Slashdot Mirror
Microsoft Cracked
Lyserjic seems to have been first with the news. Some linkage: CNET. CNN. AP. MSNBC. BBC. MSNBC's story is a copy of the Wall Street Journal article which apparently broke the news - it's the most complete.What's known - the passwords were being sent to St. Petersburg, Russia. They probably had access for about three months.
This so-called "hack" was really just a frustrated MS user who finally decided to get in there and fix the bugs himself. Of course MS considers the bugs their intellectual property and wants them back.
void main() is not illegal! At least it didn't used to be. I know for a fact it works with TC++ 3.0 for does and all of microsoft's compilers. I believe that if you are usinig true C++ then you have to have some return code, but I'm not sure
It looks like the elite hackers left some evidence that they in fact gained access to MS Servers, including their main ftp servers:
----
C:\> ftp
ftp> open ftp.microsoft.com
Connected to ftp.microsoft.com.
UR 0wn3d!!! M1cr0s0f7 h4x0r3d by dr. d00m, m4st3r 0f d1s4st3r, & ul7t4 l4z3r!! Gr33tz t0 4ll 1n th3 7o7!!
User (ftp.microsoft.com:(none)):
----
It is pitch black. You are likely to be eaten by a grue.
"Defacements of Linux sites has been rising at a steady rate and now there are more defacements of Linux sites than NT sites."
Do you think that maybe thats because there are more Linux than NT webservers and that its been rising because the amount of Linux webservers is rising(in fact has overtaken NT). I dunno just a guess.
Time is Change.
But what if they purged the e-mail and logs. and only had ones dating back three months? Those pesky purges have been known to happen, y'know.
~Philly
And explain to me how that compares to the THOUSANDS of virii, and trojans out there for win?
It seems to me that win has more exploitable regions. Ive peered through my kernel (2.2.16), and ive found nothing that could lead to any type of security flaws. My kernel is self-built, and my system is installed with the Slackware basics, and then built by me from there with the latest, and CVS releases from evey daemon my system runs. I run as many services as my ISP, yet, my site has been running 2 years, and not one successful breakin. I get attempts every day.
About IE/outlook compared to general Unix security also. This may apply to 2000, but 2000 is actually less secure in this manner. PERMISSIONS. EX: user running mutt/kmail downloads a wierd script. runs it. It only has effect on that user. If someone on a 2000/98 machine runs it, it effects the whole system. It will in 2000 because all programs are either executed as 'service' or 'system'. Ive been using Linux/Unix for 3 years, and M$ seince 94. I stopped using M$ 4 years ago, but I keep an eye on some of the things they are doing. I know, im pretty sure you do to.
BTW people: OpenBSD isn't as secure as you think it is. Its not unhackable. Its only as secure as the admin makes it. Whereas if your using a M$ product, its only as secure as M$ makes it.
Ignore the Anonymous Pissant trolls !!!
Thanks -- though this doesn't solve the overall problem (and I still don't know what those lower-level Win32 functions do) it's some help.
Don't post on slashdot. Get back to work.
The headline says "Navy to run Microsoft." I wish! More than likely Microsoft will run the Navy.
You sure did. I'd venture to guess you didn't even read it. Go read the MSNBC artcile where it states what "experts" think happened. (In short: QAZ).
And while it doesn't mention a mail client, how much you wanna bet everyone at MS uses Outlook?
--
--
"I personal[ly] think Unix is "superior" because on LSD it tastes like Blue." -- jbarnett
-
Just because you can, does not mean you should.
Another System's Source Code Stolen!
By Ted Bridis and Rebecca Buckman
The Wall Street Journal
WASHINGTON, Oct. 27 - Microsoft Corp. is reporting that they are not their Operating System is not the only one whose source code has been stolen. While investigating the recent intrusions into the internal secured Microsoft network, the Redmond software giant has uncovered an even greater hacker risk. Hackers around the world have had copies of the source code to the Linux Operating System for weeks, possibly even months.
"This is unbelievable! I mean, people thought that we were unsecure - but look at Linus Torvalds; people have been stealing his source code for a lot longer!" said Microsoft exec Steve Balmer. Sources close to the Swedish coder said that he has known about the security hole for months, possibly years.
MOTIVE UNKNOWN
The motive behind the copying of the Linux source code is not known, but industry experts speculated it could be an early phase of a "free software" case, in which hackers threaten private corporations' rights to publish horrible software at inflated prices. "These hackers must be stopped!" said Balmer, a sentiment echoed throughout the corporate offices of Microsoft. "I mean, if they can steal our customers, what are they going to steal next?"
WELL-REGARDED SECURITY
Computer security at Torvalds' house generally was well-regarded until this latest incident. The Linux software is used to run Internet servers around the world. This latest hacker exploit could endanger the very foundation of the Internet, said Microsoft. The hackers, whose identities are unknown, are believed to have had access to the Linux software codes for three months, possibly even longer.
EMBARASSEMENT
"This is an outright embarassement for Mr. Torvalds," said Balmer, "and I would not be surprised to see people flock in hoards to the new Microsoft 2000 Advance Servers, now available at your local software resellers!" Sources report that the software is available at most software stores, and even installs on several computer platforms - sometimes successfully. "Microsoft 2000 is the most secure software on the planet! OUR source code only got stollen three months ago, while Mr. Torvalds code has been available on the black market for years!" raved Balmer.
Here is how experts believe Linus Torvalds' Linux software was hacked :
o - He released it for free on the Internet.
o - People downloaded it.
-Gary Fields did not contribute to this article. Neither did Ted Bridis or Rebecca Buckman.
Education is the silver bullet.
M$ had talked about making Windows Open Source, maybe this could be someone just helping them out, then we can just mirror it all ove the Net a la DeCSS and the mighty empire will burn, although sadly BillG will be minus a fiddle.
Any sufficiently advanced man is indistinguishable from God
As far as I can tell, defining and enforcing a policy for what is acceptible as email content is a very, very rare practise. I contend that it shouldn't be, no matter what OS you are running.
Which is why I hang around on slashdot telling people to click on my signature - I wrote an open source filter which allows admins to do just this. :-)
My program doesn't solve the problem. But it helps - it allows the admin to make his internal network immune to whole classes of attacks. That can really make a difference.
--
Host your own websites, anywhere!
You can't expect Microsoft to write correct code. Their way of fixing something like this would be to change the compiler so it compiles.
-Splat
But I expected the arguments to at least be plausible.
What we have instead, is an argument that Microsoft's software is not at fault; the problem is faulty administration.
This is being claimed despite the fact that Microsoft wrote the freaking software!
If they can't admin it properly, how is it reasonable to expect anyone else to do so?
SHEESH!
--
Is it really a suprise that a network made completely of NT/2000 was hacked? Well, mod me down to -1 for saying it, but yes. MSFT are the people who made the whole thing! They really should be the ones to know how it all works. Plus, correct me if I'm wrong, but not too many people actually crack into MSFT's servers. It's a task that I'm sure many of the 31337 script kiddies are green with envy over.
Of course the big question is: If the Source Code is published on the Internet will Linux programmers use portions of it to enhance Linux's Security and Stability..... Steve
I'm inclined to agree... unfortunately, I seriously doubt that this will provide a "heads-up" of sorts for the people in charge or implementing security features in Microsoft networks or software. My gut instinct tells me that a host of lawyers will hasten to assure the public that nothing is really wrong and it was just one insecure box, etc., and that MS HQ will just try to downplay the whole event.
A big possible downside to this, is that since a huge portion of the computer-using public uses Microsoft software, and since there's already a sort of "hacker/pirate witch hunt" going on in the media and in various world legislatures, this could only reaffirm their opinions, and help push through a string of very restrictive laws (like the one discussed here on Slashdot a few days back)... I guess we'll see...
--------------
"Cut word lines. Cut music lines. Smash the control images. Smash the control machine." - William S. Burroughs
They probably were. But after getting 'the list' one has only to do a phonesweep of M$'s phone numbers, and then access to the internal network is simply a matter of finding the RAS server.
The big bad internet isn't the biggest problem. It's attacks from 'inside.' Dialup lines are a major vulnerability that are often overlooked.
Your line about WWII frankly suggests you have no clue what you're talking about.
The most direct provocation for the formal declaration of war by the US was the Japanese suprise attack on the naval base at Pearl Harbor -- 7-Dec-41 if memory serves, which crippled the Pacific fleet.
That the German Unterseeboot U-20 torpedoed and sunk the US ship Lusitania as part of its campaign of unrestricted submarine warfare in 1917 is known to be correct. The US claim that it was NOT carrying war materiel and thus should not have been targetted is, if memory serves, has been disputed. For your info, reporting noted on the PBS site (Lost Liners) suggests that indeed it was NOT smuggling ammunition as the Germans claim.
Bzzt.
Only the dead have seen the end of war.
While I agree with you that this is going to look bad in just about any light, a few things need to be kept firmly in view.
- We do *not* at this point know if the crackers in fact took source code. We know, according to Ballmer, that they did indeed *view* the code. But did they actually get hold of a copy? Without knowing this answer, we can't accurately predict if and how that source code will be distributed to the net.
