Microsoft Source Code Leaked Over Web

MyWay News ^

[Happy2BMe]

Feb 12, 10:23 PM (ET)

By ALLISON LINN

SEATTLE (AP) - Microsoft Corp. (MSFT) said late Thursday that portions of its Windows source code - the tightly guarded blueprints of its dominant operating system - had been leaked over the Internet.

Microsoft spokesman Tom Pilla said in an interview with The Associated Press that some incomplete portions of the Windows 2000 and Windows NT4 source code had been "illegally made available on the Internet."

Access to the source code could allow hackers to exploit the operating system and attack machines running Windows, which is used on hundreds of millions of computers worldwide.

The company was made aware of the leak on Thursday and is investigating, Pilla said. He did not know how much of the code had been leaked or how many people may have gained access to it. The company could not immediately pinpoint the source of the leak, and has contacted law enforcement authorities, he said.

Pilla said there was no indication the code leak was a result of a breach of Microsoft's corporate network. There was no known immediate impact on Microsoft customers, he said.

Microsoft has previously shared some of its source code with some U.S. government agencies, foreign governments and universities under tight restrictions that prevent such organizations from making it publicly available. But the company has generally argued that the blueprints to its operating system are proprietary, and shouldn't be made public.

Still, because some people outside Microsoft have had access to the code, analysts said it wasn't too surprising for such a leak to occur at some point - either intentionally or unintentionally.

"It seems unlikely this is going to create a material, significant security problem, said Rob Enderle, a technology expert and principal analyst with the Enderle Group. "It's more embarrassing than anything else because it makes it look like Microsoft can't control its code."

[Happy2BMe]

Woops!

[Happy2BMe]

"Microsoft has previously shared some of its source code with some U.S. government agencies, foreign governments and universities under tight restrictions that prevent such organizations from making it publicly available."

Let's see now. What country would want to hurt America by hurting Micro$oft?

Pakistan? India?

[Reelect President Dubya]

Bill's strategy of funding SCO to act as a stalking horse for open source FUD has failed, so his next step is obviously going to be to claim that Windows code has magically found its way into Linux.

[StatesEnemy]

Of course MS is embarrassed for showing its prudish @ss.

It only WISHES it could be free spirited Linux streaker!

[GeronL]

Drip..., Drip..., Drip...

[bcoffey]

Pakistan? India?

Oh, I thought that's where most of their source code was written in the first place.

[Happy2BMe]

Me smells a ret - from inside of Miker$oft.

[JoJo Gunn]

With the rumors of what they're wanting to do with Longhorn, such as your having to get a fry cook to give you permission to play a .wav file, it wouldn't surprise me in the least MS did it on purpose, to stir fear and mistrust. The code to 9x is probably out too, and considering how just this week they admitted to another exploit which they sat on for 6 months....

Call me paranoid. But unlike MS I never got dead people to write "letters to the editor" either.

[Happy2BMe]

"Oh, I thought that's (India and Pakistan) where most of their source code was written in the first place."

Don't get Miker$oft Help Desk confused with their $oftware development center in Redmond.

[Reaganwuzthebest]

Could be a strategy on Microsoft's part to release the code themselves. You never know now that Linux has become a real threat to their long-term survival.

[GeronL]

drip, drip, drip.... gusher!!!!!!!

[Happy2BMe]

"You never know now that Linux has become a real threat to their long-term survival."

And who said CYBERTERRORISM was not real . .

The FREEPERS Guide To Islamic Terror Websites - CYBERTERRORISM (And It's Sponsors)

[Abcdefg]

Don't advocate criminal behavior on this site.

[Happy2BMe]

Talk about "stepping in it" . .

[StatesEnemy]

I don't think blanketing Militant Islamic sites with HTTP requests - if the participants voluntarily load the necessary software - is illegal.

If so, can ya give me a link explaining the infraction?

