Home › Forums › Archives › Computer Support › Computer Support Discussion › Windows 2000 and NT source leaked!
- This topic has 15 replies, 10 voices, and was last updated 19 years, 9 months ago by darkc0ne.
-
AuthorPosts
-
February 13, 2004 at 1:51 am #4643imported_EvilSephMember
Neowin.net is reporting that Windows 2000 and Windows NT source code has been leaked to the internet.
Quote from: Neowin.net
“Neowin has learned of shocking and potentially devastating news. It would appear that two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT. At this time, it is hard to establish whether or not full code has leaked, and this will undoubtedly remain the situation until an attempt is made to compile them. Microsoft are currently unavailable for comment surrounding this leak so we have no official response from them at the time of writing.This leak is a shock not only to Neowin, but to the wider IT industry. The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn’t bare thinking about.
We ask that for the wider benefit of the IT community that members and readers support Microsoft by forwarding anything they know about the leak to the Microsoft’s Anti-Piracy department.”
View:
Neowin.net Article
The world’s biggest software company, Microsoft, says hackers have broken into its corporate computer network.The hackers gained access to the source code, or blueprints, of Microsoft’s Windows-based software, which is estimated to run on about 90% of the world’s PCs.
But Microsoft’s president and chief executive, Steve Ballmer, insisted they had not been able to tamper with any of the company’s key programs.
He said: “It is clear that hackers did see some of our source code.
“I can assure you that we know there has been no compromise of the integrity of the source code; that it has not been modified or tampered with in any way.”
Serious consequences
Microsoft’s abuse of its near monopoly and refusal to share its source code have been at the centre of a long-running and bitter legal battle with the US authorities.
The security failure could create serious commercial problems for Microsoft if the hackers managed to download source code.
But more than this, if the hackers were able to tamper with the code, and Microsoft did not discover the changes, there could be problems for customers who might buy any affected products.
Earlier, Microsoft had been tight-lipped: “We recently became aware of a hack to our corporate network.
“Microsoft is moving aggressively to isolate the problem and ensure the security of our internal network.”
Russian connection
While the firm’s reluctance to say much is understandable, more details of the attack have been reported in New York’s Wall Street Journal.
It says the security breach was discovered by staff on Wednesday. They detected internal passwords being sent remotely to an e-mail account in St Petersburg in Russia.
Electronic logs apparently showed that the passwords were being used to transfer source code.
Computer security experts say the hackers appear to have used a virus called Qaz to break into Microsoft’s network.
They say Qaz first surfaced in China in July and is a “worm” virus, which makes copies of itself to spread throughout a network.
Secrets
Once installed, the Qaz program allows hackers unauthorised access to the network by, for example, relaying back to them passwords and other secret information.
It is also believed that the virus entered Microsoft’s system within an inconspicuous-looking e-mail and, once inside, began replicating.
This kind of virus is known as a Trojan, after the Trojan Horse of Greek mythology, which was used to end the siege of Troy.
Astonishingly, the hackers are believed to have had access to Microsoft’s network for three months before the breach was detected.
Microsoft says it has referred the attack to the US Federal Bureau of Investigation (FBI) and is working with the authorities to “protect its intellectual property”.
View:
BBC News Article
Microsoft tracks possible Windows code leak
Microsoft is investigating the possibility that a file posted to several underground sites and chat rooms contains some protected source code to Windows 2000.The 203MB file contains the code that appears to be from Microsoft’s enterprise operating system, but the code is not complete, said Dragos Ruiu, a security consultant and the organizer of the CanSecWest security conference, who has examined the file listing.
“It was on the peer-to-peer networks and IRC (Internet relay chat) today,” Ruiu said. “Everybody has got it; it’s widespread now.”
The 203MB file expands to just under 660MB, he said, noting that the final code size almost perfectly matches the capacity of a typical CD-ROM. The entire source code, he said, is believed to be about 40GB, meaning that the file circulating Thursday would be only a fraction of the full code base–if it is authentic.
Ruiu, who has seen the file, believes it to be authentic. “It looks real,” he said. “You can’t build Windows, however. It’s just a bunch of chunks of the operating system.”
Microsoft said it is looking into claims that file traders were swapping its proprietary source code.
“The rumor regarding the availability of Windows source code is based on the speculation of an individual who saw a small section of unidentified code and thought it looked like Windows code,” Microsoft said in a statement provided to CNET News.com. “Microsoft is looking into this as a matter of due diligence.”
Earlier Thursday, a source located a file purporting to be the code on a Web site, but the file was removed from the Internet before it could be completely downloaded.
The potential that the source code has been released has some security experts worried.