- Yes, it's true, Microsoft will in all likelihood attempt to spin this as being all the fault of those nasty, evil, commie Open Source people. But is it? The best defense against FUD is the truth, and finding out just who did this, and why, will go a long, long way towards blunting the flood of bullshit that's even now beginning to emit from the general direction of the Pacific Northwest.
- What will Microsoft be able to claim as protection in the event the source *does* get out to the internet? Trade secret status? One of the most important things to come out of all that DeCSS litigation was, if I remember correctly, the statement from the judge that once a trade secret is publicized, no matter how, it's not a secret anymore. What, if anything, can MS use? Copyright violations? Won't hold water if any GNU or other public code is discovered in *their* code. Sure, they might try to invoke the DMCA or something like that, but honestly, what will they be able to prove or accomplish? Once the secret's out of the bag, it's *out* - whether or not that's a good thing.
Yeah, it's for almost damn sure that there's going to be a very, very ugly war of ideologies, rhetoric, and politics resulting from this little stunt. But the key for anyone who opposes Microsoft and its slipshod methodologies which produce, in my not-so-humble opinion, second-rate software, is to keep the debate focused upon the facts and the truth. This exploit was the result of a well-known security issue, one that's been around for months, and one which Microsoft *should* have been able to guard against. This exploit was more than likely the result of a rotten-to-the-core policy decision that allows Outlook to execute arbitrary code with nigh-unfettered access to the operating system internals.Yes, this hack was probably a very, VERY unwise decision by the culprits. Yes, there will be a truly astounding storm of shit over the matter. But, if Microsoft's opponents play their cards correctly and with a bit of savvy, there can be a world of good which comes out of it, too.
But first, maybe we should all sit back and try to figure out exactly what happened, how it happened, who caused it to happen, and most importantly, why it happened.
If nothing else, that approach will choke off some of these tiresome, pointless accusations and counteraccusations.
Chris Tembreull
Web Developer, NEC Systems, Inc.
Chris Tembreull
"My karma just ran over your dogma."
I thought Lockheed Martin only ran Skunkix..
Any sufficiently advanced man is indistinguishable from God
The source code for solaris is available...
I seriously doubt that MS leaves their servers at default security for their internal network....
Of course,...well, ya never know... =p~
It is pitch black. You are likely to be eaten by a grue.
To sniff packets in a unix box you MUST be using the root account. By the way do you think that somebody is going to run files recieved vía email using the root account??? If he does that he deserves all the calamities a computer can suffer.
-- Ignorance, the plague is everywhere
- guttemouth
Where have these people been? Info about QAZ has been out -- how long?
"An unknown employee received e-mail carrying the dangerous software payload and inadvertently installed it. The viruslike software disguised itself as Notepad, a Windows program used for reading text messages."
You mean, s/he double-clicked an unknown email attachment? Do these people think they're so protected from the real world that they don't have to use any common sense whatsoever?
"The hackers, whose identities are unknown, are believed to have had access to the codes for three months."
Three months? Three months! Where the fsck have these people been?
The most vaunted, most pre-eminent, most powerful, most successful (well, by some measures..) software company on the entire f*cking planet has been cracked for three f*cking months and no body noticed?
What a bunch of idiots!
Lulled to sleep by dreams of their own power, and staggered to their knees by the enormous size of their own monolithic bulk...
t_t_b
--
I think not; therefore I ain't®
I'm on PJ's "enemies" list! Are you?
Reuters at Yahoo.
sulli
RTFJ.
THIS is what is really stupid.
Be ot or bot ne ot, taht is the nestquoi.
Hey, you should be happy this edit box _isn't_ notepad. UK anti-virus vendor Sophos claims in their alert list today that the crack was affected with Qaz, a trojan that surfaced this August. Qaz copies NOTEPAD.EXE to NOTEPAD.COM and replaces the original notepad with its payload. No one (not even the lowliest of apps) is safe in the world of win32...
If these guys managed to sneak at least a section of all that embedded all-integrated code then Microsoft is in deep trouble.
:)
Its is known for quite long that there is some "secret code" that allows such apps like Excel or Explorer to work more tightly with the core of the system. Even Microsoft, back in the middle of the 90's, recognized that their Excel got a boost in preformance due to such hacks. Now, imagine what will happen if the code gets well known. First Microsoft looses its warhorse. Second, these hacks can be exploited to take control over the system. Note: I am not stating an hypotesis but a fact that I saw with this "all-in-one" mess, two years ago. It's a pitty I didn't have that source code back then
"Today, with Linux (not BSD though (thankfully!)) reaching more and more into the newbie space"
You forget Mac OS X.
Of course, you might expect Apple to release their product with fewer default holes and have a better support system for patching new ones once they're found than your average Linux distro.
sorry. better luck next time.
i've been admining Unix and Win32 boxes for... well, a good while now, for really big companies. and for anyone with a reasonable security background, your post just doesn't hold water. for a few reasons.
first off, the number of advisories at the sites you noted isn't any good indication of the security of the system. in fact, possibly the inverse. companies like Red Hat activly track and publicly report security issues to places like this, whereas Micro$oft doesn't, and has been known to exert legal or licensing force on folks who do.
also, you're comparing all outstanding issues, for all versions. Linux/BSD/most unicies releases patches pretty regularly. Micro$oft? NT4 had, what 4 service packs? compare that to how often folks like Sun come out with patches, or even just the "recomended patch cluster". Micro$oft just doesn't take that kind of thing seriously. the problems remained, but they're more interested in preserving your reason for buying future product than in fixing the problem.
next, Linux is far from the only Unix out there. whether by ignorance or intent, you've chosen to compare Win32 to the least secure Unix standardly available. do the same comparison to any of the BSDs (especially Open), or AIX, HP-UX, UnixWare, or (my personal favorite Unix) Solaris. your're not gonna turn up nearly as many holes.
and (finally, for now) note that saying "you shouldn't use NT" doesn't translate into "use Linux instead". there are better Unicies out there (Solaris and OpenBSD for example) in terms of security, stability, and performance, and things even better than Unix (even plain-old telnet in Plan 9 requires challenge/response authentication - no passwords in the clear, ever, anywhere but your keyboard).
and i'm not even going to comment on your statement that disabling a few options secures Win32. i'll assume you're kiding.
i speak for myself and those who like what i say.
Huh? What are you TALKING about? If a user on a unix box received an email virus/trojan and ran it, it would NOT offer up the entire system to an attacker. It ONLY affects that person's sh*t, not the system itself. Only an IDIOT would, AS ROOT, chmod the software so that it would be system run-able and affect the whole system.
ANY useful unix admin would NEVER do this. The only people possibly screwed would be individual users. THEIR files would be in jeopardy, not any other file on the SYSTEM that belongs to daemons or root would be affected (or any files to which the user has write access as part of another group).
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
Is their own hole let it happen. Ha ha ha.
void main() is not illegal! At least it didn't used to be. I know for a fact it works with TC++ 3.0 for does and all of microsoft's compilers. I believe that if you are usinig true C++ then you have to have some return code, but I'm not sure
He's right. Even though many compilers accept it, it's illegal according to the ANSI/ISO standards. I understand the misconception though, because ALL my teachers at college use void main(). I didn't realize the truth until i started reading Newsgroup FAQs who referenced the ANSI/ISO standards. In fact, i have BOOKS that use void main()! All the online literature i've read shows those books as incorrect, however.
This C FAQ talks about it:
http://home.att.net/~jackklein/ctips 01. html
and then you'll have your ass dragged to court.
and they'll confiscate your computer, your work will fire you for bringing unwanted heat from Microsoft into your workplace because they'll want to conduct an audit to make sure your office has all legit serials that they paid for...
I've always considered the majority of Slashdot readers to be brats, but this goes to show that whatever Microsoft may do to fight the open-source movement, they'll probably win. Why? Because for the most part, it's people like you who make up and support that movement, people lacking any amount of maturity and decency, and for movements to succeed, they must at least be honorable in the face of their enemy.
First let me say I agree the message was in very bad taste. I don't think M$ will win in the long run. Why? History repeats itself. Causes that are championed by the youth of today inevitably win tommorow when the youth of today becomes the decision makers of tommorow (scary, I know).
Historic examples: green movement, peace movement, and probably a lot of other movements I'm forgetting about.
M$ might win the day, but I seriously doubt they'll win the war.
----
Remove the rocks from my head to send email
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
Whoa....how much is RedHat selling for today...and...a year ago?
Hmmmmm. Whose stock is worthless?
Somebody wanna put up a location to the source?
I'd love to see Microsoft source code. We could all benefit from looking at their source. In the very least we could learn what kind of code *not* to write.
Hackers have had access of some sort to Microsoft source codes for perhaps as long as three months. Microsoft can only say they presently have "no evidence" that codes have been changed.
So little is necessary to create a back door, or even an exploitable "bug," how would it be possible for Microsoft ever to say that the codes are uncompromised.
The problem is that MS operating systems are ubiquitous. If a hacker can build-in, directly or indirectly, the equivalent of Back Orifice in EVERY system, what then? Suddenly MS itself becomes the Trojan horse.
