• We have updated the guidelines regarding posting political content: please see the stickied thread on Website Issues.

Windows source code leaked:

A

Anonymous

Guest
This might well be interesting, over time. Though much initial reporting of the story will almost certainly miss the point and / or just get it wrong.

There will surely be implications, in time. Certainly plenty of scope for accusation, speculation and theory. A good place to start with the debate is this thread on Slashdot. Some are already even saying that Microsoft have done it to themselves. Others are blaming the Chinese.

Neowin has learned of shocking and potentially devastating news. It would appear that two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT. At this time, it is hard to establish whether or not full code has leaked, and this will undoubtedly remain the situation until an attempt is made to compile them. Microsoft are currently unavailable for comment surrounding this leak so we have no official response from them at the time of writing.

This leak is a shock not only to Neowin, but to the wider IT industry. The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn't bare thinking about.

We ask that for the wider benefit of the IT community that members and readers support Microsoft by forwarding anything they know about the leak to the Microsoft's Anti-Piracy department.

Update: Microsoft's Tom Pilla has confirmed the leak stating: "Today we became aware that incomplete portions of Windows 2000 and NT 4.0 source code was illegally made available on the Internet"

Please do not post any links/screenshots/hints or anything to do with the source code outbreak. Discussion is allowed but we will not condone people spreading this source code.
Click to expand...
 
The implimentation being we should all upgrade to XP? Hmmm, how very convenient ;)
 
Don't Mean To Be Cynical, But...

Dr Poo said:
The implimentation being we should all upgrade to XP? Hmmm, how very convenient ;)
Click to expand...
The other implication being that it is necessarily a bad thing.

It's just possible there might be some loopholes closed and better versions of the code appearing. There are hackers out there that want to get their hands on the code, not for malicious purposes, or to copy it, but simply because they want to fix the weaknesses and loopholes in the systems they use, or they're running for a living.

And, how long before lists highlighting all the similarities between "Windows NT technology" and UNIX are being circulated on the Net? :D
 
Access to source code will give you alot of insight into how a piece of code works. This leak could be serious because certain nefarious types could exploit various weak points of this code and exploit it. Think how many problems viruses can cause, and they themselves exploit only very small weaknesses - but this is peanuts to compared to the damage someone could do with better access and understanding of the source code. So it's actually quite a serious problem...!
 
JerryB said:
Access to source code will give you alot of insight into how a piece of code works. This leak could be serious because certain nefarious types could exploit various weak points of this code and exploit it. Think how many problems viruses can cause, and they themselves exploit only very small weaknesses - but this is peanuts to compared to the damage someone could do with better access and understanding of the source code. So it's actually quite a serious problem...!
Click to expand...
I'm not saying it's a pointblank good thing JerryB. Just, that's it's not an automatic disaster. MicroS' should have open sourced some of the more attack sensitive parts of the code, years ago, to allow OpenSource hackers to work on it. It's still one of the best ways of fixing bugs.

Loads of Slash Dotters seem to think it's a clever trap by MicroS'. Could be.

Whatever, expect a few revelations and surprises. ;)
 
They did. They apparently run a 'shared source' program whereby most of the OS source, barring cryptographic stuff, product activation features and things licensed from other people (do they actually license things from other companies? I thought they just ripped it off and then produced a bigger set of lawyers than the small company) is available for certain MS-approved academic research and teaching purposes.

I have a feeling that there's probably certain limitations, like not being able to disclose anything in it to others, that any fixes or suggested improvements are immediately the sole property of Microsoft, that sort of thing - but basically a method of having other developers fix the bugs and probably pay Microsoft for the privilege of doing so... Not sure how many places take it up mind...

Steve.
 
Actually the BBC article seems quite good.

Q&A: Microsoft source code leaked

Microsoft has admitted that some of the source code for its widely used operating systems have been leaked on to the internet. BBC News Online explains what has happened and what the consequences will be.

What has happened?

Some of the core computer code for Microsoft's Windows NT 4 and Windows 2000 products has been found circulating online. The files are reportedly proving very popular on file-sharing networks such as Kazaa and chat nets such as IRC.

What is source code?

It is the raw computer language written by programmers as they put together an application. When a program is compiled to become a working program this code is scrambled and becomes unreadable.

Commercial software firms guard source code for their products very carefully because rivals that get access to it could find out how their products work and copy them. A software company's source code is the equivalent to Coke's recipe for its fizzy drink.

What has been leaked?

