe use it for reference , find vulnerbilitys in the o so vulnerable microsoft software.
February 13, 2004, 3:19 AM
DVX
based on that it sounds like a rumor or bullshit :-p should be intersting to find out when it can be verified
February 13, 2004, 3:39 AM
Grok
It's verified.

Microsoft Confirms Windows Code Leak
---

Microsoft Corp. on Thursday confirmed that the source code for two versions of its Windows operating system has been leaked, a security breach that could give hackers important intelligence about how to exploit flaws in software run by most of the world's computers.

"Today we became aware that incomplete portions of Windows 2000 and NT 4.0 source code was illegally made available on the Internet," said Microsoft spokesman Tom Pilla. "It's illegal for third parties to post Microsoft source code and we take that activity very seriously."

Pilla said the company does not know how much of the operating system code was compromised, but he said Microsoft believes it was not a complete version of either operating system.

There was no indication that the code was stolen through a breach of Microsoft's internal network, Pilla said. He said the FBI is investigating the matter.

Computer security experts said the release of Windows source code could pose a significant threat to Internet security, depending on what portion of the code was leaked.

A leak of any portion of the Windows code "could dramatically increase the probability that new zero-day vulnerabilities will be found," said Alan Paller, director of research the SANS Institute, a security training group based in Bethesda, Md.

"Zero day" exploits are highly effective attacks that occur when hackers discover a way to exploit a security vulnerability before or at the same time as a software maker learns of the flaw. Attackers can then use this information to launch a virus or worm that exploits the security hole before a patch can be released to fix the problem.

Thor Larholm, senior security researcher at Newport Beach, Calif.-based PivX Solutions, said the Windows source code file being traded on the Internet appears to be roughly 660 megabytes in size, about the size of one CD-ROM's worth of data. That is far short of the estimated 40 gigabytes of data that makes up the entire 40 million lines of code in the Windows operating system.

Even a partial leak "is a potentially very serious problem for Microsoft," Larholm said. "Just look at the vulnerabilities that are discovered by people who didn't have access to the source code."

The origin of the leak is not currently known. The Redmond, Wash.-based software giant closely guards the computer code that comprises the company's operating system. But Microsoft does license portions of its programming code to security researchers and more than 50 universities under its "Shared Source Initiative."

Microsoft last year said it would began sharing complete copies of its source code with governments around the world that want to validate the security of the software before deploying it in national defense and other sensitive areas. Microsoft signed an agreement in 2003 that lets the Australian government inspect the source code of Windows 2000, Windows XP and Windows Server 2003. Other counties, including India, are exploring similar arrangements.

Unlike open-source software like the widely used Linux operating system, the code comprising Microsoft's Windows software is not open for public inspection. Linux users are encouraged to participate in an open, continuous cycle of modifications and upgrades that its proponents say results in systems that are more secure and reliable than those powered by proprietary code like Windows.
February 13, 2004, 5:01 AM
Thing
[quote]Microsoft last year said it would began sharing complete copies of its source code with governments around the world that want to validate the security of the software before deploying it in national defense and other sensitive areas.[/quote]
[size=20][color=red]Ha ha ha ha ha ha[/color][/size]
February 13, 2004, 5:12 AM
MrRaza
[move][color=red] ;D Ha ha ha ha ha ;D[/color][/move]
February 13, 2004, 5:20 AM
Myndfyr
[quote author=Probe link=board=2;threadid=5253;start=0#msg43974 date=1076642208]
why do you guys download it? what exactly are you going to do with it
[/quote]

B3C0M3 1337 H4X0RZ 4ND PWN U!!!!!
February 13, 2004, 3:11 PM
iago
If hackers manage to find holes that the programmer haven't found in 3 years, then they should be looking at getting new staff anyway :)
February 13, 2004, 5:59 PM
Grok
Sorry Iago, that assertion has no basis in the reality of software engineering, or in software manufacturing.
February 13, 2004, 6:16 PM
iago
[quote author=Grok link=board=2;threadid=5253;start=0#msg44054 date=1076696197]
Sorry Iago, that assertion has no basis in the reality of software engineering, or in software manufacturing.
[/quote]

Microsoft should exclusively hire hackers/virus makers. Who else would know how to fix it? :)
February 13, 2004, 6:20 PM
crashtestdummy
http://www.securitytracker.com/alerts/2004/Feb/1009067.html

IE exploit found with windows source code.
February 16, 2004, 10:14 PM
j0k3r
[quote]It is reported that a remote user can create a specially crafted bitmap file that, when loaded by IE, will trigger an integer overflow and execute arbitrary code.

The report indicates that IE 5 is affected but that IE 6 is not affected.[/quote]
So it will only affect those that don't upgrade?
February 16, 2004, 10:21 PM
crashtestdummy
yeah its just the first thing ive seen that says it was found with the source.
February 16, 2004, 10:51 PM
Hostile
Thats the equivalent of saying, "New exploit found in Windows 2000 SP3, SP4 users are unaffected." With most home uses upgraded, with perhaps the acception of some 28.8k dialup'ers and some poorly maintained companies (all of the companies I've seen have IE6) then you're looking at a really poor audience. Half the time the exploit is only the tip of it, no matter how destructive its the amount of people it can actually effect that matters.
February 17, 2004, 1:45 AM
crashtestdummy
youd be surprised how many people still use win 98
February 17, 2004, 5:08 AM

Search