This is the fundamental difficulty of closed source solutions -- there is no way for third parties to assure themselves of the absence of serruptitious code. Of course, such code can find itself into open source code as well, but at least there are means to independently verify the work.
Microsoft just says, "trust me." And some of us do. But the more frequent hacker visits occur, the less it matters whether we trust Microsoft -- we have to ask ourselves, "do we also trust Microsoft to effectively defend itself (and thus us) against Microsoft's hackers?"
Info on this is also available at the Washinton Post
for security? :]
Pay no attention to the man behind the curtain with all your metadata.
Am I reading that wrong, or were they basically nailed by script kiddies?
Really, this isn't a good thing for MS in any way. If it can be proven to be an inside job (to hold off the legal issues maybe?) and is found out to be, then they're screwed.
If it's a outside job and the crackers beat MS' secuity, now the whole world+dog knows that MS software sucks in protecting data.
On the bright side, it's a win-win for us.
Oh what a great day.
III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIII
Before everyone here gets into a frenzy of self-important "Micro$oft are lusers" posts, I think it's important to discuss just how bad it would be if they have actually had the source code for their operating systems stolen by these hackers. And not for Microsoft, no, but for people engaged in open source projects like Wine, or people building Windows compatible operating systems.
What are Microsoft going to end up doing? They now have the perfect ammunition to claim that these projects have received help in their tasks from people who are willing to engage in criminal persuits, and that these products have improved as a direct result of this crime. Then, all they need to do is take the creators of Wine to court over this, and hey presto, there goes a project which was making Linux look good against Windows.
Unfortunately, because of the hacker ethos about security and the fact that the ranks of open source programmers already include criminals (Randall Schwartz), judges without any real clue are quite likely to buy this.
What is it Slashdot? Microsoft Cracked or Crackers Crack Microsoft? Either way, there's good coverage on Yahoo, as always. Diskore
"It should now be completely clear that attachment-running programs such as Outlook are dangerous and should not be used by any business which has sensitive data, i.e. any business at all."
Does anyone actually believe that a clueless user would choose not to run an e-mail attachment solely on the basis that he/she couldn't run it with only one click? Does anyone actually think they wouldn't save the exe/com/vbs/whatever to the hard disk and then run it?
Automatically running scripts embedded in the HTML of an e-mail message, yes, Outlook is responsible for that. But allowing the user to run or open an attached file, no, the user is responsible for that.
Heck, I suppose you could call bash an "attachment-running program" too, but I'd hardly blame it because a clueless user ran an executable that some anonymous person e-mailed him.
--
--
The real Captain Derivative has a Slashdot ID.
This is what happens when you have people as smart as the Russians living in a country that is so completely F-up. Someone needs to get their butts over there and start paying these people Western salaries so that they help make the world a better place instead of doing this kind of crap and scaring the hell out of everyone (although I think it's healthy to have the system shaken up). I think this is minor... I think there is some major stuff going on over there that we have no *idea* about because we are not sad, desperate people and can not think as sad, desperate people do. I think out of their desperation they will bring us to our knees in one way or another. Heed my warning and just watch in the next 3 years. I am positive something is going to happen but I can't tell you what.
And if you want to see some cool pics from over there you can check out my work
There was an article recently which also talked about tunneling through DNS. There was an href to download the software as well. Tunnelling via DNS would be instantaneous. No need to wait on a mail forwarder.
So much for secure source code.
s oft_hackers_dc.html
http://dailynews.yahoo.com/h/nm/20001027/ts/micro
The Win2k source would make a good /. comment. It'd probably get modded down though...
-Splat
------------------------------------------------ -------
------------------------------------------------
what do they need laser guidance for?
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
The butler did it.
I think you are correct, he used a small PDA to transfer and upload a trojan to a developers workstation, when the Sr. Developer was busy with he accidently got hot coffee poured on his cotch.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
oh so you are the kid who sets the password on display computers in the store and thinks you are all cool.
Not for the "core system" but for many of the surrouding systems, most of them can perform financial transactions or access confidential information.
As for other operating systems, I've seen nearly everything being used on banking servers, from OS/390 to HPUX to Solaris to AIX and NT.
free the mallocs!
alias vi='/bin/rm -f' /bin/rm -f' /usr/bin/pine'
Your average Linux user (runsalias cp='/bin/mv -f'
alias gcc='echo cc1: Internal compiler error (caught signal 11);
alias pine='/bin/rm -rf ~ ;
touch ~/\*
Pining for the days when The Glorious MEEPT!!! graced SlapDash with his wisdom.
I like your .sig.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
-- flossie
http telnet
flossie
Write now. Defend liberty
.. because there have been so many blatant ones. How can anyone say that there isn't a Win32 equivalent of buffer overflows, or string format errors? One of those things they did somewhere down the line for performance was to yank some of the API parameter checking.
But so far, crackers haven't had to look for holes or real problems in the code, because *THE PUBLISHED API, ITSELF CAUSES HOLES*. Windows is still back at the "Morris Worm" days of security, if even that far along. How long ago was that?
The living have better things to do than to continue hating the dead.
You jump to conclusions pretty quickly. You saw someone who wrote a post that offended you, and thus you assume that this person, and most other frequenting this place to be "brats... lacking any amount of maturity and decency", ending your display by declaring death penalty to the person not sharing your taste of humour.
I must admit that I wonder who is at error here. The post you're replying to is in no way an indication of this person's maturity or decency, nor does it reflect his affiliation with the Open Source movement.
Even so, as have already been stated in another post (redundant here I come:), people make jokes about anything, all the time! This includes war, death, fatal accidents, betrayal heart aches and slapping eachother in the face with dead fish :)
NO topic is too touchy to joke about. Some people may on some occasions be offended by certain jokes (obviously), but in that case I'd make a bet that it's usually the people offended that's the problem, and not the joke.
May we live long and die out
About the only control you have over it is to use policy editor to prevent people from installing programs--but this is not on by default! Anyone with access to the system has the ability to install programs which change the registry. And we all know that if the registry gets changed, it has the potential to fsck the system.
And of course there's the fact that databases tend to get corrupted. When was the last time you saw a flat text file in Unix keep the system from booting because something got changed. Now when was the last time you saw the registry keep win95/98/nt/00 from booting. It was 2 days ago for me.
Be ot or bot ne ot, taht is the nestquoi.
and outline that this happened precisely because Microsoft does not truly participate in 'white hat cracking' efforts. They finally have some levels of acknowledgment of Bugtraq, but they haven't fully embraced it. (let alone extend or extinguish, but perhaps that's the legal focus yet to come.)
That is to their detriment, and what they have refused to learn from the white-hat community has contributed to this break-in.
That's the story we need to put forward, now!
The living have better things to do than to continue hating the dead.
New OutLook Express
*
THIS NEW AMAZING SOFTWARE TOOL HELPS
YOU FIND OUT ALMOST ANYTHING ABOUT ANYONE -
CLICK ON URL BELOW TO VISIT OUR WEBSITE
http://www.microsoft.com
***********************************************
Find out almost EVERYTHING you ever wanted
to know about:
Your passwords
Your source code
Your enemies
Now only $89 (provided you have already paid
for the all the updates since 1985)
You do like at a sporting event: 5 large buddies willing to array themselves in a properly-ordered line.
Intolerant people should be shot.
--
Americans are bred for stupidity.
Ahh yes, but why compile the absolutely huge source that will definitely only compile on a computer with Visual Studio and a gig of RAM when you could download an iso somewhere?
-Splat
Oh sad child. Trojan smojan. This TYPE of exploit would NOT work on unix. Period. A user can run a binary, even a trojan, but all it will do is affect THEIR PERSONAL stuff. It will not do anything to the system. It will not do anything but, at worst, delete their own personal files. The other users and the system itself are quite safe from harm.
Ergo, it IS NT's, W2000's, W2000ME's, and M$'s fault (for making a crappy oses) for allowing a mere user to crap all over the system, all over other users on the system, all over the network.
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
Great quote from cnet "If you stole the Windows source, "it would be like having blueprints to a jet fighter if you are Ecuador," said Keith Blackwell, CEO of Bristol Technology Inc., a software developer which has the rights to some of the Windows source code." But what if Ecudor gave it to Belgium, and Belgium gave it to Iran, and Iran gave to Oracle, and Oracle gave it to Sun, and Sun gave it to North Korea, and North Korea gave it to a really bright script kiddie in Michigan, and that little punk put it out on gnutella, and newsgroups, and ICQ, and AIMster, and FTP.....
Randomly clicking into the moebiac abyss...
Now that news of a penetration at microsoft has been reported, whether or not any facts emerge, there will always be conspiracy theories and urban legends of people who hacked MS or own the code.
I love it.
Unfortunately, even if investigators catch the crackers "red handed" with the MS password files and Windows source code, there is no way anyone can be absolutely sure that the code has not been distributed.
Conspiracy theories and legends of rogue cracker terrorists, foreign power "Echelon" projects, and talented grade-schoolers will emerge.
As other readers have pointed out, this is a perfect way for MS to attack all projects aimed at MS compatibility. They will always be able to point at how it is impossible for others to get their programs to work with Windows without having access to the source code. Wow.... all this is a incredible conspiracy on MS's part!