So far there are only details about the leak of source code for Windows 2000, even though Microsoft has said that some of the code for NT4 is also online.

The Windows 2000 code is a 203MB chunk that expands to about 600MB - enough to fill one CD.

There are conflicting reports about what is in this chunk. Some say it is only 2% of the total code and others say it holds more than 13.5 million lines of code - about one-third of the total for Windows 2000. It is not enough to recreate the operating system.

The leaked chunk contains library and text files, scripts, executable programs and raw computer code. It seems to date from 25 July 2000.

Why is this a problem for Microsoft?

Firstly, it is yet another security lapse during a month that has seen the appearance of the fastest spreading virus ever as well as the discovery of yet another critical vulnerability in the Windows operating system.

Secondly, Microsoft's growth has come about because of its tight control of its intellectual property - the source code of its products. This has helped it maintain a stranglehold on the desktop computer market. That hold has been demonstrably loosened now. Rivals could use it to get a better idea of how Windows works and help them compete against Microsoft.

Thirdly, it might be the last straw for people tired of the security headaches that Windows creates.

Fourthly, for Microsoft to have this code paraded in public is hugely embarrassing. Not least because the code is littered with profanity and might show that many Microsoft programmers do not do a very good job.

In the past independent programmers that have deconstructed other Microsoft applications have been shocked at what they found within the code. Rivals and critics will be able to see exactly how Microsoft staff do their work.

Is this going to mean more security problems for Microsoft products?

It is too soon to say. Certainly knowing exactly how something works will be useful to anyone that wants to attack it, but few malicious hackers need an intimate knowledge of Windows to create havoc. Many of the viruses doing the rounds are simply copycat versions of older pernicious programs.

Virus writers tend to be lazy and build on the efforts of others. Few are likely to trawl through the millions of lines of code and go to the trouble of working out where new vulnerabilities can be found.

However, it just takes one dedicated vandal to do the work and the tools will be available to all

Microsoft has said it is more an intellectual property problem than it is a security issue.

Who has access to Windows source code?

Lots of people in thousands of organisations. Microsoft runs the Shared Source Initiative that lets researchers and key customers and business partners get a look at the basic code for many of its products. Up to 90% of the source code for Windows products has been shared over the years.

The only parts that Microsoft does not let anyone see are the bits dealing with product activation, its use of cryptography and code from other firms it cannot license directly.

Windows XP builds on the leaked code

This initiative was started to counter the success of the open source movement which is based around the freedom to inspect and play with the source code of computer programs.

Is this the first time this has happened?

It is the first leak of Windows source code though early releases of the various versions of Windows regularly circulate before they are official unveiled.

This leak is not thought to be related to the hack attack on Microsoft's corporate network that took place in October 2000.

Also, years ago code to version 6.22 of DOS was leaked online but no-one cared because it was so old.
Click to expand...
 
Yeah, I picked up on the "littered with profanity" reference - can anyone elaborate?
 
Code: 
Properties p = new Properties();
p.setProperty("com.exln.dxe.adminhost", [IP_ADDRESS_OF_XIS_SERVER]);
p.setProperty("com.exln.dxe.adminport", "1050");
p.setProperty("com.exln.dxe.iorport", "[IORPORT_NUMBER");
try {
this.session = XlnClientSessionFactory.getSession(p);
if (this.session == null) {
LogConfiguration.message("UNABLE_TO_GET_CLIENT_XIS_SESSION");
}
} catch (Exception e) {
LogConfiguration.message(e, "UNABLE_TO_GET_CLIENT_XIS_SESSION");
}
[b]F*CKING THING ^^ NO IDEA WHY T*SSING THINK DONT WORK[/b]
 
How many people do you think you'll see beng sympathetic to Microsoft?
The answer's probably less than zero and that's even counting the ones who'll see it as a problem for the IT industry as a whole.
 
schnor said:
Code: 
[b]F*CKING THING ^^ NO IDEA WHY T*SSING THINK DONT WORK[/b]
Click to expand...
You've got a missing ] after IORPORT_NUMBER and no quotes around the property above it. HTH!!!1
 
And actually - shouldn't the comment be, erm, commented. Perhaps that's why the it doesn't f*cking work.

Remember when Douglas Coupland wrote Microserfs (93/94?) They all seemed so cool back then.
 
Our intranet got destroyed end of January for a week but my computer kept working OK because it has to use Win 98...Nobody seems to hassle win98 since it became "legacy".
 
You must log in or register to reply here.
Back
Top