| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Code leak: Fear of lawyers driving Microsoft | |
|
||
| Time: 00:00 EST/05:00 GMT | News Source: E-Mail | Posted By: Todd Richardson | ||
|
On 13 February, it became known that Windows 2000 and Windows NT source code was circulating on the internet. Microsoft soon confirmed the leak, saying that "incomplete portions of Windows 2000 and NT 4.0 source code was illegally made available on the internet." I am stunned that Microsoft didn't immediately know exactly who leaked the code. There are easy techniques to give each version of the Microsoft source code files a unique watermark, such that any copy can be traced back to its source. The fact that they didn't bother doing this says a lot about their own internal security. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 316 Last | Next |
The time now is
12:34:18 PM
ET.
Any comment problems? E-mail us |
| #1 By 2332 (65.221.182.2) at 3/16/2004 11:21:56 PM |
|
Wow, what an idiot.
First of all, the code was stolen from a 3rd party that has a license to include portions of the Windows source code directly in their product. This means that must have access to actual source files, not just the ability to view a source file through a viewer as is this case with most shared source partners. Because they need to be able to compile their own applications using parts of the Windows source code, it would be impossible for Microsoft to preserve any kind of "watermark" that allows them to track that source back to the origin of the leak. Second, the code was stolen from an insecure Linux machine. This doesn't really have anything to do with his point, but I like bringing it up. :-) Third, anybody who has had the privledge (and yes, it is definitly a privledge) to experience inner workings at Microsoft knows that they are perhaps the single most secure company on the planet, and not just with their source code. There is a good reason why nobody has ever been able to penetrate deep enough into Microsoft's network to steal anything of real value. It takes a truly ignorant invidivudal to suggest that Microsoft's internal security is lax in any way. Lastly, the risk of this source code leak is pretty minimal in my opinion. It's such a small portion of the overall source tree that the chances that even if there were some "smoking gun" in the Windows source anywhere, which there is no evidence of, it would be incredibly unlikely that it would just happen to be in this small chunk. |
| #2 By 1643 (65.40.238.60) at 3/17/2004 1:20:21 AM |
| #1 Brilliant |
| #3 By 18227 (68.98.156.77) at 3/17/2004 2:56:58 AM |
| And a privilege, too. |
| #4 By 12071 (203.217.20.231) at 3/17/2004 5:16:20 AM |
|
The real point is that no matter how closed, how much obscurity, code can always be leaked. It happened with the Win NT and Win2K source, it happened with MS DOS, it's happened with Half Life 2 etc etc. So just make sure that if/when your source code is leaked, there's nothing for you to be embarassed about! =)
#1 "Wow, what an idiot." http://www.counterpane.com/schneier.html "Schneier designed the popular Blowfish encryption algorithm. And Schneier's Twofish was a finalist for the new Federal Advanced Encryption Standard (AES)." You're right RMD... what an idiot... this guy is so STUPID compared to you. "anybody who has had the privledge (and yes, it is definitly a privledge) to experience inner workings at Microsoft knows that they are perhaps the single most secure company on the planet" Holy crap.... RMD.... you've got something on your lips! Most secure company on the planet... That's priceless! |
| #5 By 2332 (65.221.182.2) at 3/17/2004 8:02:44 AM |
|
#5 - No. Just add something unique to that copy of the source.
That's a good point, and perhaps that's exactly what they did... after all, they were able to track it down eventually. Probably because of bias. However, it's just as easy to have an insecure Linux machine as it is to have an insecure Windows machine. I know that. I brought it up because when any high profile Windows machine is compromised, Linux zealots are the first to gloat. #6 - Why don't you address what I said instead of just replying with some sarcastic comments? MS along with everybody else was vunerable to the WEP cracks on theyre internal WiFi network for a period of time that I recall Recall from when? ex employees and contractors that walk with source (and it has happened) Ya, maybe 10 years ago. Microsoft's internal source code repository is like locked down pretty darn well these days. raid db dumps and sourcedepot tree archives Privledge A RAID db dump might give you a small fraction of the source. There is no single machine or archive at Microsoft that has all the source for Windows, and there are only a handful of trusted accounts that have the ability to access all the required resources to compile a complete version of Windows. rofl now dont let this l337ism go to your head, you along wth about 100,000 other people if you include employee turnover and contractors and janitorial services rofl. tard. Tard? Get a grip, man. You think a janitor has access to Microsoft's network? And I'm the tard? Yeah theyre so l337 and über they dont have internal emails released onto the internet for all to see. I can go on. First, a lot of those e-mails are fake to begin with. Second, e-mail isn't source code. You certainly could go on, but do us all a favor and retrain yourself. |
| #6 By 12071 (203.217.20.231) at 3/17/2004 8:16:16 AM |
|
#9 "Why don't you address what I said instead of just replying with some sarcastic comments?"
