Hard Light Productions Forums
Off-Topic Discussion => General Discussion => Topic started by: Kamikaze on February 12, 2004, 06:56:33 pm
-
http://slashdot.org/articles/04/02/12/2114228.shtml?tid=109&tid=187
MS Windows NT and 2k source code leaked.
Bye bye security.
-
O man this sucks!
-
...lovely...
Linux, here I come...
-
and since XP is based off of 2k...
-
Actually, I think it would be funny to see the open source community release a security patch for win2k before Windows does, proving that open source is more secure since it can be patched faster with more eyes looking at it.
:lol:
I can't wait. :p
-
heh, watch it really happen.
-
Yeah watch all the hackers on earth take advantege of this too.
-
MS comments that they're not sure of the validity.
http://www.internetnews.com/ent-news/article.php/3312451
http://zdnet.com.com/2100-1104_2-5158496.html
-
from Kamikaze's sig
Last edited by Setekh on 07-05-2004 at 09:54 AM
How is that possible?
-
Originally posted by redsniper
How is that possible?
It's not. :p
But you, too, can have one just like that...
-
It's his sig. It hasn't actually been edited by Setekh.
-
I figured that was the case, right after I posted. Just sorta freaked me out at first.
-
it's been in his sig for a long time.
-
ok, so I'm inobservant :p
-
I fell for it a little while back too... but when I did, the date was a few monthe before the post...
-
well if windows is 35 million lines of code and fs2_open is around 400,000 and it takes fs2_open about 7 minutes to compile, how long will it take for windows to compile
*waits for CP*
-
10 hours 12 minutes and 29.88 seconds
-
*moves back to trusty ol 98*
2000 gave me too little resource control anyway......at least this way i know I can actualyl END that pesky program without windows complaining.....
-
Windoze == :shaking:
Sorce of Windoze == :shaking:
Leaked == :shaking:
I == :mad:
-
And it's confirmed.
Eh, not such a big deal. After an initial burst of ****bags taking advantage of newfound and probably rather serious flaws (during which, yeah, might be smart to leave the computer offline permanently), it'll all stabilize out, get to be not much worse than normal. Be interesting to see if this leads to multiple unauthorized versions of Microsoft like the Linux exploits, though.
-
that's what I'm hopeing for
-
*installs Linux*
-
oh crap...
if this is comes to more hacker attacks, i don't know what i'll do.
i am so sick and tired of installing new securety patches from MS
-
i just realized something...
MS has dug itself into a grave here.
Why?
Any GOOD programmer with some sense of Morals wont speak up where they got the code from, because of fear from the insinuating lawsuits that MS might put on their future work - its more assured that VERY few will say they actually saw it, if any at all.
Any Bad programmer is just going to keep it to themselvesand hack away at it like nobody's business. They dont need to tell anyone - the world will see it in the virri that comes out.
Either way, MS's own legal and greedy policy have done themselves in.
-
this doesnt include xp tho does it...
but it does use ntfs doesnt it... hmm
yes big doo doo i thinks
-Grug
-
lets hope my firewall can defend itself
-
for those of you who want to know how closely related XP is to 2000 here is a little snipet from the leaked source
/* printf("Welcome to Windows 3.1"); */
/* printf("Welcome to Windows 3.11"); */
/* printf("Welcome to Windows 95"); */
/* printf("Welcome to Windows NT 3.0"); */
/* printf("Welcome to Windows 98"); */
/* printf("Welcome to Windows NT 4.0"); */
printf("Welcome to Windows 2000");
-
Originally posted by Bobboau
for those of you who want to know how closely related XP is to 2000 here is a little snipet from the leaked source
/* printf("Welcome to Windows 3.1"); */
/* printf("Welcome to Windows 3.11"); */
/* printf("Welcome to Windows 95"); */
/* printf("Welcome to Windows NT 3.0"); */
/* printf("Welcome to Windows 98"); */
/* printf("Welcome to Windows NT 4.0"); */
printf("Welcome to Windows 2000");
[/B]
I don't know whether to:
:lol:
or
:wtf:
-
Originally posted by Beowulf
I don't know whether to:
:lol:
or
:wtf:
Let's use :lol: ;)
-
Balls. :shaking:
-
oh my god, if that's normal operating procedure, i don't want to know how big that codefile is.
edit: bob, where did you get that, do you have a full copy of the source?