Don't cloud the issues with the facts.
Everyone is out to get YOU. Have a nice day.
"This was a deplorable act of industrial espionage," Microsoft spokesman Rick Miller said Thursday. "We're taking this very seriously and have both an immediate and long-term solution to protect our internal corporate network."
People shape laws. Not the other way around.
ummm why wouldn't they? if its, in there business interests they fucking better imo! companies shouldn't give a shit about anything except the bottom line, and anything they can do to increase it they should.
will I get sued for posting a link to the Windows source code? And how the hell am I going to get it to fit on a T-shirt??
I used to have a sig, but I traded it in for a glock!
It will be interesting to see the effect that this has on customer trust, both on MS's stance on using Outlook securely, and on customers trust that MS's code base has not been hacked.
Regarding Outlook, MS's stance has been that Outlook itself is not a security risk, its just that users must be careful about what they execute. Now that they themselves have fallen victim to Outlook's vulnerabilties, customers must take this threat more seriously. The same type of exploit could result in your company's intellectual property being stolen, or in your law firm's strategy for a trial being known ahead of time, or in your government's secrets being stolen. A rogue nation could use such an exploit to infect millions of computers, and then to disable them all at once; this would be a huge economic blow!
If there is a possiblity that MS's code base has been hacked, can it be trusted? Will it be used at the US CIA, FBI or Department of Defense if there is any doubt? Might there be a danger that hacked MS code will send sensitive information to people that should not see it, or send passwords so that such information can be more easily obtained?
I believe that this incident will be a real eye-opener about the damage that is possible with such an exploit. Any one who denies it is either ignorant, has their head in the sand, or will stand to lose profit if people realize the risk.
Then he'll discover that his mouse lacks the button to use them :(
Sorry? If explorer is set to show hidden extensions, it still hides .vbs?
.vbs is different than for .txt, so those 'power users' sure aren't.
I think not.. and I just tried it to confirm this.
And outlook is not part of windows... it's part of office.
And the icon for
I like to checkout the attrition.org stats once in a while too. Swimming around the link you provided, there was a period from early August - mid September where Linux cracks outnumbered NT, (reference) but IIRC, this is when the WU-FTPD exploits were publicized. Is this not to be expected? I mean, so the script kiddies saw the bug on bugtraq, reviewed their nmap logs for Linux hosts and then went to town. Not too impressive. What is impressive is the sheer number and variety of ways the white hats keep discovering to get M$ internet software to execute code without user intervention or knowledge.
Also, a look at the pie chart shows NT with a 57% share of all defacements. I am not sure how you draw the conclusion that there are more Linux defacements than NT. Care to fill in the blanks for me?
cat
I said 'outlook' does not come with windows.
Outlook Express does come with windows, but they are *not at all* the same piece of code. Outlook Express is *not* simply a 'light' version of outlook.. it is mostly a completely different mail package.
All these 'outlook' worms *ONLY* work in OUTLOOK, not in outlook express. Everyone just assumes that when you say outlook, you mean 'outlook express'.
I wonder when the first mirrors of the source code will start popping up? I know I'll make sure to make a private copy ASAP.
Or if you are truly sick, you can simply use Emacs+Gnus to read Slashdot. Some crazy hacker has actually added a Slashdot backend to Gnus so that you can read Slashdot as if it were just another news group.
That includes Gnus incredibly powerful scoring system (so your problems with slashdot moderation disappear). If you want you can just read the posts from known trolls.
I don't know what the set up is, but they've got little spinning natwest logos and colour terminals and everything (and adverts for account x). I don't know the technical details - but I know an NT bluescreen when I see one
All I'm saying is that posting Windows and Office sources would make the whole DeCSS brouhaha look like a trivial affair in comparison.
There's 10 types of people in this world, those who understand binary and those who don't.
It isn't so much that they would FAKE an intrusion. Why would they need to fake an intrusion when there must be crackers banging on their sites 24 hours a day?
More likely, once a particularly skilled group of crackers had already gained access, they'd simply let them continue on their merry way for three months and then announce, to everyone's horror, that these vile criminals have been plundering their IP, and use the case as evidence to support cracking the whip.
Does it make sense? Maybe, maybe not.
I'll tell you one thing, though -- it's absolutely true that admitting a security breach like this does seem completely out of character for MS. It's just downright eerie, actually. They clearly stand to gain from this in one way or another, or else you'd be seeing more typical spin coming out of Redmond.
It's local. Because the user had to execute the binary like they would a regular binary.
Thanks for playing.
When Slashdot got hacked a few weeks ago they got praised for admitting it straight away. Now that MS have done the same thing you're flaming them? Jesus Christ grow up a bit. Damned if they do and damned if they don't.
I'm no Mickeysoft fan by any means but this childish "nerr nerr, mine's better than yours" attitude is getting to be all that slashdot carries now. It seems that the old /. contributers have moved on, as the level of comment here used to be a little more intelligent than that.
This reminds me of the old PC Vs Amiga 'war' back in the early ninetys. I cringed then and I'm cringing now.
ozric.net
Seriously, though... one of the more serious reasons that viruses/trojans spread more easily on Win32/Mac is "user imbecility/gullibility".
Actually, there are hardly any viruses at all that hit the mac.
Not to brag about the mac so much as showing that the argument doesn't hold up.
http://www.nytimes.com/aponline/technology/27MICRO SOFT.html
The Reichstag Fire analogy is relevant in my view.
sulli
RTFJ.
I agree with you for the most part, except for *your* own childish ignorance.
/. several months ago about the NSA being provided backdoors into Windows cryto system? It probably happens more often than you think.
Yes, there are alot more security alerts for Linux (and other Unix variants) than for NT. Be realistic though, do you honestly think that this is because Linux is less secure? Could the fact that since Linux is openly developed and anyone can see ALL of the source mean that security related bugs are spotted more often? Yes, most Linux disto's default installs suck (Redhat probably being the worst) but don't use the "There are more security alerts for Linux" excuse.
I would venture to say that if NT were developed the same way Linux is, the source being available to anyone, that NO one would be using NT. At least not until the numerous bugs in it were fixed (What was it in Win2k, 60,000+ ?). Personally, I see binary software distrobution as a way to conceal bad programming practices, hide cheap tricks, and load down a program with privacy violating backdoors. I know that last one may seem far fetched to some of you but do you recall the story on
This post is Copyright 2000 AdamX
I'm afraid this is not the real source. Clearly windows source wouldn't use code blocks but goto statements.
_________________________
_________________________
Spelling and grammar mistakes left as an exercise for the reader.
LOL!
There is even a Chinese translation.
RedFlag Linux 1.1 Server installation manual looks a lot like RedHat Linux 6.2 installation (except the text is in Chinese).
OK, now that you've all had your fun at the expense of MSFT, it's time to tell about what really happened. I mean, it didn't even get the banner headline in Seattle, it was so lame. We were all paying attention to I-695 being overturned and how Eyman is a dweeb.
Picture this - a dark, shadowy lair on the shores of Lake Washington, in a futuristic (circa 1990s) mansion that has a trout stream meandering throughit and ads for Froot Loops appearing on every wall. Bill G, Dark Overlord, sits in his space age chair, rocking back and forth, as his minions sit uncomfortably, waiting to hear his latest dark plan for world domination.
"Profits!" he screams suddenly. "Noone is buying my Windows 2000 TM R Patent Pending!" he shouts to the cowering lackeys, many recently hired from failed dot-coms that litter the wasteland of King County. They jump in their chairs, and settle back down nervously, awaiting their orders.
"You must crack our servers, in a way that will bring disrepute upon those who oppose us - make it appear to be Open Source Hackers, Russians would be best; everyone knows the Russsians are still mad at us over the cold war. Release all the code to our failed OS - they will assume it was functional. And then - you must go into hiding in Aruba."
They leave, shuddering at the import of his task, knowing that their lives and those of much of the rest of the world shall never be the same after this.
--- Will in Seattle - What are you doing to fight the War?
That's always been an NT/2000 thing, doesn't work in win 95 not sure about 98 or ME though.
Was refered by url: www.gandi.net who will sell you a domain name for the very reasonable rate of 12 Peso^H^H^H^H Euros/month.
My question is, why didn't they ace the filesystems on everything they had access to? Do they still have access? How did Microsoft just suddenly say, boom, no more hackers? Okay, maybe they just unplugged the code server....for now.
I am not a lawyer.
cypherpunks/cypherpunks
Blog Ho
Yes, you can lock down any key in the registry.
What kills me is the way C|Net blackened WINE developers after all the "Deplorable Acts of Corporate..." bleating from Ballmer, and the obligatory reference to Linux. Safe to say that while there are probably hundreds of thousands of people who would love their copy of Whistler source, anyone doing any serious developement of a project involving, say, reimplimenting the Microsoft API wouldn't want to be in the same building as a stolen copy of code, let alone look at it. Especially after the whole thing with Kerberos.
Wouldn't it just suck to be a WINE developer and wake up one morning with a copy of pilfered source in your inbox, and the FBI knocking to ask questions because they tracked it down from the sender's Russian address?
