|
-
February 17th, 2004, 04:29 PM
#1
trust? - win2k source code tools
I've been following along with the discussions on the FD list and looks like along with the source that leaked... the tools that make programs "trusted" were included with it...
NOW EVERY EXECUTABLE IS TRUSTED AND DIGITALY SIGNED
found this interesting... \win2k\private\inet\mshtml\build\scripts\tools\x86
iexpress.exe
signcode.exe
makecert.exe ( DigSig.dll )
( in fast food voice ) and who would you like your package to be certified from today sir? \win2k\private\ispu\pkitrust\initpki\certs\
looks like the viri / trojan kiddies will have some fun with this. yikes to PE format executables.
alas... i could be wrong,
m.wood
Now, I thought that the source being released was going to be bad... 
Looks like these files were already available?
Certificate Creation Tool (Makecert.exe)
http://msdn.microsoft.com/library/de...akecertexe.asp
http://msdn.microsoft.com/library/de...eworkTools.asp
signcode.exe
http://longhorn.msdn.microsoft.com/l...gncodeexe.aspx
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
February 17th, 2004, 04:34 PM
#2
Well, wouldn't it make sense that this be available if a DC could be used as a CA? I would think that the machine has to have a way of making certificates and such? IIRC, a post in that thread pointed out this was out with the IEAK and AFAIK, any browser, including IE, has certs for various root level CAs. I suspect that MS put that in so that applications could take advantage of MS' products being CAs when needed.
-
February 17th, 2004, 04:44 PM
#3
Yes, it would make sense...
So, if these tools are already available... then m.wood's point was "wrong"...
Didn't see that last post in the thread... about the SDK and IEAK.
Please excuse this pointless thread... or delete it if you choose. 
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
February 17th, 2004, 04:47 PM
#4
Possibly.
But I think it also leads to the question of how much of an option is left to the user to make a decision as to what to trust. If the OS trusts everything, then it's not really secure (trusts based entirely on a single method can be exploited). It may not be as big of an issue in exploitability but could be a question of how secure that particular section of code (and we do need to remember we have a small snippet of what is in all of Win2K) and how security oriented that code is. (if that makes sense?)
-
February 17th, 2004, 08:52 PM
#5
Junior Member
In my opinion, since Microsoft wants to remain a propriatory software vendor, and not opt for becoming open-source, then releasing the source code to anyone was not a good idea for business.
what I don't understand, is why Microsoft would wish to remain closed source, looking at the successes of companys such as RedHat and MandrakeSoft. Taking a company which already has a large market share, and adding to their customer base by making their software open source (and i'm not even talking about GPL here, simply open source) would have been in the best interests for business.
Then that avoids all the problems they're having now with parts of the NT and 2000 source code being leaked.
-
February 17th, 2004, 10:15 PM
#6
what I don't understand, is why Microsoft would wish to remain closed source, looking at the successes of companys such as RedHat and MandrakeSoft. Taking a company which already has a large market share, and adding to their customer base by making their software open source (and i'm not even talking about GPL here, simply open source) would have been in the best interests for business.
Not necessarily. Look at Oracle. By far, it has the single largest share of the database market and will probably remain so even with contenders like MySQL (which has some things to do before it's truly a serious contender). MS still has a strong base of paying customers with a closed environment. Why would they open themselves up to be copied?
As for the code being leaked, there's a link I put in another thread (which I will put at the bottom of this one) that suggests the leak may not be as bad as people think, especially given the amount of code (only about 100MB versus 40GB worth.. heck, it was only 30,000+ files... given that NT was what.. 16 million lines of code it's not a big part) and the area of code taken, the risk is there but it's not as big as people think. Humourous now but probably not as bad as some might think.
http://www.kuro5hin.org/story/2004/2/15/71552/7795
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote