Windows NT 4/2k source code leak

Emboss

(apparently)

http://slashdot.org/articles/04/02/12/2114228.shtml?tid=109&tid=187

Asok

The site was having problems here is the text below

From
http://www.neowin.net/comments.php?id=17509&category=main

Neowin has learned of shocking and potentially devastating news. It would appear that two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT. At this time, it is hard to establish whether or not full code has leaked, and this will undoubtedly remain the situation until an attempt is made to compile them. Microsoft are currently unavailable for comment surrounding this leak so we have no official response from them at the time of writing.

This leak is a shock not only to Neowin, but to the wider IT industry. The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn't bare thinking about.

We ask that for the wider benefit of the IT community that members and readers support Microsoft by forwarding anything they know about the leak to the Microsoft's Anti-Piracy department.

Capt'n Midnight

Some quotes

I wonder how long till hackers go in and fix some of the bugs. That's the real danger to microsoft, if the bugs were fixed people wouldn't have to upgrade.

I doubt Microsoft would leak it deliberately, but this does open the door to a whole SCO-esque can of worms from now on.

Could this be a ploy to spur Win2k+3 updates? Blame the hackers for making win2k insecure. Oops you gotta upgrade now, sorry,

So, if any Micro$oft employees have ever looked at Linux kernel source, they are no longer allowed to work on Windows 'cause now they are tainted? Either the sword cuts both ways, or not at all.

Imagine if somewhere hidden in the bowels of the Windows2000 source an intrepid SCO intern finds a sliver of SCO-owned Unix code. Then all hell would break loose...

Sure the source code will make it easier to find exploits, but I've believed for a few years that "institutional hackers" those who have long ago reversed compiled Windows into something suitable for writting worms. How else does the Code Red author decide, "Hey! I found this buffer overflow routine in the unicode support for URLs in the IIS Indexing Server"?

There are probably paranoid governments who have teams who do this just this kind of work just to make sure those fabled NSA back doors in either are or aren't windows. I think this is possible/probable

I'm surprised nobody has sent them patches to fix security issues yet...

A member of the Slashdot cult has admitted he has stolen the source code to Microsoft's Windows XP operating system. PickyH3D is the handle the low-karma hacker used when bragging of his accomplishment to the world. He has also issued a challenge to Microsoft's legal team with the statement that "there is no evidence". More on this as we hear it.

I would be the most poetically ironic event ever if it turns out that it was a MS Win security hole that allowed a hacker to enter a server and steal the code.
Doubly ironic if it was a hole that MS has known about for months and not bothered to patch.
Triply ironic if someone finds said hole, patches it, and ships patched source back to MS.

daveirl

This post has been deleted.

joePC

Believe it I got the code long ass download 228Mb for 2K..........

po0k

Originally posted by Capt'n Midnight
I'm surprised nobody has sent them patches to fix security issues yet...

Don't suppose you remember that crowd who released a 3rd-party patch for the IE URL exploit a few weeks back...and then had to retract it because it fubar'd something else?

I see this as being a possible good thing for the Open-Source movement, but with probable bad short-to-medium-term effects on businesses, especially those who are pure Microsoft-shops.

theciscokid

http://www.internetnews.com/ent-news/article.php/3312451

might explain it a bit better

according to some src comments , its looks like mainsoft.com leaked it , if not by choice - an email worm..

boy watching ppl beavering away over the code on irc is fun

for educational purposes...

[Your wish is my command. Don't do it again. --adam]

mods - please delete if necessary

LastIrishMonkey

i wouldnt be one bit supprised if this is the end for microsoft operating systems as we know them .............................. doo doooo dooooooooooo ! :rolleyes:

Capt'n Midnight

eh no - they are executing plan B
http://www.theregister.co.uk/content/4/35503.html
MS UK sponsors open source deployment workshop

Seriously - if XP source code is out there then it makes NT/2K release look academic. Then again there are a lot of white hats so maybe if it is genuine there will be a list of services to stop / ports to block / firewall rule updates.

Is it possible to have a firewall do buffer bounds checks based on the port number of destination packet ??

scojones

long ass dl for 2k? the entire source is 50 gigs, this is only partial code.

daveirl

This post has been deleted.

kida

it3 over 600mb uncompressed - 20% apparently including some network code.

Emboss

Originally posted by daveirl
I don't believe the story... .yet

What about now ?

http://www.microsoft.com/presspass/press/2004/Feb04/02-12windowssource.asp

daveirl

This post has been deleted.

Caliden

its only 1/18th of the full source code but i bet bill is grinning :
more upgrading people, c'mon hurry up, i wanna make my first trillion!!!!

theciscokid

apparently its 1/80th of the code

but if you see what people can do with windows and its closed

this compressed 203mb > 600mb file could and prob. will be devastating

halenger

Neowin and all them had links to 2 websites that listed the files that had been released and from what they listed they were some major parts.

It may not have been the whole thing or anywhere near it but it contained Kernel code etc. Stuff that is at the core. Even if it doesn't cause new hacks etc to be found it does release how exactly the internals of 2k work.

We'll see how it pans out sure.

mr_angry

Just found this article. Its nearly as good as the comedy quotes, except its for real.

Some highlights:

Security experts say that Windows users are unlikely to face any increased security risks as a result of a leak of Windows 2000 and Windows NT source code discovered on Thursday, mainly because it is a simple matter for hackers to find Windows vulnerabilities without recourse to the code.

On Thursday, a 203MB file containing some of Microsoft's closely guarded source code was published on the Internet, representing around 1 percent of the code base of Windows 2000, the enterprise operating system on which Windows XP is based.

David Emm, marketing manager at McAfee Avert, the antivirus company's research arm, told ZDNet UK that source code isn't necessary to plan an attack. "This has been amply demonstrated over the last few years," he said. "It is a bit like somebody wanting to break into my house--they don't necessarily need the floor plans to in order to see that there is an open window or a drain pipe to climb."

Is Windows really a vaible OS now, if you are in any way worried about security?

daveirl

This post has been deleted.

uberwolf

this may be of interest