“It’s definitely not a good thing if black hats have the source code,” said Oliver Friedrichs, senior manager with antivirus company Symantec’s security response center. If the source code as been released, “the underground can look at the code without legitimate security researchers being able to find vulnerabilities first.”
But Microsoft downplayed any security issue.
In its statement the company said the main concern is the potential theft of its handiwork rather than the possible security threat that such a leak might pose.
“If a small section of Windows source code were to be available, it would be a matter of intellectual property rights rather than security,” Microsoft said.
Microsoft jealously guards the source code to the various versions of its Windows operating system, sharing it only with universities and government agencies that sign agreements not to release the code. While working versions of Microsoft’s operating system have occasionally leaked to the Internet, actual source code leaks have been rare
Although Microsoft Chairman Bill Gates has publicly bragged about the security of Windows, even Microsoft fears the release of its code. In testimony during the Microsoft antitrust trial, Jim Allchin, the company’s senior vice president for Windows, said opening up the company’s source code could be devastating for the operating system’s security.
“The more (that) creators of viruses know about how antivirus mechanisms in Windows operating systems work, the easier it will be to create viruses or disable or destroy those mechanisms,” Allchin testified during a May 2002 antitrust trial.
Allchin made the statements while defending the company against legal remedies supported by nine states that would have compelled Microsoft to giveaway the source code to Internet Explorer.
Allchin’s fears are not misplaced, said Thor Larholm, senior security researcher with security consultancy PiVX Solutions.
“Just look at the amount of vulnerabilities that are discovered without the source code,” he said. “The majority of Windows servers are still running Windows 2000. Furthermore, Windows 2000 has a lot of shared code that is still being used by Windows XP and Windows Server 2003.”
However, other security experts believe that fears about a leak leading to the widespread discovery of vulnerabilities in the code are misplaced.
“Theoretically, to a good reverse engineer, all code is open source,” said a Microsoft security consultant who asked not to be identified. He added that the size of the compressed file that was being passed around the Internet sounded about right.
In the end, however, the mistake that made Microsoft’s code public might result in benefits similar to open-source code, Ruiu said.
“Short term, there might be problem (as bugs are found), but long term it might be good for them,” he said. “Their code might become more secure.”
View:
ZDNet News Article
This news surely is a shock to us. The majority of the world use Windows and this could pose a potential risk for all of us. However, further investigation has revealed otherwise.Source:
Mentioned sources and Digital-Fanatic.comFebruary 13, 2004 at 3:26 am #49904CharlesMemberThe fallout of this will be devastating. This WILL be VERY VERY ugly. White hackers will be submitting actual ‘bug reports’ to MS. Black-hats will be writing new code to take advantage of these holes faster than ever. Time to start the Penguin Punk Prevention Plan on my server. (Linux)
February 13, 2004 at 4:18 am #49913darkc0neMemberEeeek… this could be bad for me…I run win2k..
Oh wait it only effects the people that would be buying 2k and nt..But that wont be many because MS is pushing XP and server 2003…Oh well i guess il just watch this unfold and see how many people flock to linux.. then how many flock back cause they cant install their printer:p
February 13, 2004 at 4:50 am #49903CharlesMemberI’ll gladly help any of those users who choose linux install their printer. It isn’t hard when the drivers are already with the OS. It gets a pain in the a$$ when you try and use a laptop video card. Ughh…won’t go there. I say everyone is taught Linux and that all companies ship Linux with their computers. (or at least offer the option)
February 13, 2004 at 4:54 am #49906DavidParticipantQuote:quote:Originally posted by Shizna69I’ll gladly help any of those users who choose linux install their printer. It isn’t hard when the drivers are already with the OS. It gets a pain in the a$$ when you try and use a laptop video card. Ughh…won’t go there. I say everyone is taught Linux and that all companies ship Linux with their computers. (or at least offer the option)
Here Here!
I’m going to try SuSE tomorrow.
February 13, 2004 at 5:29 am #49908Someguy03MemberLol, I was bored and did a search for this on kazaa lite, got about 200+ results. I seriously would’dnt suggest anyone downloads the source though. Usually when files become very populer people attach trojans, viruses, or when the program is run, it deletes something important or corrupts something. I know this because when I wanted to reuse the Norton trial I needed to find a way to delete the hidden registry key that kept track of how long you have had the program. I got a little program off kazaa that was suggested by some people, and I found hundreds of diffrent ones. I downloaded one and when ran it deleted my entire registry and i was forced to reinstall windows. Just a warning.
And also, you must consider what other companys could do with the source if they happened to get it. They might gain a much better understanding of the inner workings of Microsoft’s technology.