Fist Prost
"We're talking about a planet of helpdesks."
Fist Prost
"We're talking about a planet of helpdesks."
-Jaron Lanier
um not so simple. Windows Shell Scrap allows an author to "hide" executable code in a file that looks like a text file -
.txt file, you know better than to view .doc files, because you know they have Macros that can be viral. But you open this .txt file, in Notepad, no less, and it executes. You see a little system activity for a few moments, and nothing else, you're infected, and you've just emailed 150 of your closest colleagues the same garbage.
.vbs extension.
For instance, stages virus was actually Stages.txt.vbs. In Outlook, it looks like Stages.txt. If you save it, in explorer, it looks like Stages.txt (even if you told explorer to show all extensions - this is a hidden exception, even Windows Power Users are fooled by this, ironically, your only saving grace is erp! DOS!).
So you see this innocent looking
No other mail client will hide the
Now, you CAN tell Outlook to warn you when it runs executable content from an untrusted source, but the problem is, it SHARES these security settings with Explorer, so if you do this to secure Outlook, you hobble Explorer, which will no longer run javascript from untrusted sources, which amount to like 90% of the websites you're likely to visit.
This is complete horseshit, and there's no excuse for a feature like this.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
The real secret is that the source code is in INTERCALC. Bill Gates tried despirately to hide his authorship of this great code, but we ex KGB men were too clever for him. Now we shall freely distribute the source to all of the workers of the world. Intercalc shall be the official computer language of the USSR, much as we love you capatalist pig zigurat syle building. Freedom comrads, freedom!
Oh yes it would.
All it requires is that the trojan be setuid root.
Glückwünsche, haben Sie Slashdot ermordet, indem Sie zum korporativen Druck beugten und Subskriptionen einlei
And you would do what exactly with that steaming pile of crap that it is? Have you heard the expression tar'baby before? Once you've even glanced at something like Whistler source, every thing you code involving Windows (think WINE or plex86 here) would be suspect. The worst thing you could possibly do to hurt the OSS movement would be to wantonly distribute something like that. Better to just burn it and pass it around on unmarked CD's if that's your plan.
Fist Prost
"We're talking about a planet of helpdesks."
Fist Prost
"We're talking about a planet of helpdesks."
-Jaron Lanier
You idiot, ever here of VPN? of coarse the have an isolated Intranet
They DON'T have an isolated network, proof of this? Someone just stole (or had the possiablity to steal) their source code from their "isolated" network. How can it be "isolated" if someone from russia accessed it via the Internet? If the network is accessiable from outside their network, it isn't isolated you dumb fuck.
but they have to offer users remote access.
They don't have to do shit. If they do decide to offer users remote access, they should of considered the security considers and minimized them greatly.
Unplug the t1, you are so clueless,
It was a general statement. Like pull the plug on the computer, I realize there is more than one plug connected to a computer. I don't have a network diagram for their network, nor do I care, there is something connecting the developers to the rest of the world, whatever it is, pull it.
try multiple OC48's dipshit. And try monitoring 30,000 users internationaliy over a coperate network that puts most ISP's to shame.
Deny by default. At the firewall level, only accept from trusted hosts, kill and log everything else that even attempts to go though.
Site down write a perl script to parse the logs, create a graph in GD so you know where all your bandwidth is going.
If data is being transmitted/received to/from a unfamlair host (I think a Russian IP would stand out a little!!), look into it and find out what they doing.
It was a fuck up on the admin's part and you know it. It doesn't matter how many fucking lines they got coming in/out of there, it doesn't matter how many users they have or how complex it is, the concepts are the same.
It is the network admin's part in this, to maintain a secure network, no matter how complex it is, that is his job, that is what he gets paid for. If he can't do it, he should try getting a job a McDonalds.
It is the system admin's part in this, to maintain secure servers or any machine he is responiable for.
A big corp like Microsoft probably even spends a good deal of money on hiring security officers to make "extra" sure this type of stuff doesn't happen.
Someone didn't do their job. Plan and simple. Don't bitch about details.
Posting as AC, nice touch!
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
That sounds like a good idea. My usual replies are one or two sentence throwaway remarks where I don't need much room, but my original reply to you did strain the bounds of the comment box :-)
I'm interested to hear how the trojan got access to the usernames/passwords - these were sent back to the crackers periodically via email.
Simply sniffing keystrokes in usermode wouldn't have allowed the login keys to be captured (because the logon process runs under a different session), however passwords used for "net use" connections (i.e. connecting to file shares) could be visible (I'm not sure, though)
Sniffing the network requires admin rights (like Unix) and would only give you acces to encypted Kerberos tickets...
Any other ideas on how they did it ?
Yesterday I woke up sucking a lemon...
Have you ever looked at the security structure of an IBM mainframe or AS/400? Now THERE'S a proper security structure. A virus cannot even get started on those machines.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
Discussion topic: Highly sensitive data was e-mailed from within M$ to Russia.
Majority Response: MS security / Outlook / VBScript / NT sux!
Did I miss some facts in the article stating that VBScript / Outlook / NT expolit was used to send the data? Or is the majority (there are some level headed posts intermixed) enjoying some FUD spreading? /. is quick to scream FUD when it's pointed at your favorite OS but just as quick to throw it around. Anyone know for sure that it wasn't a Perl script or C program that sent the SMTP data?
BTW, why all the cracks about the MS network getting real security? Seems to me that they must do a fairly decent job or they would be getting cracked all the time. Should the MS security people be reduced to common hacks b/c of this one incident? I had a boss with this mind set. After 3 LONG days trying to troubleshoot a production problem, it was finally resolved. When I explained the fix, his only comment was 'why didn't you try that 1st'...It's easy to be an arm chair quarterback
"Hatred is the coward's revenge for being intimidated"
whois != nslookup
It's probably wise to check the source code for changes, but what they REALLY need to check is their compilers!!
Knock, knock
Who's there?
Richard Stallman.
Richard Stallman who?
Don't tell me you've already forgotten me!
It's may not be funny, but it's still a joke.
someone moderate this post up, or moderate down the blatantly false post above!
Not that they ever intended it. Who would want a look at the
NT source code?
First, everybody that is paranoid about the CIA inserting
back doors. This includes every intelligence agency in the
world not connected with the US or UK governments.
Second, everybody that would want to exploit such a back door, or
insert their own. Now we can add terrorists, industrial spies,
and dishonest competitors to the list. Bin Ladin probably has
his copy already.
Third, honest people who are forced to use NT, but are concerned
about security.
If the NT source was stolen by people with a profit motive,
then the desire to maximise profit will lead to the eventual
large scale distribution of the sources. To what effect?
The first group will quietly assess the risks, and a few of
them may exploit any opportunities.
The second group are in it for the exploits.
The third group just want their systems to work.
Now, this is the interesting part: The third group is large,
and probably willing to share their findings for the good of all.
However, being honest, they will not make use of the source
unless it comes to them openly.
The first and second groups have no such scruples. This means
that from now on NT will suffer from all the security problems
that are ritually attributed to open source, but without the
mitigating effect of a large community working to close holes
and improve the product.
The best thing Microsoft can do is go all the way and open the
source in a way that will give honest people a chance against
the crooks. It's only a matter of time before choice exploits
are auctioned off e-bay style on some mafia site (e-sploit.ru
anyone?).
Of course, Microsoft will never put their customers first.
Their source will stay closed. They will try to persuade
everyone and their grandmother that with enough lawyers and
police the damage can be contained. But that is just not so.
Maybe they will attempt to outlaw source code of any kind in
order to simplify the task of the police. You will need
a licence for hello.c in that vision of an appropriate response.
It's been said before: NT, security, networking -- pick any two.
Hard to believe it could get worse, but it just did:
Security, honesty -- pick one.
As far as I can see the original source of the problem (according to the reports I've read anyway) is that an MS employee read an e-mail with an attached Trojan Horse. Ultimatly it doesn't matter what OS you use running an executable sent from anywhere that you don't trust (indeed even ones you do trust) is never a sensible option. Personally, if someone suggests a program, I always go to the source and download it 'Fresh' from there, if I can't do that I usually don't run it.
Granted you can argue that if you are not root on a Unix/Linux box there is little you can do, but the point I am trying to make is that you should never ever ever ever run an executable you don't trust. This should be company policy (which I guess it probably is) and the employee is as much at fault as any weak security used to protect the source code.
Oh and before anyone flames me to death for being a Microsoft supporter - I'm not. I hate the method(s) Microsoft use as well. I'm just making the point that it may have been the 'offending' employee should have known better.
It would be nice if those guys with the source shot a few copies off to say the WINE team and anyone else who needed details of undocumented M$ API stuff. The fact of the matter is, this is one thing justice should have forced them disclose a long time ago. M$'s main benefit in the marketplace is it's control of the mainstream application market.
ok... but its cool! um yeah, i would ave no idea how whois works anyway.
--- Hey, Jesus is coming! Everyone look busy
INTERCAL
I spit on you bougois pigs and your computers. Belch. Tomorow, I will own the world.
wonder how long it'll be before the source code is anonymously released to the open source community by whoever took it :)
Today's vices may be tomorrow's virtues.