I did address what you wrote. You claimed the the guy is an idiot, I pointed out that if he's an idiot then what the hell are you? Maybe you might look back on it and realise that maybe it wasn't the right name to call him, that you don't need to jump to Microsoft's defence anytime anyone write anything negative about them, giving us paragraphs of some of the most priceless comments I've ever heard. I honestly hope you're getting paid to write that stuff! Afterwards you claimed that it was impossible to put watermarks into source code - so I just ignored that, anyoen with half a clue knows that you can, sure it's far easier to place watermarks in binary code (IDA is a perfect example), but you can still do it with source code. You then had a stab at Linux parket style - so there's really no point addressing that either! Afterwards you went into PR land with some fantastic comments that I just had to address =) And finally, you told us all how in your opinion the leak of a fairly sizeable chunk of Windows code is of minimal risk - once again there's little point addressing this as well as most people would tell you that for a commerical organisation like Microsoft (or anyone else, e.g. Adobe etc) ANY leaked code carries a significant amount of risk. There's risk of IP being leaked, there's risk of code being there that perhaps shouldn't be, there's risk of people finding exploits in the code, etc etc etc, plenty of risks. |
| #7 By 2332 (216.41.45.78) at 3/17/2004 1:30:17 PM |
|
#9 - You claimed the the guy is an idiot, I pointed out that if he's an idiot then what the hell are you?
Not an idiot. that you don't need to jump to Microsoft's defence anytime anyone write anything negative about them I certainly don't jump to Microsoft's defence anytime somebody writes something negative about them. I jump to their defence when what is written is wrong. Afterwards you claimed that it was impossible to put watermarks into source code - so I just ignored that, anyoen with half a clue knows that you can, sure it's far easier to place watermarks in binary code (IDA is a perfect example), but you can still do it with source code. I wasn't considering custom comments a watermark, but I suppose it could be looked at that way. At any rate, I replied to that comment by saying you had a good point. You then had a stab at Linux parket style - so there's really no point addressing that either! I took a stab because I thought it would get a laugh. I think I made that pretty clear. Afterwards you went into PR land with some fantastic comments that I just had to address But you neglected to address the bulk of my post. The author suggested Microsoft's internal security was to blame for the leak, and I explained how it wasn't and how Microsoft's internal security is far better than pretty much any other company that I know of. And finally, you told us all how in your opinion the leak of a fairly sizeable chunk of Windows code is of minimal risk - once again there's little point addressing this as well I stand by that claim. The source that was leaked was too small to be of any real value as far as stealing intellectual property, not to mention that he source is pretty old. Might somebody find security holes in it? Maybe. Could those holes affect current versions of Windows? Sure. But the scope of the source code would mitigate that risk, which is why I said the risk was minimal. If you have reason to believe otherwise, please explain. |
| #8 By 2332 (216.41.45.78) at 3/17/2004 1:30:49 PM |
|
#11 - RMD ur full of sh*t
Right back at ya. I know for a fact when they had to shutdown the WiFi because they "just" heard about the WEP crack How do you know this? I have several contacts at Microsoft (a few in Redmond, one in Mass), and they can't recall anything like that. (One of the contacts is in charge of network security, so he would probably know.) Secondly every SDE, STE etc that I have seen had full access (and this was less than 10 years ago rofl) to the sourcedepot tree for theyre project at that BU What projects are you talking about? I don't doubt that smaller projects, like VS.NET for instance, have a handle full of build manager accounts that have full access to the source tree. But you can count on one hand the number of people of have access to the full source tree for Windows. Every single access to the source tree is monitored extremely carefully, and control for the various nodes in the tree are carefully and strictly delegated. as for RAID , well was the bug DB of choice then with full repros of alot (assuming they where well written but we know how badly written alot where :D) Huh? Can anybody read this? No the source repositorys for certain BU projects I saw where not well locked down. Depnds on the BU and dont forget the risk from Satallite offices. Nearly all development on the major Microsoft applications (Windows, Office, IE, etc) are done in WA. But I'm not sure how this is any more of a risk. The offices are securely linked, and source access is still controlled in the exact same way. Tard. MS != Redmond only. How old are you? 12? You are forgetting other offices and aquisitions and also shutdowns (spell disgruntled employees). and alot of the emails are not fake. I'm not forgetting any of that. You honestly think that employees that have been fired still have access to source once they know they're fired? Hell, we don't even do that at MY company, much less Microsoft. As far as the e-mails, e-mails are not source code. Employees are free to forward that stuff all they want, unless, of course, they're using Office 2003 which has the ability have secured e-mail. No, I was being sarcastic with my reference to janitor, maybe you could see that if you removed yer head from yer arse. Well, considering the rest of your statements are just as stupid, it's kind of hard to tell. This post was edited by RMD on Wednesday, March 17, 2004 at 16:24. |
| #9 By 6253 (24.1.206.27) at 3/17/2004 1:47:58 PM |
|
Folks, this code was from 3+ years ago.
Would the Linux and Open Source people like to be judged on what their code looked like 3+ years ago? Before they got embarrased by benchmarks which proved their file serving assumptions wrong and spent years on tuning? Before they could compete in SMP? Before their hardware support became credible? Even George Lucas doesn't want you to judge his capabilities by the original Star Wars. (It just happens to be unfortunate that his updated version is worse.) Mainsoft obtained their license long before the Shared Source Initiative. At the time, the number of companies with access to Windows source code could be counted on the fingers of one hand. Hindsight is always 20/20. |
| #10 By 2332 (216.41.45.78) at 3/17/2004 4:26:56 PM |
|
Does anybody else find m00zilla as barely coherent as I do? This post was edited by RMD on Wednesday, March 17, 2004 at 16:27. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 316 Last | Next |
The time now is
12:34:18 PM
ET.
Any comment problems? E-mail us |
