| Author |
Windows 2000 and NT source code may have been leaked.
|
|
| Boulware5 2004-02-12, 9:41 pm |
| Slashdot reported this and this is from Neowing.com:
Neowin has learned of shocking and potentially devastating news. It would appear that two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT. At this time, it is hard to establish whether or not full code has leaked, and this will undoubtedly remain the situation until an attempt is made to compile them. Microsoft are currently unavailable for comment surrounding this leak so we have no official response from them at the time of writing.
This leak is a shock not only to Neowin, but to the wider IT industry. The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn't bare thinking about.
We ask that for the wider benefit of the IT community that members and readers support Microsoft by forwarding anything they know about the leak to the Microsoft's Anti-Piracy department. | |
| ChrisDfer 2004-02-12, 10:56 pm |
| Looks like windows will be going open source after all  Gotta admit it is very tempting to do a search and take a look at it. | |
| DaDnDe 2004-02-13, 5:15 am |
| ive seen a couple of reports and they all say that it will be more of an embarrassment than a problem.
from what i understand, the source code for both os's are incomplete.
they still feel that some very good programers might be able to exploit the code, but would have to have a fairly extensive and heretofore unpublished knowledge of the system.
the fact that they are downplaying the news makes me wonder if that is the case, or are they trying to snow everyone into thinking that there isnt enough there to do any harm.
i know very little of how the code could do anything for anybody, but doesnt the code have to be complete from the beginning to any point at which the missing code comes in?
i know that sections can be added or layered on top usually is to help distribute the work load when writing it...
guess we'll find out soon enough... | |
| MistyRing 2004-02-13, 8:10 am |
| MS probably compromised the code deliberately to force people to upgrade for "security resons"! | |
| Freddy 2004-02-13, 11:03 am |
| In that Win2K is basically the same as XP, I don't think MS would risk a deliberate release of the source code. This might be a good time to start taking a look at some alternatives. | |
| garryt 2004-02-13, 11:27 am |
| Linux has been open source for years and it has been a good thing -- users able to critique bad stuff and improve it.
As a result, it is a lot more secure than Microsoft products.
Now the world is starting to see the emperor has no clothes. | |
| DaDnDe 2004-02-13, 12:16 pm |
| well ive been pretty heavily involved with computers for the last 8 years and i dont ever remember having the problems we have now with viruses and other malware.
i realize that the advent of the internet, broadband, the much larger variety of files and formats on the internet all make us more vunerable, but lets face it, MS has had the source code for how long and havent got it right yet...
maybe we need to put that source code out in front of more sets of eyes in order to reveal where the problems lie...
i think that MS is running low on small motivated startups operating by the skin of their teeth and a few brilliant ideas.
before MS would buy an idea because it was easier than having to develop it themselves.
now maybe they have released small trouble spots to the public in hopes that someone will see what they cant find.
its pretty obvious that the best and brightest dont work at microsoft. | |
| Boulware5 2004-02-13, 12:32 pm |
| http://news.bbc.co.uk/2/hi/technology/3485545.stm
"Fourthly, for Microsoft to have this code paraded in public is hugely embarrassing. Not least because the code is littered with profanity and might show that many Microsoft programmers do not do a very good job."
LOL | |
|
| quote:
Originally posted by Boulware5
http://news.bbc.co.uk/2/hi/technology/3485545.stm
"Fourthly, for Microsoft to have this code paraded in public is hugely embarrassing. Not least because the code is littered with profanity and might show that many Microsoft programmers do not do a very good job."
LOL
How is using profanity and not writing good code related? | |
|
| quote:
Originally posted by DaDnDe
well ive been pretty heavily involved with computers for the last 8 years and i dont ever remember having the problems we have now with viruses and other malware.
I have been using microsoft products (among other operating systems) for about ten years now. During that time I have had two viruses. You can avoid them with even a little foresight. | |
| DaDnDe 2004-02-13, 1:59 pm |
| very interesting article boulware...
i must say that everything in the article is in character for microsoft.
unlike many companies in the computer field, microsoft doesnt really give the air of being dedicated, intelligent and highly technical.
i would have to think that the great difference in the way people are compensated there must create a huge amount of dissention.
all these leaks are indicative i think of the atmosphere at the company. things like XP selling on the streets of china 2 weeks before microsoft released the product in the us tells one that several people working at microsoft dont all have the loyalest of intentions...
kinda makes you wonder that maybe the virus writers that microsoft is fighting maybe much closer than they realize.
ps. ok i realize that "loyalest" is probably not a word to anyone else but me. but i think i still got my meaning across. and besides, would you rather i talk like a lawyer??
then it would be no mistakes grammatically nor any understanding... | |
| Tarzanboy 2004-02-14, 5:06 pm |
| It is indeed a public relations disaster, regardless of the ultimate implications.
First off, don't confuse loyalty with other motivations. Corporations and OEMs had XP long before the initial public release. As we all know, everyone that has access to corporate edition and OEM software is trustworthy. Yet there were copies of XP being circulated months prior to XP's public release. Is it a conspiracy by Microsoft employees, probably not.
As for whether the code has any effect beyond embarrassment, who knows. What is known is that it was original code at some point. Whether the code has been revised 4 times has not been stated, just that there was a code leak.
Likewise, to what level the code is authentic is unknown. The article plainly states that the code "seems to date from 25 July 2000." As silly as it might sound, it might be a leftover from the rather embarrassing Microsoft hack a few years ago that has undergone a few defacements since. According to the article "This leak is not thought to be related to the hack attack on Microsoft's corporate network that took place in October 2000." Frankly, we don't and probably will never know.
As for profanity and such in the code by Microsoft, who knows. It all really depends on what the code reviewers allow. Microsoft typically reviews code in-house as well as contracts it out. If it would have been totally profane and such, don't you think word of it would have leaked "through the grapevine" by now?
Cheers,
TB | |
| Boulware5 2004-02-16, 1:11 pm |
| Already an exploit out being blamed for the leak...
A post to Bugtraq from SecurityTracker.com reports an Internet Explorer 5 exploit that has been released based on the Win2K code leak: 'It is reported that a remote user can create a specially crafted bitmap file that, when loaded by IE, will trigger an integer overflow and execute arbitrary code.' Only affects IE 5 apparently, but still - it didn't take long!" | |
| Tarzanboy 2004-02-16, 11:02 pm |
| For some reason that exploit sounds familiar.
Cheers,
TB | |
|
| The problem isn't that the code was leaked, I mean all the "exploits" would have been found eventually anyway, the problem is now that the public knows what code out of Redmond looks like, some people may not feel very comfortable ponying upwards of $500 (canadian) for the next MS OS. |
|
|
|