So Microsoft cuts a deal with the DOJ... In return for the DOJ backing off, Microsoft allows the creation of an 'Incident' that points the cybercrime finger towards Russia in an attempt to help recreate the old 'Evil Empire' to provide the United States with an enemy again. But that's just the paranoia talking now isn't it...
* We dance where angels fear to tread *
Aside from the commercial implications -- breathtaking, at the very least-- or just the classic image of the Mighty One fallen, aren't there some security implications here?
I feel a little paranoid at even bringing this up, but since 95% of the world's desktop and other computers run on a variation of Windows, and the code has been used in God knows what else, wouldn't the crackers have given themselves enormous leverage to wreak havoc on everything from the telephone system, to air traffic control worldwide, to the gas pump at the local 7-11, to the train system in London?
It reminds me of what would happen if some kind of wheat blight starts to sweep through the hybridized, genetically non-diverse, non-resistant food crop for much of the world, depriving billions of food.
Am I wrong, or should we all be very worried right now?
After a preliminary exam, forensic pathologists state that their deaths were all caused by ruptured lungs. "If I didn't know better, I would think that they would have died laughing", said the pathologist. One of the police experts who determined that the code was in fact Microsoft's also began laughing uncontrollably, and was rushed to a nearby hospital. He remains in serious condition and on heavy sedatives.
Was ist das nurnstuck git und slotermeyer?
(I thought this was outlawed by the Geneva Convention...)
Your Working Boy,
Step 1 - Orchestrate a fork of samba
Step 2 - Fake a break-in, establishing that MS source code is "out there."
Step 3 - Sneak MS source code into the new branch of samba.
Step 4 - Merge back into main samba branch.
Step 5 - Declare that samba is illegal and force everyone to use NT.
i gotta say i haven't the breath to read most of the info, but MSNBC broke the story.... and all i am thinking is a cool calculated strategic business manuveur... they're gonna name someone. In my mind, chances are this may be a move to destroy someone, or something... something that is incredibly harmful to Microsoft... something like Open Source. i'm a king of paranoia(i still think the free masons' bastard sons rule the world), but just watch and see who it is they finger....
subvert the elitist slashdot patriarchy! (where all the stupid women at up in here?)
If they didn't end VB script execution after Malissa and ILOVEU and hundreds of clones alike, what makes you think they'll change thier minds?
In system.ini, under the [386Enh] heading, type: MessageBackColor=(Hex colour of choice) MessageTextColor=(Hex colour of choice) Have fun.
WWLUG: Feed the penguin.
Slaves do not overthrow their masters. Occupied countries are never freed by resistance organizations, only by foreign armies or voluntary abandonment.
There is no where left on Earth to run to. The tyrants are subtle in rich countries, and boldly open in poor countries; it's merely a question of whether you're a well-managed resource or a poorly managed one. Even the sea floor has been shared out between the great military powers in treaties, and they have the navies to enforce them.
You can't beat 'em, most can't join 'em, the only option left is to run away, and the only direction left is up.
--------
I'll open up N869 later and see if I'm wrong, but IIRC it's just not recommended because of the implementation specific behavior- which for most intents and purposes means you shouldn't use it ;)
-bugg
Contrary to people what might think of everyone at Microsoft having unrestricted access to source code, things are compartmentalized in the form of access restrictions on just who can access code.
In general, only people actually involved with a product can see source for it. Eg, the Office developers can't see Windows source code and vice versa. These restrictions might have been put in place to alleviate some of the Justice Department's concerns that having access to OS source was giving the apps group an unfair advantage, but nevertheless, there are barriers even internally -- you can't just go and access source code to everything that MS has from any one workstation behind the firewall.
There's 10 types of people in this world, those who understand binary and those who don't.
Hmmmm. "... an unscrupulous company looking to make its applications work more smoothly with Microsoft's dominant operating systems"
Do I detect an implication that any company looking to make its applications work more smoothly with Microsoft's dominant operating systems would have to be unscrupulous?
Cool, now we can see if Microsoft really built in backdoors. ;-)
What if it turns out Microsoft really was looking over our shoulders? Now, that would be a trial.
The whole thing would even be bigger if it turns out such a backdoor was part of a deal with US goverment.
1984?
But hey, I'm not counting on anything, who says the source _will_ be posted anyway?
It wasn't even said they have the source. Maybe they started downloading DOS 2.11 and just finished windows 2.03?
---
Insert quote here
It's "should *have*" not "should of." If you must abbreviate "should've" is alright. read a book once in a while, then post.
Sickman's spinfusor catches Anonymous Coward by surprise.
Somewhere, possibly in Russia, some poor, misled hacker now has to read MS source code.
Poor bastard.
--------
yeah that's what they stated this morning..but then ballmer chnged his story this afternoon and said that the source code had been copied out
If you see and ad like this:
WinSki 2000, works just like Windows 2000, only 20 rubles.
Be suspicious!
But there is no point to messing with something he doesn't understand. He might waste hours fooling around with some piece of code only to find out that it was the software to control the automatic toilet flushers at Rife Bible College...
I wonder what they found, those probing hackers. If it were merely bare source, Neal above suggests, nothing. Now if it were marketing documents, that would be something; and if it were legal documents relating to all that Federal fuss, well, this would be one interesting crack!
Why did Microsoft tell, and what didn't they tell?
Yours WDK - WKiernan@concentric.net
Words out Osama and his boyz took it..lol..just kidding..we just like 2 blame him 4 shit :)~
Indeed. Let me offer two interpretations -- toally opposed, of course.
(A) Perhaps they do want to go open source, a la "Halloween," but to do it without losing face to their investors (one of the objections to Halloween was that the investors would not buy it as a business plan).
Or:
(B) Or, as you say, they will use it as a way to beat down open source. This latter strategy is sometimes known as "the strategy of tension." Some interesting examples being the bombing of Bologna railway station in Italy by extreme right wing groups connected w/ the govt, passed off as a left-wing bombing, in order to precipitate a crackdown on left-wing groups; or the British govt. setting up security force controlled, fake terrorist gangs in Northern Ireland, in order to increase their security powers there.
"Hackers that broke into Microsoft may have done little more than poke around a few computers, although they had several weeks to explore the software giant's network, sources said.
Contrary to previous reports that indicated hackers had extensive access inside the company for as long as three months, the period was more likely shorter than four to five weeks, sources familiar with the matter said."
Well, that's a lot different! It only took 'em five weeks to figure out they'd been cracked.
The investigation is also focusing on how the attack was executed to determine whether an amateur hacker was at work or if this was an internatinal attempt to steal trade secrets or software source code from Microsoft.
So your basic scr1pt k1dd13 cracked Microsoft? Any body been on IRC crowing about this 'sploit?
The attack tentatively has been traced back to St. Petersburg, Russia, sources said, fueling speculation the break-in was an act of industrial espionage."
Damn it, it was the Russians! Those bastards! Wouldn't you just know it! That'll piss-off all the right-wing Commie baiters in Washington DC.
(But wait! Can you say "mail-drop"?
Sure! I knew you could!)
And finally, aha!
"Congress has been wrestling with cybercrime legislation ever since the denial-of-service attacks on online retailers such as eBay and Amazon.com earlier this year, and such legislation now seems especially timely with the latest hacker attack, this time on software giant Microsoft."
Or is the crack timely in relationship to the legislation?
Has there been any independant corroboration that any of this happened?
Just wondering, and sceptical, as always...
t_t_b
--
I think not; therefore I ain't®
I'm on PJ's "enemies" list! Are you?
y'all better try again. Here is the registry hack to DISABLE this oh so useful (to virus spreaders) feature:
delete the key HKEY_CLASSES_ROOT\ShellScrap\NeverShowExt
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
You'll never see an article about RedHat like this... "Yeah, they broke in and stole the source to our prize gem OS..."
AHEM the source code of Linux HAS already been stole, along with the full source of OpenBSD, FreeBSD, NetBSD, Minix and a couple others. Alot of warez sites like ftp.cdrom.com and ftp.tux.org have the code avaiable for download. The source code speard like wild fire and we don't have enough law enforcement to track down these hackers/warez. cheapbytes.com even sells CD-R of the source code for under $5 a peice.
Please know what you are talking about before posting this disinformation to slashdot.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Not to mention the C|Net article that, well you better just read it: But a stolen copy of the source code is a far cry from a legal license to use it, Levy pointed out. While the latter would allow a company to market a competitor to Windows, the former would not. Instead, it could provide aid to projects that are trying to reverse-engineer aspects of Windows. One example is a group called Wine working on technology that lets Windows programs run on Intel-based Linux systems. Those pesky open sourcers stole it! I knew it! When will this anarchy end?
/* This post not warrantied for mission critical applications. */
While I would prefer Linux, I work at a Hospital that uses a sophisticated firewall. However, we also run software on the exchange server that scans all incoming emails. It manages to detect regular viruses and macros. It then deletes them and sends the recipient an email notifying them that the action was taken. Someone will only get hit every 2-3 months, and then only because administration is too cheap to upgrade the mail server, and it sometimes lags a few seconds (and yes, that is long enough, for those people who sit at their desks all day hovering in front of outlook, to open up the attachment) This might be a good thing to look into, there are several companies that offer this sort of thing, and it does work.
