Windows source code leaked? Beginning of the end
and i thought it was bad before. if this is true, and 2000 and NT source codes have been leaked, we should expect to see a rash of computer worms like never before.
how long until the 'net comes crashing down?
see here for more info.
edit: just realized the page is toast. here's the text.
how long until the 'net comes crashing down?
see here for more info.
edit: just realized the page is toast. here's the text.
Quote:
Neowin has learned of shocking and potentially devastating news. It would appear that two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT. At this time, it is hard to establish whether or not full code has leaked, and this will undoubtedly remain the situation until an attempt is made to compile them. Microsoft are currently unavailable for comment surrounding this leak so we have no official response from them at the time of writing.
This leak is a shock not only to Neowin, but to the wider IT industry. The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn't bare thinking about.
We ask that for the wider benefit of the IT community that members and readers support Microsoft by forwarding anything they know about the leak to the Microsoft's Anti-Piracy department.
Please do not post any links/screenshots/hints or anything to do with the source code outbreak. Discussion is allowed but we will not condone people spreading this source code.
Neowin has learned of shocking and potentially devastating news. It would appear that two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT. At this time, it is hard to establish whether or not full code has leaked, and this will undoubtedly remain the situation until an attempt is made to compile them. Microsoft are currently unavailable for comment surrounding this leak so we have no official response from them at the time of writing.
This leak is a shock not only to Neowin, but to the wider IT industry. The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn't bare thinking about.
We ask that for the wider benefit of the IT community that members and readers support Microsoft by forwarding anything they know about the leak to the Microsoft's Anti-Piracy department.
Please do not post any links/screenshots/hints or anything to do with the source code outbreak. Discussion is allowed but we will not condone people spreading this source code.
Comments
- Xidius
Damn...
Originally posted by >_>
HURRAY!!!!!!!!!
- Xidius
Your stupidest comment to date.
from there tens of millions of people hit the server that had the news, and it went abruptly offline. i'm guessing google news can't find it yet.
Originally posted by murbot
Your stupidest comment to date.
Sorry. I just happen to find this hilarious.
Can't wait to see the chaos that this brings.
- Xidius
Everyone HAS to switch to Mac and OS X or nothing will work again
I'm guessing nobody.
This is a fairly serious leak, but given that a worm just got through our rather elaborate defenses and hosted itself in our patched-up-to-the-minute XP Professional and Server 2003 systems (desktops and a RAS, not anything mission critical), and given that (from people I know who've worked on those codebases) prolonged exposure to Windows code will have you dancing stark naked on Easter Island trying to raise R'lyeh from the sea, I don't actually think it'll make things that much worse. They can't get much worse. From a security bulletin I read, someone's finally found an exploitable hole in Windows Messaging, which is Microsoft's Nightmare #1. And that's in XP.
The house of cards is finally falling. I'm not looking forward to this, really, because I'd hoped it would collapse under its own weight, rather than under exploits by criminals - and make no mistake, these new exploits are not just random nuisances by bored kids. Organized crime is getting involved. This is Very Bad(TM).
But if it gets Windows off the internet, gets better server OS' on the internet, and forces MS to confront some problems it's been avoiding now, that will be a silver lining. I just hope that happens quickly enough that the crooks can't glean too much information or do too much damage with it.
no user intervention would be required. write the worm and let it rip through the 'net. in hours they could probably bring the entire internet down to its knees. now, if you were a real bastard, you write one that then formats the HD of infected machines.
since they have the source code, there will be NO PATCH available when the worm hits. because of the nature of AV software, there won't be able to catch it for at least hours, but more likely days.
and after that one hits, another just like it can come along and do the same or worse. the only people who have a chance will be people who bothered setting up decent firewalls.
Originally posted by alcimedes
actually, the big problem would be that, with unrestricted access to source code, hackers can now write excellent worms.
no user intervention would be required. write the worm and let it rip through the 'net. in hours they could probably bring the entire internet down to its knees. now, if you were a real bastard, you write one that then formats the HD of infected machines.
I don't think that's what's going to happen, though. In fact, my worry is that worms will go the other way, and become invisible and latent moles, spying on the users, leaking information to the Mafia, occasionally serving as a relay to cover someone's tracks. They could be used for obvious things like DDoS, but I'm more worried about what they could do sub rosa.
How reliable a source is Neowin though? There's a mini-debate about this over at /. with no definite answer. Has the story been picked up anywhere else? No mention on CNN, NY Times, CNet, etc.
Originally posted by murbot
Your stupidest comment to date.
Are you serious!?! Sure there will be world wide disruption to computer networks if this is true, but can you honestly say, hand an heart, that in the long run this won't help the computer industry?
Personally I hope this is true. MS (windows division, I happen to really like some MS hardware and games) have had this coming for a long time. These days, even in the hype of all these viruses, people... No, governments and organisations are still using windows. Not out of choice, but because they feel they have to so they can "play nice" with the others...
This might be just what is needed for them to take the blinkers off and look for the best solution, not just the one that has a nice box and a funky advert!!
Well at least if a supposed worm like some of the one's thrown around do rip through the 'net, at least the critical infrastructure will remain intact. Now if someone had gotten their hands on the source code of the Cisco IOS, and the Nortel IOS then we all could be screwed. To clear it, all you would have to do would be to reboot the router and your done. But the number of routers going down would have a huge impact.
One could argue, however, OSs like BSD, Linux, and the Darwin core are all open and visible to the world and no one has created a hugely devastating worm for those OSs.
Originally posted by Gargoyle
Are you serious!?! Sure there will be world wide disruption to computer networks if this is true, but can you honestly say, hand an heart, that in the long run this won't help the computer industry?
Surely the bombing of China would kill 1.000.000.000 human beings but can you honestly say, hand at heart, that in the long run this won´t help domestic production of television sets?
Eeeeee. Wrong question.
The MS press release. IT seems like they are more worried about their prescius source code being intact than the damage of everybody knowing it would cause. Like a man checking his car for scratchmarks right after he accidentially hit a kindergarden crossing the street.