Windows 2k and NT4 Source code leaks
Microsoft is investigating how a file containing some protected source code to Windows 2000 was posted to several underground sites and chat rooms.
A spokesman said late Thursday that incomplete portions of Windows 2000 and Windows NT were illegally posted to the Internet.
“It’s illegal for third parties to post Microsoft source code,” spokesman Tom Pilla said. “We obviously take that very seriously.”
Microsoft said it is investigating how the code got on the Internet and is working with law enforcement. “We will take all appropriate legal actions as we move forward with the investigation,” Pilla said.
Pilla said that the company has no indication that the posting was a result of someone breaching Microsoft’s corporate network and said at this point there should be no impact on customers. As for the long-term security impact, Pilla noted that “this is not buildable or executable code…nor is it the complete source code.”
The 203MB file contains code from Microsoft’s enterprise operating system, but the code was clearly incomplete, said Dragos Ruiu, a security consultant and the organizer of the CanSecWest security conference, who has examined the file listing.
“It was on the peer-to-peer networks and IRC (Internet relay chat) today,” Ruiu said. “Everybody has got it; it’s widespread now.”
The 203MB file expands to just under 660MB, he said, noting that the final code size almost perfectly matches the capacity of a typical CD-ROM. The entire source code, he said, is believed to be about 40GB, meaning that the file circulating Thursday is only a fraction of the full code base.
guys any plan to open sourceforge project?
more from [url=http://news.com.com/2100-7349_3-5158496.html?tag=nefd_top]News dot COm[/url]
February 13th, 2004 at 4:40 pm
?It?s illegal for third parties to post Microsoft source code” ?
it oughta b illegal 4 any1 other than M$?lers themselves 2 use M$oft — mebbe then they r tempted 2 put sum efforts in2 improving their bits.
?guys any plan to open sourceforge project??
read ome rumour that peeps from the andr.net chn r in2 this *smile*
February 13th, 2004 at 7:50 pm
xxx: the comments are the most interesting part
xxxx: return i; // potentially off-by-1, but who cares…
by unknown Linux Jedi, I know who 😉
February 14th, 2004 at 6:32 am
1. There were 27,142 NT 4.0 SP3 files totaling 338MB.
2. There were 28,782 W2K SP1 files totaling 658MB.
3. It does appear that all of both versions are present, minus IIS.
4. 10,425 of the 27k NT files are actually source totaling 193MB uncompressed.
5. 8,367 of the 28k W2K files are actually source totaling 217MB uncompressed.
just FYI
February 19th, 2004 at 2:45 pm
u probably read/came across this 1:
http://www.securityfocus.com/news/8060