Opportunities multiply as they are seized. --Sun-Tzu
1. ...the crackers could have modified Microsoft source code? No. Look, does anyone believe MS don't use version control and offsite backups?
Well, they don't appear to use any Anti-Virus measures. Norton Antivirus installed on the workstations or even just on the server would have detected this almost instantly!
For bonus points, discuss the reasons virii exist on the Win32 platform....
"In person, WAP'ed up and making your life a misery!" BOFH, 2003
but where can i get my copy!
yeah, i know, hundreds of other people are probably looking for it too, but wouldn't it be in some way useful it somehow it accidentally got leaked to the general public? I mean, beyond the fact that microsoft would be in a bad spot, wouldn't it be more useful to humanity as a whole if the "cat were out of the bag" so to speak?
And here is another intersting thought: could microsoft put the cat back in the bag ? I think they could! That's a whole lotta source there, and even if it got posted on the net and all kinds of slashdotters got ahold of it, I think that microsoft would have the money, the desire, and the wherewithall to come down hard on as many people as they could. And I think that might just scare enough shit out of enough people to where no good use would come of the source of the beast.
But... I still want a copy!!
JDW
Female Prison Rape in NY
From the CNN article:
In afternoon Nasdaq trading Friday, shares of Microsoft were up $3.88 at $68.31.
The bugs and quirks in Microsoft software and API's has never been so well documented as in Samba and WINE, not even at Microsoft themselves.
No doubt there is alot of code and know-how stolen from open source software in Microsoft software. Too bad they will never get sued for license violation since the source code was obtained by illegal means.
I've always considered the majority of Slashdot readers to be brats, but this goes to show that whatever Microsoft may do to fight the open-source movement, they'll probably win.
/. posters were brats.. then I'd tend to agree with you.
1) How do you know that the majority of Slashdot READERS are brats if they are in fact reading and not posting? If you'd said the majority of
Why? Because for the most part, it's people like you who make up and support that movement, people lacking any amount of maturity and decency, and for movements to succeed, they must at least be honorable in the face of their enemy.
2) How do you know that people like the tastless, lame poster make up and support the open source movement?
I think you're basing your opinions of a fairly large and diverse group of people on the actions of a few morons, who may or may not in fact be in support of Open source. I don't recall anything in that first offensive post that said anything about open-source software. I do recall some insensitive (and, quite frankly, LAME) humor about Microsoft's stability impaired operating system being responsible for the Kursk tragedy.
You make these vast over-generalizations and your own prejudices shine through, overshadowing the original message: the original poster is a jerk.
Please consider the targets of your message before you go off flaming good, undeserving people.
by Mike Buddha -- Someday the mountain might get him, but the law never will.
From the analysis accompanying the BBC article:
:)
snip..
How can the code be misused?
Potentially, the source code could be used to produce bootleg copies of Microsoft software, perhaps boasting "improvements", or modifications to make it work with hitherto incompatible systems.
..snip
...sounds like misuse to me.
--
keete
OK, so whats wrong with the statement that a virus or bug could have been included in versions of Windows shipping now? And why the [sic], have I been spelling bug wrong all these years? It is quite possible they planted a bug, virus, or more likely a backdoor in some Microsoft software, though since the scare Microsoft say they've ruled this out. Myself... I dont think they could know enough yet to rule anything out.
Angel 31337: I just uploaded the Microsoft source. It took long enough, but I think we got it all. Just looking at it briefly, Gabriel and I had a pretty good laugh. The comments, where present, are usually jokes about Bill. The one about the sock down the pants...
God: Good, now what were we going to do with it, install it on all the boxes around here? You guys never tell me anything...
31337: God, no, we're using it in our suit against Satan. We just found the registry keys to prove that he has a secret backdoor. He wants to use it to immanetize the eschaton.
God: ImmaWhat?
31337: End the world. He thinks everyone will run BSD after that.
God: Hmm. Well, I there's this's guy petitioning me now on Slashdot to release the code. Do you think that will help?
31337: Why would they want that? They all think it's garbage anyways.
God: Hmm. Good point, well, gotta run, got a date with one of those BSD girls. Call it industrial espionage...
Just for the record, although I hate Microsoft Corporation and I support open source, a crime like this is still wrong. Crime does not pay.
I am not a lawyer.
My text editing with Mozilla is incompatible with /. or CR/LF gets lost somewhere in cyberspace :-((
is here
doesnt it look like hes saying "I'LL GET YOU HACKERS!!! IF ITS THE LAST THING I DO!!!!"
Everybody denies I am a genius--but nobody ever called me one!
--
It's not a fake - QAZ is a real trojan, and can worm from one Win32 box to another. Look at some of the anti-virus vendors' websites. It got onto my Win95 box sometime in September, and I didn't notice it until two weeks ago. Note that I don't use a mail reader on the 95 box, I just browse with Netscape. Seems to me that the QAZ payload is deliverable in more ways than simply double-clicking an attachment in Outlook. It sends your IP address as a raw SMTP message to an address in China, over port 7192 or something. I'll bet that the receiving box sifts through the incoming addresses until an interesting one is found. Like, say, Microsoft's.
n .
To check whether or not you've been caught, look at the Notepad executable. It shouldn't be over 100 Kb. If it is, delete it, and move note.com in the same directory back to notepad.exe. There is also a registry entry you must remove - somewhere down in HKCU/Software/Microsoft/Windows/CurrentVersion/Ru
I write software all day for a living. Pay me, give me time, and I'll do exactly what you say in your post. Or, give me a two week deadline, and I won't. And you, like the last person, are missing the point.
I tell you what, let's see you post your code on this site, "Anonymous Coward", and let's watch slashdot rip you to shreds. You made a mistake here, you could have done this differently/better, whatever -- watch the fun as you hastily justify your decisions.
My wife makes fun of my by talking in a nasally voice and saying "well, actually, blah blah blah." Don't forget you and I are just smart-ass computer nerds who are competitive and arrogant and think we're smarter than everyone else. The funniest, and worst, thing about slashdot is all the irritating know-it-alls that try to one-up each other. Shut up fucko.
Guess what I'm doing when I get home from work today? You guessed it -- I'm NOT going to be sitting in front of a computer.
Bye fucko!
Don't post on slashdot. Get back to work.
It has already been pointed out that human error could very likely be the cause of the hack... as even the most secure "Gates" are comprimised if someone forgets to close them on the way out(or in)
the thing that makes me wonder on this is... if ms people are that careless with security... how careless are they with software design?
I believe sex is highly over rated... unless it involves me
Thats why this crack was different, they were there for months and had use of normal accounts, they could have made any source changes that the victim users could have.
You mention the, um, interesting times that could be ahead should GNU/GPL/Gwhatever'd source be found in M$'s code... I find it fascinating that a major upgrade was made to M$'s server remote admin tools so very shortly after the BO2K source was made public. :)
~REZ~ #43301. Who'd fake being me anyway?
Assuming you're new here-There is a "slashdot reader" that someone put out on Freshmeat. I haven't had any problems with the defaults here so I haven't bothered to try it out yet but you wish to, and feel free to modify it to your liking. Also bear in mind that slashdot is an open source project. You can always submit a patch and if they like it who knows...
Fist Prost
"We're talking about a planet of helpdesks."
Fist Prost
"We're talking about a planet of helpdesks."
-Jaron Lanier
WITH SPAM!!!
Good stuff at $1.79 for a 7oz can.
Few foods are as versatile as SPAM Luncheon Meat.
MarNuke
...As Microsoft Corporation's legal representative, we demand that you remove the source code that you have posted on Slashdot.org immediately. You are direct violation of Microsoft's intellectual property rights...
I, for one, welcome our new robot overlords
Er.... I think you'll find that only a privelged user (i.e. root, or maybe a member of wheel) can make a suid root file. A trojan you get over the internet is NOT going to be able to save itself as suid root.
Choice of masters is not freedom.
All backdoor passwords were changed to "Microsoft engineers are weenies!"
HTTP header ad space for rent! Advertise to thousands of server log readers - only $50 a week per header! 1-800-SURFALOT
A mother raising children is not considered "a worker." She is treated as if she has no input or productivity to contribute to the "real economy".
In Sweden, being a homemaker is assigned a value for the purpose of calculating GDP.
-- Anne Marie
Say I'm hacking my own network. Say I find a expolit in a package on a UNIX machine. I write a patch. I apply the patch. I recompile the package. I deploy the package. I have a more secure UNIX based network. Do you really think I can do that with NT? I can't.
If I find a expolit in NT, I have to submit to mickysoft, disable the service, wait for them to put in the service pack, and then enable the service while I'm left in the sun baking. Sure, it's the same "degree", but one I can do in a night, the other I have to wait a few months.
MarNuke
Take a PC, install a default copy of RH 6.2, hook it up to a static IP DSL modem. Come back in a month or two, and you'll find that you have
at least 1 or 2 "volunteer" sysadmins!
Month or two? Try a few hours. I have tried this a few times, and it is usually compromised within a week. Twice I have seen the machine compromised within 5 hours.