-
Originally posted by Bobboau
for those of you who want to know how closely related XP is to 2000 here is a little snipet from the leaked source
/* printf("Welcome to Windows 3.1"); */
/* printf("Welcome to Windows 3.11"); */
/* printf("Welcome to Windows 95"); */
/* printf("Welcome to Windows NT 3.0"); */
/* printf("Welcome to Windows 98"); */
/* printf("Welcome to Windows NT 4.0"); */
printf("Welcome to Windows 2000");
[/B]
:lol: That is one of the funniest programming things I've seen in a long time :D
From the article I was reading apparently the code expands to around 600MB of data. Given this example they probably only got away with the source code for wordpad! :D
Seriously though this is pretty worrying. 2k and XP share enough code that a lot of exploits will work on both. Even if they don't there are plenty of 2K boxes out there.
Singh does make a good point that very few white hat programmers will admit to having seen the source cause of MS's legal habits.
-
so, what we're looking at is that "nobody" as seen "anything" while people who have seen it will primarily use it to do bad, instead of people doing good by releasing patches to stuff the holes. i already see MS sueing someone who emails them a patch for a security hole.
-
Exactly. The white hats might detect a flaw in the code, make an exploit for it and then contact MS but by doing so they give the black hats just as much time to make their own version.
MS should realise what a disaster this is and offer rewards for help rather than trying to squash it.
The worst thing is that whole mess wouldn't make MS look any worse if they handle it properly. It's probably not their fault that the code leaked. Sure their OS is full of holes but anyone computer literate already knew that. The computer illiterate may not have known but by pumping up the "stolen code" angle they could have avoided it being seen as their fault.
Instead they're claiming that nothing is wrong which means that they will take the blame when things start to go wrong.
Hopefully though the code will turn out to be part of Word or something else that doesn't access the net and therefore is reasonably safe from hacking exploits.
-
[color=66ff00]Completely hypothetically speaking; if one were to want to get ones hands on a copy of the aforementioned source code what avenue would one procure this fine intellectual™ property™ of Microsoft™™™ from?
™
[/color]
-
Kara, the problem is IMHO that if anyone says to MS: "look, i saw the source, here's the leak, and here's a complete patch for it." they'd put every bit of legal power they have to sue that person for seeing and editing the code, and creating a work based on it (that patch). therefor, no one, no one at all would dare to tell MS anything. the only thing MS can do now is release the source completely, and into the linux groups as well, and hope that people are willing enough to help out.
-
Ms will probably use it as a reason to upgrade to XP or some crap...and this is after they took something like 200 days to fix a system critical bug!?
-
BetaNews is reporting that the source code is part of Win2000 Service Pack 1, the leak came from a company called MainSoft that creates *nix native versions of Windows applications.
http://www.betanews.com/article.php3?sid=1076674118
-
Okay, now we know why XP is a bloated POS. The entire source code for 2k was admitted to being nearly 40GB. Umm, I'm thinking nobody could figure it out, and M$ is too apathetic to write new code that does what they want so they just add in on top. 40gb...that's just a little excessive to me. A full uncompiled distro of Linux slides in at just under 2gb, libraries and all.
-
not a usefull compile, i am not sure what to say about that. it makes it harder to use it for bug fixing, but it doesn't seem to do much in terms of exploit seeking.
-
Y'know. They coulda done it on purpose.
This way they get all their holes fixed without having to pay programmers or release Windows as an open-source, free-to-download product.
-
Originally posted by an0n
Y'know. They coulda done it on purpose.
This way they get all their holes fixed without having to pay programmers or release Windows as an open-source, free-to-download product.
They tried something similar before, didn;t they?
Releasing an 'open source' version of the code to companies (in exchange for...er...getting to fix the bugs in the code themselves & report the fix to MS).
NB: I think it actually takes an entire network of computers about 12+ hours to compile Windows....it's the definition of 'bloatware'.
-
40 gigs of source seems a bit large, really. i mean, i know an OS does a lot of stuff, but if linux can do it in 2GB, it seems a bit gigantic.
-
Originally posted by kasperl
40 gigs of source seems a bit large, really. i mean, i know an OS does a lot of stuff, but if linux can do it in 2GB, it seems a bit gigantic.
Odds on that at least 5% of that code is actually completely useless, but it's so undocumented (and probably written by the work experience boy) that nonone can figure out if they can remove it or not.
At a guess
12.5% is probably the random crash routines.
25% is the bug report & id routines.
30% is the faulty security hole routines put in there to make people upgrade
10% is the code to support that stupid arse paperclip which ALWAY FECKING ANNOYS ME!!!!! *cough*
~0.00000000000125% is the error handling code. (currently commented out)
-
*Installs Solaris9 x86*
-
Originally posted by aldo_14
They tried something similar before, didn;t they?
Releasing an 'open source' version of the code to companies (in exchange for...er...getting to fix the bugs in the code themselves & report the fix to MS).