February 13, 2004 at 6:00 am #49902CharlesMemberQuote:quote:Originally posted by someguy03
And also, you must consider what other companys could do with the source if they happened to get it. They might gain a much better understanding of the inner workings of Microsoft’s technology.Why in God’s name would ANY company want to understand these “inner-workings” of Microsoft “technology”? I didn’t even know these such things existed…
February 13, 2004 at 6:39 am #49907Someguy03MemberI mean figure out how Microsoft’s programs work, maybe steal some features or something.
February 13, 2004 at 6:59 am #49899Jeff HesterKeymasterI know Microsoft would never do anything so sneaky, but what if they let it leak as a way of essentially coercing corporations into upgrading to XP? Many corporations are weighing the costs of switching to Linux, but if they had to make an immediate change, XP would be a much easier upgrade path. After the money is committed, the Linux question gets pushed back another three years.
February 13, 2004 at 4:46 pm #49912ShadowSlayer469MemberHey, anyone who feels like they should swich to Linux I would like to suggest Knoppix. Knoppix is a free version of Linux that runs from a CD-ROM so that you dont have to partition your hard drive. You can dowload Knoppix at http://www.knoppix.net/ . Its about 699 MB so it might take a while, but try it, I did a long time ago and it works great.
February 15, 2004 at 5:01 am #49905CharlesMemberQuote:quote:Originally posted by JeffI know Microsoft would never do anything so sneaky, but what if they let it leak as a way of essentially coercing corporations into upgrading to XP? Many corporations are weighing the costs of switching to Linux, but if they had to make an immediate change, XP would be a much easier upgrade path. After the money is committed, the Linux question gets pushed back another three years.
I think most comapanies realize that Windows 2000 is Windows NT 5.0 and Windows XP is Windows NT 5.1. Any exploit in one will will be in the other until Microsoft decides to patch. The point is that the only real difference between the two involves the GUI and that the other features are pretty much the same. Most drivers for XP work with 2000 and vice-versa. Most or all exploits will follow suit. I am sure a few companies like Red Hat will gladly point this out to certain corporations. 😀
April 21, 2005 at 9:49 pm #49911EEDOKMemberif you missed it, here’s the stolen source
Code:/* Source Code to Windows 98 — Enjoy! */#include “win31.h”
#include “win95.h”
#include “evenmore.h”
#include “oldstuff.h”
#include “billrulz.h”
#define INSTALL = HARDchar make_prog_look_big[1600000];
void main()
{
while(!CRASHED)
{
display_copyright_message();
display_bill_rules_message();
do_nothing_loop();
if (first_time_installation)
{
make_50_megabyte_swapfile();
do_nothing_loop();
totally_screw_up_HPFS_file_system();
search_and_destroy_the_rest_of_OS/2();
hang_system();
}write_something(anything);
display_copyright_message();
do_nothing_loop();
do_some_stuff();if (still_not_crashed)
{
display_copyright_message();
do_nothing_loop();
basically_run_windows_3.1();
do_nothing_loop();
do_nothing_loop();
}
}if (detect_cache())
disable_cache();if (fast_cpu())
{
set_wait_states(lots);
set_mouse(speed, very_slow);
set_mouse(action, jumpy);
set_mouse(reaction, sometimes);
}/* printf(“Welcome to Windows 3.11”); */
/* printf(“Welcome to Windows 95”); */
printf(“Welcome to Windows 98”);
if (system_ok())
crash(to_dos_prompt)
else
system_memory = open(“a:swp0001.swp”, O_CREATE);while(something)
{
sleep(5);
get_user_input();
sleep(5);
act_on_user_input();
sleep(5);
}
create_general_protection_fault();
}April 22, 2005 at 5:18 pm #49900SathallrinMemberFunny, but why bring up a topic over a year old just to post that?
April 23, 2005 at 6:27 am #49909Someguy03MemberHaha I think it was a joke. Good stuff though. Hopefully Longhorn will fix what Microsoft has screwed up so badly in previous Windows OS’s.
write_something(anything);
display_copyright_message();
do_nothing_loop();
do_some_stuff();Heh.
April 23, 2005 at 8:35 am #49901DJHyperbyteMemberSomeguy03 wrote:Haha I think it was a joke. Good stuff though.Dude, we get it. Although we may ignore most things EEDOK posts, we did read this one and it was quite clear that it was a joke. That’s why Sathallrin started his post with the word “funny”.But it’s rather pointless to make jokes about news from more than a year ago, don’t you think?
-
AuthorPosts
- You must be logged in to reply to this topic.