Let's hope it gets worst

Al_Capone · February 13, 2004, 11:34pm

http://www.cnn.com/2004/TECH/internet/02/13/microsoft.code.ap/index.html

Microsoft grapples with leak of source code online

Friday, February 13, 2004 Posted: 3:44 AM EST (0844 GMT)

Story Tools

SEATTLE, Washington (AP) – Microsoft Corp. says incomplete portions of the source code for some versions of its Windows computer operating system were leaked over the Internet, but analysts caution it’s too early to say how much damage the leak may cause.

Spokesman Tom Pilla said the pieces of source code, the tightly guarded blueprint of its dominant computer operating system, were for Microsoft’s Windows 2000 and Windows NT4.0 operating systems.

Access to the source code could allow hackers to exploit the operating system and attack machines running some versions of Windows. Several versions of the operating system, including the ones containing leaked code, are used on hundreds of millions of computers worldwide.

Such access also could provide a competitive edge to Microsoft rivals, which would gain a much better understanding of the inner workings of the company’s technology.

Microsoft was made aware of the leak Thursday and was investigating, Pilla said. He did not know how much of the code had been leaked, when the leak occurred or how many people might have gained access to it. The company could not immediately pinpoint the source of the leak and has contacted law enforcement authorities, he said.

Pilla said there was no indication the leak was a result of a breach of Microsoft’s corporate network. There was no known immediate impact on Microsoft customers, he said.

Microsoft has previously shared some of its source code with some companies, U.S. government agencies, foreign governments and universities under tight restrictions that prevent such organizations from making it publicly available. But the company has generally argued the blueprint to its operating system is proprietary and shouldn’t be made public.

Still, because some people outside Microsoft have had access to the code, analysts said it wasn’t too surprising for such a leak to occur at some point.

“I don’t understand why it hasn’t happened sooner because there are so many (organizations) out there that have access to the source code,” said Marc Maiffret of eEye Digital Security Inc. of Aliso Viejo, California.

But analysts and security experts cautioned that it was hard to assess any potential damage the leak could cause since so few details were available.

“Frankly, I’m not sure anybody can fully assess that, other than Microsoft,” said Al Gillen, research director for systems software at research group IDC.

The leak could potentially put more Windows users at risk because it opens the door to more people finding vulnerabilities in Microsoft’s code – and using them in malicious ways, Maiffret said. That could, in turn, wreak havoc on Microsoft’s ability to respond with fixes in a controlled manner.

But, he cautioned, it was too early to say whether such a major threat existed.

Some experts said it seemed more likely the leak could be most valuable to Microsoft rivals.

“What people could learn from it has the potential to make other organizations that are building competing products … make products that can compete with (Microsoft) more effectively,” Gillen said.

Others noted that the greatest damage may be to Microsoft’s reputation.

“It seems unlikely this is going to create a material, significant security problem,” said Rob Enderle, a technology expert and principal analyst with the Enderle Group. “It’s more embarrassing than anything else because it makes it look like Microsoft can’t control its code.”

Goofster · February 14, 2004, 7:56am

yeah woohoo! let’s hope it gets worse so we get a global computer meltdown and we go back to the iceage!

all those anti-microsoft people laugh at this, but I don’t think they understand the seriousness of this.

Roel

Alltaken · February 14, 2004, 8:34am

no i don’t think they understand the seriousness of this.

imagine virus’s that take 100% complete control of your computer, decode your stored and encrypted credit card data, get into hosts, servers, banks all sorts.

not even your linux box’s will be safe due to all the disruption ti would cause.

personally i hope some coders take a look at it all and code their own fantastic version of windows from it

Alltaken

Carnivore · February 14, 2004, 8:42am

The only wise thing to do now would be to install linux, at least until the leak is brought under control. I’m on Winows XP right now, but it has the same core as Win2K so most win-users are in danger.

The other theory is that M$ leaked the code so that Longhorn would sell better :D.

rogerm3d · February 14, 2004, 3:45pm

I don’t know that doesn’t sound too good, you can easily download the source code for Linux, thus any hacker can gain access to the source code and this could allow them to exploit the operating system and attack machines running some versions of Linux. %|

Al_Capone · February 14, 2004, 4:01pm

I don’t know that doesn’t sound too good, you can easily download the source code for Linux, thus any hacker can gain access to the source code and this could allow them to exploit the operating system and attack machines running some versions of Linux. %| ;)[/quote]

Only if you download a Linux OS that have been modified to contain a virus, however, the codes are being look at all the time and because such a opening will cause such problem, it would be close sooner then any MS operation systom.

anon93056638 · February 14, 2004, 6:53pm

I don’t know that doesn’t sound too good, you can easily download the source code for Linux, thus any can gain access to the source code and this could allow them to exploit the operating system and attack machines running some versions of Linux. %| ;)[/quote]

Something tells me that a 4 year old could find exploits in Microsoft’s code, linux is more of a challenge.

shbaz · February 14, 2004, 10:08pm

Guys, I hate to point out the obvious, but I’m assuming the smilies meant he was joking.

lilo · February 14, 2004, 10:25pm

I don’t know that doesn’t sound too good, you can easily download the source code for Linux, thus any hacker can gain access to the source code and this could allow them to exploit the operating system and attack machines running some versions of Linux.

hummmmmmmmmmmmmmm…

have you seen alot of linux exploits lately…

didn’t think so

perhaps a little investigation into the underpinings of the 2 os’s would help clear things up

lilo

hemaroid · February 15, 2004, 1:45am

Yes I have! http://www.securityfocus.com/bid

The only truly secure OS I’ve seen is OpenBSD but as a result it’s really not user friendly. True security does however not lie within the system itself but in the system administrator. You can just as easily set up an insecure Linux, OpenBSD or Windows box if you don’t know what you’re doing.

On the other hand Linux is free and I love it and use it as much as I can. Just don’t be fooled into believing that it’s more secure and viruses don’t exist for it. It’s just that most of the hacking and virus effort is pointed at Windows since it is the predominate OS of the world. If the roles were to be reversed you would see great influx in exploits and viruses for Linux.

rogerm3d · February 15, 2004, 8:30am

You are very smart, people refer to the smilies
I find that both Linux and Windows when set up right can be quite secure (Windows just takes alot more work, such as removing IE, Outlook, etc)