Well, the two do have something to do with each other, though not exactly in that way. Apparently the person it got leaked from is an idiot and left a trail a mile wide. Including a tag MS had left in there specifying the company the OS snippet was loaned to and (I think) the user name.
-
Originally posted by Darkage
*Installs Solaris9 x86*
Mmmm. Slowlaris X86. It doesn't get much worse than that. ;)
-
Originally posted by mikhael
Mmmm. Slowlaris X86. It doesn't get much worse than that. ;)
If you can get me a cheap SunBlade or a Sparc station with a software packages then it isn't so bad:D
I never had any problems with it.
I use it at work but there we actualy use Sun Microsystem hardware/software.
-
Originally posted by an0n
Y'know. They coulda done it on purpose.
This way they get all their holes fixed without having to pay programmers or release Windows as an open-source, free-to-download product.
I'd have said that if they'd have had Longhorn or whatever it is ready to launch
-
Originally posted by mikhael
Mmmm. Slowlaris X86. It doesn't get much worse than that. ;)
It's probably the only Os I've used that slows down to a crawl when more then one netscape window is open........ there's actually an semi-inquest going in our Cs department as to why the JVM (in aprticular) is so god-damn slow on the Solaris boxes.....
-
hmmm...we don't have that problem. Weird
-
Originally posted by Darkage
hmmm...we don't have that problem. Weird
Yup... that seems to be the consensus, based on what one of the lab assistants said.
-
We use allot of sparct statiosn. Moslty Ultra 5/10 and 60 boxes. We do also use some SunBlades. All put into a network not to big around 50 systems.
Did they offer a patch or other sollution for that problem?
-
Originally posted by Darkage
We use allot of sparct statiosn. Moslty Ultra 5/10 and 60 boxes. We do also use some SunBlades. All put into a network not to big around 50 systems.
Did they offer a patch or other sollution for that problem?
I have no idea what they're doing about it - if anything.
All I know is that it got mentioned during a lab session, because the mobile agent system we were using was screwing up in new and inexplicable ways.
-
You know, while Windows has plenty of security holes, the main way of hackers exploiting those holes is through executable files on their target's computer. To do that, they need to get an executable up and running on said computer, a task which is normally accomplished through a virus. And while there are of course many ways in which viruses can spread, I'd hazard a guesstimate that about 70-90% spread through vulnerabilities in Internet Explorer (which is the basis for the Outlook Express and Outlook email rendering engines).
The solution? Use Mozilla (or Opera - does it have a mail client though?). I remember many many virus-infected email I received in the Mozilla mail client - for the most part I could even view the email without any worries that the virus would self-execute. Not that that's a good idea mind you, but still... it's to prove the point that while your car may have a 40-gallon gas tank, all that gas needs to enter through the one little opening. Make sure that opening is secure, and you've secured the whole system.
-
@sandwich
Yes, Opera has a simple email client built in. BUT it's pretty crappy, so you wouldn't want to use it anyway.
-
Originally posted by kasperl
Kara, the problem is IMHO that if anyone says to MS: "look, i saw the source, here's the leak, and here's a complete patch for it." they'd put every bit of legal power they have to sue that person for seeing and editing the code, and creating a work based on it (that patch). therefor, no one, no one at all would dare to tell MS anything. the only thing MS can do now is release the source completely, and into the linux groups as well, and hope that people are willing enough to help out.
That's what I meant. As a result any white hat programmers will have to make an actual exploit and claim to MS that they came up with it independant of the source before they'll feel safe to go to MS. Then they'll have to wait for MS to find the dodgy piece of code in the source (something the white hat already knew) and fix it.
All in all an incredibly stupid turn of events.
-
Originally posted by Darkage
If you can get me a cheap SunBlade or a Sparc station with a software packages then it isn't so bad:D
I never had any problems with it.
I use it at work but there we actualy use Sun Microsystem hardware/software.
Should have said something while I still worked at Cisco. I threw out more working Sparc stations than I can count, and a couple of sunblades and sunrays (dumb terminals for connecting to sunblades) and we had just ditched all our 2.8 licenses for 2.9.
-
damn i could have used one of those stations.:)
-
http://www.theregister.co.uk/content/55/35611.html
-
I think i may downgrade to win 98................
-
I'm uddenly glad that I swapped over to Mozilla FireFox and Thunderbird earlier in the week. Won't cut out everything but a lot of exploits are going to be aimed at IE and Outlook Express.
-
Originally posted by karajorma
I'm uddenly glad that I swapped over to Mozilla FireFox and Thunderbird earlier in the week. Won't cut out everything but a lot of exploits are going to be aimed at IE and Outlook Express.
me too, though I'm just about to install thunderbird.