[GOP_1900AD]

Do MS conduct real background checks on all the ChiCOMs and Ruskies they hire, both as H1Bs here in the US, as well as the ones in their ops in Communist Red China, as well as "reformed" Russia? I think I already know the answer, so I guess it's largely a rhetorical question.

[Happy2BMe]

"I think I already know the answer. ."

I think you do to.

[Golden Eagle]

Do MS conduct real background checks on all the ChiCOMs and Ruskies they hire...

They do as much as we're going to get from anyone who's not doing strictly DoD work.

illegal is the key word from the article above. Unfortunately many here and on other message boards will cheer this on.

[Agnes Heep]

Open access to source code is one of the main reasons why potential users shy away from Linux.

[LisaMalia]

Kinda reminds me of the dialog from one of my favorite movies:

Chili Palmer: Martin, look at me.
Martin Weir: I'm looking at you
Chili Palmer: No, look at me the way I'm looking at you.

[jrushing]

Microsoft Source Code Leaked Over Web
Did it drain from Microsoft or did someone else spill it?

[evolved_rage]

So all you late adopters of XP better hurry up. All the hackers have your code now.

[George W. Bush]

Open access to source code is one of the main reasons why potential users shy away from Linux.

There are many reasons. But that isn't one of them.

Linux is far more secure. Despite its open source and millions of competent coders with the source, there are only about a half dozen exploits/viruses for it. And those got fixed in about a day.

The difference in security isn't even comparable between Linux and M$. BSD (Mac OS X) is even more formidable. And so are the proprietary Unices.

[George W. Bush]

I'd mention the following which will show the wide availability of the source code, even on XDCC servers:

PacketNews search engine (search for 'Windows 2000 source')

Also, for those who have mIRC already installed, you can verify this at:

irc.xtc-dreams.com
#warez-asylum
/ctcp [wa]-uni-11000 xdcc send #1

The file is: windows_2000_source_code.zip, 203MB

Here's a link to a list of the files in the source archive.

[The above info is for information only. I despise and deplore IP theft. I strongly warn everyone to avoid downloading any proprietary code. And I'm certain that our management here at FR agree, having never tolerated illegal activities of any kind. The previous info provided only to demonstrate how widely available this code already is and not for any illegal purpose.]

[MediaMole]

I don't know how much was leaked, but by Monday, it will be the most-downloaded item on KaZaa.

Here is a link to a text file listing the files that got loose.

File listing

(Please note these are not the source code files themselves, just a listing of what was leaked. ...and no, I don't have the code. )

[Dan Cooper]

So all you late adopters of XP better hurry up. All the hackers have your code now.

Maybe this is the reason the code was "leaked".

[George W. Bush]

Windows 2000 = Windows 5.0.xxxx
Windows XP = Windows 5.1.xxxx

Basically, the same code base. WinXP is prettier and has more of the DirectX gaming/multimedia stuff.

Otherwise, it's the same old thing. Both were built on the old WinNT code base.

[George W. Bush]

Windows 2000 = Windows 5.0.xxxx
Windows XP = Windows 5.1.xxxx

Basically, the same code base. WinXP is prettier and has more of the DirectX gaming/multimedia stuff.

Otherwise, it's the same old thing. Both were built on the old WinNT code base.

[George W. Bush]

Do MS conduct real background checks on all the ChiCOMs and Ruskies they hire, both as H1Bs here in the US, as well as the ones in their ops in Communist Red China, as well as "reformed" Russia?

Russia and China have already seen the source code. They had security concerns and Microsoft showed it to them, saying they never gave them a copy.

Given the aggressive new Chinese DVD video standard (to crush DRM and CSS protection) and China's initiative to develop their own new official Linux distribution, I wouldn't be surprised if the Chinese leaked this code as an industrial sabotage.

Meanwhile, Micro$oft is putting the finishing touches on Windows XP Lite, a cut-down version of XP for the Chinese/Asian market. It will lack some features but will be upgradable to the full XP Home and XP Pro versions.

Personally, I hope the Chinese crush Microsoft with open-source. Better than having to live with Gates' miserable money-grubbing bug-ridden code for the rest of our lives.

