Microsoft follows Valve? (Win2K/NT Source Code Leaked)

[MrLinus]

Sigh. MS is ending up an awful lot on the front page these days...

http://neowin.net/comments.php?id=17509&category=main

Neowin has learned of shocking and potentially devastating news. It would appear that two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT. At this time, it is hard to establish whether or not full code has leaked, and this will undoubtedly remain the situation until an attempt is made to compile them. Microsoft are currently unavailable for comment surrounding this leak so we have no official response from them at the time of writing.

This leak is a shock not only to Neowin, but to the wider IT industry. The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn't bare thinking about.

We ask that for the wider benefit of the IT community that members and readers support Microsoft by forwarding anything they know about the leak to the Microsoft's Anti-Piracy department.

*ouch*

I wonder a) how true this is b) what kind of impact this might have on security (specifically Win2K, which is certainly better than NT) c) long term affect. I'm also curious as to how this happened.. perhaps the MSIE which was touted as being the most secure.. isn't as secure as claims make it out to be?

[foxyloxley]

So, to precis this, the source code could be checked to find MORE exploits. And, of course, the repoter does NOT want to be sensationlist ???
who knows, perhaps MsM has caught the nux of this, in that IE might , just possibly, not be as secure as they were saying. Would that mean someone is telling 'porkies' surely not,

[TheTempest]

wow,

that can really cause some very serious ramifications in the computer security industry.

however, on the other hand, people have the source code to *nix and you dont see many exploits. Yes, i know this is because not many use a *nix system and that *nix isn't as a big target as M$ is.

and i'm with you MsM, i wonder how true this is.

[RoadClosed]

It looks like MSM got her "Full disclosure". The leak at valve has proved to be devastating. The software in question is still not released after that incident. Is the delay related? I would think so. I guess to protect your source form rogue and trusted persons would be to strip search all the employees coming and going.

[MrLinus]

Well, I did some searches on Google (using windows+source+code) and got reminded that MS did open it's source code to various sources (apparently) in an attempt to convince them to us Windows over Linux. If that did happen, what's prevents them (notably Asian-continent where pirating software is just as much a standard practise as here) from doing an "oopsie.. didn't mean to send it out" kind of error?

P.S., I'm a big "Full Disclosure" fan after BugTraq's went heavily moderated.

[sumdumguy]

wow.. that thread over there is growing in "leaps and bounds"

still, many there are doubting all this because Neowin hasn't posted any sources as to the legitimacy of the claim.. is it really the full source code ? or just pieces ?

I still see nothing via google about this claim.. but it wouldn't surprise me if it were true.

[HTRegz]

Originally posted here by TheTempest
wow,

that can really cause some very serious ramifications in the computer security industry.

however, on the other hand, people have the source code to *nix and you dont see many exploits. Yes, i know this is because not many use a *nix system and that *nix isn't as a big target as M$ is.

and i'm with you MsM, i wonder how true this is.

I'm going to have to disagree with you on this one. I remember someone once posted stats here and there are more *nix exploits than their are MS exploits, the MS exploits are just more publicised.

However it will be interesting to see if it's true. I'd also be interesting to see the code. I guess only time will tell.

[sumdumguy]

if neowin was just looking to gain a bit of attention, he's got it.. his server is overloaded..

The server is too busy at the moment. Please try again later

[MrLinus]

Gawd Full Disclosure is fun... http://amo.net/NT/01-20-03MSFT.html

From January 20, 2003
Having the ability to see and modify source code in an operating system gives governments the ability to not only control how the system runs, but gives an added security sense for using it on highly sensitive computer systems or networks with top secret data. For instance, if the government body locates code they find is a security risk, they can pull it out and recompile the Windows Platform without it.

Obviously, with the more governments signing on to the Microsofts' Government Security Program, there is a higher probability that one government will have the source code leaked to the general public. If the code is leaked in an unencrypted form, it is possible there will be thousands and potentially millions of "customized" Windows platforms running worldwide.

The total size of the source code package given to Russia represents approximately 30 million lines of computer code language.

[/edit]

More sources: WinBeta Forums

[sumdumguy]

still.. nothing said at winbeta can really confirm it.. chatter could be just that.. chatter.

this one person at neowin's place posted his supposed index of the source..

you can't see the post as neowin's place is still overloaded but here's the link.

http://home.hccnet.nl/pacjack/src/INDEX

edit: damn.. that link is dead now.. shoulda saved the contents.

it was only a directory listing.. not the source code itself.