[Golden Eagle]

Personally, I hope the Chinese crush Microsoft with open-source.

You're obviously twisted in your ideals, openly supporting the expansion of communist China over the largest market cap company in the United States.

People on this forum love to try to paint me as an employee of Microsoft, but that is far from the truth, I am simply speaking out against imbeciles like you that would GLADLY sacrifice America's technological edge to communist China. You might as well have a red and yellow flag stamped on your forehead...

[Golden Eagle]

Linux is far more secure. Despite its open source and millions of competent coders with the source, there are only about a half dozen exploits/viruses for it. And those got fixed in about a day.

What an idiotic statement, peddled as the truth. Check lwn.net/alerts, there are over 300 reported holes in Red Hat Linux alone.

[George W. Bush]

What an idiotic statement, peddled as the truth. Check lwn.net/alerts, there are over 300 reported holes in Red Hat Linux alone.

That page does not say any such thing.

The 'Alerts' page are alerts to security fixes which have already been issued. And the most recent listed on the Redhat page is from 5/29/2002.

Another place on the site does mention that they do tracking on over 300 Linux distributions. Is that what you're talking about?

Your link, lwn.net/alerts, does not say what you want people to believe.

I suppose I could go to some effort to find out if you're just a M$-troll or just plain ignorant. But it doesn't seem to merit the effort.

Maybe JohnRob would like to weigh in on this.

[George W. Bush]

You're obviously twisted in your ideals, openly supporting the expansion of communist China over the largest market cap company in the United States.

No. I want competetion. Because M$ software is so buggy and so rarely fixed. I think it's deliberate, another strategy to keep us chained to their mediocre and overpriced products. With Microsoft, marketing and profit come first, product quality dead last.

And open-source requires everyone, including China, to release their source code back to the development tree for everyone to see.

[Golden Eagle]

Try this link:

http://lwn.net/Alerts/

Then click Red Hat.

http://lwn.net/Alerts/Red_Hat/

347 holes in this 1 version of Linux.

Last one? 2 days ago.

[Golden Eagle]

"The leaked code includes 30,915 files and was apparently removed from a Linux computer used by Mainsoft for development purposes."

http://www.betanews.com/article.php3?sid=1076674118

[Golden Eagle]

And open-source requires everyone, including China, to release their source code back to the development tree for everyone to see.

No it doesn't "require" it. They ask it, but apparently the Chinese aren't giving all their modifications back, something you might want to look into instead of pushing the lies further on us.

[George W. Bush]

You moron.

Those 'alerts' are the alerts to fixes of potential security holes, revealed by constant code review. BTW, you are aware there are two different Alerts pages.

Your previous link, lwn.net/alerts, was as I said. This new one, lwn.net/Alerts, is the newer listing.

BTW, those fixes (alerts) are for differing versions of Redhat, not for all of the releases. Some are Redhat 9, some are Workstation, some are different version of the Enterprise versions.

And simply because they fixed some code doesn't mean that anyone actually exploited it. Or wrote a virus for it which is virtually unknown with Linux.

Never mind, you're still just an ignoramus or a troll.

[George W. Bush]

No it doesn't "require" it. They ask it, but apparently the Chinese aren't giving all their modifications back, something you might want to look into instead of pushing the lies further on us.

If they release binary, yes, they have to release it. However, if they create private in-house versions, they don't have to. Neither do we.

If they make a widespread distribution, for instance to their business/home users, they will have to release it. Or simply be in breach of copyright.

I doubt they want to go that route. It would close the European and U.S. markets to their offerings.

[evolved_rage]

It was leaked. I rarely see XP at any office I go to, and I look for it. Its always win 2k and office 2k. If I see XP, its usually on a new laptop, heh heh, and it gets replaced. I've started playing with OpenOffice and it is sweet.

[Golden Eagle]

Call me whatever name you want, but you're statements are bold faced lies.

You said "Linux is far more secure. Despite its open source and millions of competent coders with the source, there are only about a half dozen exploits/viruses for it. And those got fixed in about a day."

I have since given you a link that shows there have been over 300 holes in Red Hat Linux ALONE, and you can research the posted fixes additionally to show they weren't fixed "a day" either. The correct fact you stated that there are many more distros of Linux than Red Hat actually only shows even further how absurd your original statement was since each version of Linux has abundantly more holes than your claim of "a half dozen".

But like all the Linux moonies, you'll continue to act like your lies are actually based on fact, of which they obviously are not.

[Golden Eagle]

If they release binary, yes, they have to release it. However, if they create private in-house versions, they don't have to. Neither do we. If they make a widespread distribution, for instance to their business/home users, they will have to release it. Or simply be in breach of copyright.

Wrong again, they don't "have to" do anything, which is exactly why they aren't. As for the rest of your post, as if the Chinese care anything about copyright infringement. You really should better research China and Linux before you go pushing them on everyone.

[GOP_1900AD]

The national security / economic means implications are huge. I believe that Beijing and Moscow are prepping for a major cyber attack on the West. For example, the West is not desourcing MS nearly as quickly as the East. Therefore, an attack on MS installaions would be a net cyberwar win for the East.

[philetus]

BetaNews has learned that Thursday's leak of the Windows 2000 source code originated not from Microsoft, but from long-time Redmond partner Mainsoft. The leaked code includes 30,915 files and was apparently removed from a Linux computer used by Mainsoft for development purposes. Dated July 25, 2000, the source code represents Windows 2000 Service Pack 1. Analysis indicates files within the leaked archive are only a subset of the Windows source code, which was licensed to Mainsoft for use in the company's MainWin product. MainWin utilizes the source to create native Unix versions of Windows applications.

Mainsoft says it has incorporated millions of lines of untouched Windows code into MainWin. Clues to the source code's origin lie in a "core dump" file, which is left by the Linux operating system to record the memory a program is using when it crashes. Further investigation by BetaNews revealed the machine was likely used by Mainsoft's Director of Technology, Eyal Alaluf. References to MainWin can also be found throughout the leaked source files, which do not compile into a usable form of Windows. Prior to Microsoft's Shared Source Initiative launched in 2001, Mainsoft, which calls itself "the software porting company," was one of only two partners with access to the Windows source code under Microsoft's Windows Interface Source Environment (WISE) program.

[Golden Eagle]

I believe that Beijing and Moscow are prepping for a major cyber attack on the West.

It's already well under way, and was initiated with the "spy plane" incident of a few years ago that led to back and forth website defacements, "code red" virus, and now we have hacker groups like "X-Focus" which release open source code exploits to Microsoft products directly on the internet without first giving MS a chance to prepare a patch.

Regardless so far thankfully we're winning the war, and our systems and protections become more advanced with every day. For some interesting reading about some of the underground activity, search for the hacker named 'pr0phet', who at one time was almost single handedly defeating the Chinese, although I do not encourage hacking or vigilante justice myself.

[George W. Bush]

...and now we have hacker groups like "X-Focus" which release open source code exploits to Microsoft products directly on the internet without first giving MS a chance to prepare a patch.

Good. We've complained about the well-known security holes for years and they refuse to fix them. I'm glad someone is going to force them to fix it.

[Golden Eagle]

Thanks, that seems to come from the same link I posted in #36. They are not releasing (or do not know) yet how the code was swiped from the Linux client, but hopefully time will tell.

[Golden Eagle]

You are so in support of China and it's hacker groups I have to wonder what color your skin is. Why don't you gbo ahead and change your name to "Jiang Zemin" or similar?

[bvw]

He works in an corner office with rosewood paneling and windows overlooking great scenery, on a floor far above yours. He is important!

Stick to your level.

[Golden Eagle]

Let's hope not, since he like many others on FR seem to want to take the side of the Democrats when it comes to choosing software.

http://www.freerepublic.com/focus/f-news/1016360/posts