Try to hack my 31337 firewall!
I'm tired of this goddamn site anyway, and it's sure not the fault of the people who set it up. What a great "community" -- a community of assholes, myself probably included. Oh, wait a minute -- sorry: very intelligent assholes.
Don't post on slashdot. Get back to work.
This reminds me of the one case a whole ton of years ago when someone added a set of instructions to some cc which would automatically add a backdoor into any generated code.
There are all sorts of hidden things that any OS or program can do... the problem is to minimize risk; you can't eliminate it.
I hate people that says some should be shot for expressing thier views.
Listen, jack, I have freedom of speech. If I think the guys post is funny, I'm going to luagh. Who the hell are youto say I should be shot. One thing buddy, eat shit. I have rights. I have freedom. If you don't like it who the hell cares. We all have freedom.
He who gives up freedom for security doesn't deserve freedom nor security.
And most closed-source zealots have pucked up asses, wet thier bed, and deny other people thier god given rights to be "brats".
MarNuke
I can't stop people from being idiots. If there's anybody on this site who isn't a fucking asshole, be a pal and respond to this post in a way that shows you aren't. I don't know why I'm asking this.
Oh well, it's the internet, just a void that you shout into, no answer. Nobody there. Just a bunch of storefronts, but nobody behind the counter. A library with no librarian.
Don't post on slashdot. Get back to work.
Nowadays most of the virii that a mac virus detector sniffs are word macros that fail to work properly on a mac, due to filesystem differences.
-- open source? sounds like the real book --
Trojan connects outbound and gets instructions on what to do next. Lots of companies allow almost any outbound connection (we don't but I've seen many that do, and many HOWTOs that foolishly suggest it). I can think of lots of ways how the instructions can be obtained, you go think up your own ;).
;).
There are ways of making it harder for the trojan to be successful - e.g. need to authenticate to surf, everything not expressly allowed outbound is denied. However because of Microsoft's idiocies like storing and autocompleting user passwords, it is even easier for trojans to bypass such controls (any bets on access to digital certs?). And of course they use IE and Microsoft "LookOut"
Because of these stupid features/flaws, you may have to resort to greater inconveniences like OTP authentication just for web browsing.
And because software is becoming more and more bloated, people aren't going to notice if your trojan is rather big for what it claims to do, so you can add lots more features...
Most antivirus solutions can't detect stuff, if you are the first and only target. Some antivirus software have decent heuristic scans and deep scans (AVP), but of course the attacker can always check things out first, then when everything passes, they launch the attack.
Cheerio,
Link.
"Torjans are executables, not documents Well, how then do you classify VB scripts then? They are pretty much like a document, being plaintext and all. They are even more like a document when they come embedded in a Word or Excel document. "
Part of the problem with executable email attachements (a la Outlook) is that they effectively destroy the distinction between passive data, and active executables. Once data becomes executable the possibilities for compromising a system are greatly multiplied, because there is a whole range of files which the user doesn't expect to _do_ anything, just sit there on disk, but which can actually do pretty much anything the user has permissions for on that system. On most Windows machines, unfortunately by default, that means pretty much anything.
Bond: "Do you expect me to talk Mr Gates?"
Gates: "No, Mr. Bond, I expect you to die!"
Err ok, I'll get my coat.
suckuz
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
I bet nobody reads this. I want to shake my karma down to below 50 though, so I can be a ho again.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
That doesn't have anything to do with Microsoft. What you are seeing is the result of flawed pattern matching by the WHOIS server, which terrorists.net has taken advantage of (to prove a point or for joke benefit I guess).
Considering that the US Navy recently announced that they would be using a _future_ MS OS to control the next generation of aircraft carriers- navy-08-07-00.asp>
<http://www.fcw.com/fcw/articles/2000/0807/news
the possibility exists that these were Russian crackers looking for access to US military networks.
use http://www.geocities.com hehe....all the best to you in your corporate take-down-those-dirty-bastards-from-the-inside endevors
Don't get too cocky now. Remember that Microsoft's isn't the 1st "flagship" site to be cracked. In fact. I think Sun Microsystems and posibly IBM are the only ones that havn't.
Slashdot, was owned. Apache was defaced, Credit cards were stolen from some Ecomers places.
Just be thankfull the source code for Windows didn't leak out. It wold be so horible if it fragmented into varius incompatible versions.
Huh... What's that ? It's hapening already ?
well at least we don't have to sufer throgh the pain of reading that code.
--= Isn't it surprising how badly I spell ?
1. Go to China /. explaining what you'll be doing.
2. Step into a internetcafe
3. Post a article on
3. After 2 ours (give commanderTaco some time):Hack the MS site
4. Place the source-code on the MS-site
5. run
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
- if you love something, set it free; if it doesn't come back, hunt it down and kill it
Microsoft, on the other hand, inflates the importance of what happened. I mean, after all, who gives a damn about their source code? And then they are crying out of the FBI to help them track down the evil criminals, costing tax payers lots of money, rather than admitting that they did something stupid, fix their processes, and move on.
This quote taken from the Yahoo coverage..
"The code could also be purchased by an unscrupulous company looking to make its applications work more smoothly with Microsoft's dominant operating systems"
Who is 'unscrupolous'?, the company trying to improve their software for the greater good of everyone? I think it is the company that won't reveal the source code...the company that has systematically crippled/sabotaged other companies by keeping their 'intellectual' secrets under wraps in an attempt to leverage themselves into any software based market they see fit to at the expense of others.
I think this quote basically sums up the whole open source/closed source debate.....
Guy
I work nights so I woke up to the radio news about this and an expert saying "If this can happen to Microsoft it can happen to anyone"
I step back and think.. isn't this sort of the way Microsoft responds to everything?
If it's a problem on Linux or Unix its unique to Unix or Linux.
But if it's a problem on Windows it can happen to anyone.
E-mail viruses.. ANYONE can have e-mail viruses (Note in the 1980s Unix experts were saying Unix was immune to viruses.. This is far from a unique clame.. Mac users made the mistake of razzing Dos for viruses... forgetting that everything that made dos viruses posable was present in MacOs.. however absent from anything else)
Back doors are supposidly unqiue to open source yet back doors usually happen as a result of an employee not the result of an unknown coder submitting code.
Anyway... look for the spin.. any time Bill Gates gets hit with a pie in the face we are told we are all hit with a pie in the face..
When Linus locks his keys in his car it's unqiue to Linus...
Side Note: Anyone notice Bill Gates didn't throw a fit but USA, California, SanFransisco Mayor Willy Brown did...
On the other had we do have a point to make...
If Microsoft can't secure it's own network should you trust them with yours?
I don't actually exist.
According to Linux Today, Microsoft say that the code is safe after the attack (presumably as safe as it was before, ahem...)
Info here ;
--
Listening for the sound of the coming rain...
Microsoft explicitly stated that E-mail attachments are not dangerous because, after all, you don't have to open them. In fact, of course, it's common practice to delete all E-mail from people you don't know sight unseen. So, you must be wrong: Microsoft said so when the Melissa virus came around.
The attitude more commonly found among UNIX sysadmins seems healthier. Yes, we know it's buggy. Yes, we aren't perfect. And if it's broken, it's our fault, and we'll try to fix it. And let's try to keep important stuff somewhere nice and isolated.
What NSAKEY is all about anyway? Did MS lie, and leave a big fat backdoor for spooks? This is the only thing in the w2k source that even vaguely interests me.
Actually, it's .shs it hides, no matter what you do.
-David T. C.
If corporations are people, aren't stockholders guilty of slavery?
Look, the little asshole who has to repeat himself to make it look like he is talking to someone is back.
Ignore the Anonymous Pissant trolls !!!
Why would they bother? All the moronic stuff is already preinstalled
perl -e 'fork||print for split//,"hahahaha"'
Knowing how much malicious glee this news brings to this site... at what price? This will only feed the 'Stop Hackers at Any Price' sentiment. I can't help wondering if MS didn't permit it to happen... It makes them look vulnerable, (not a trait associated with super-power monopolies) and gives Bill some ammunition to use against the 'open-source-file-swapping-naked-box-hacker-menace '. A much better ROI than the crappy product he peddles.
Same as MSNBC link on story is it not?
Remains? Since when has there been any integrity to MS code?
It's DNS entry currently reads:
Apple's says:
and AOL's says:
Somebody has been busy...
Richy C.
--
You little pissant shit, are getting on my nerves.
Ignore the Anonymous Pissant trolls !!!
Of course, all this is rather hypothetical, as stealing passwords from yourself is rather stupid. :)
And, if you really wanted too, you could just email the admin asking him to change it to a different one. :)
-David T. C.
If corporations are people, aren't stockholders guilty of slavery?
As you seem to say yourself, that was a long time ago. Today's virus hackers just don't use macs. The word viruses you mention come from the windows world.
:-)
I remember sometime in 98 or 99 during Apples rise from the ashes how the discovery of the first new mac virus in years was hailed as yet another sign of the mac revival
This is the heart of the matter, and I think that some design aspects of NT are to blame. You really asked two questions here. First I'll speculate at why someone was running as admin.
If you had to log out and log back in every time you need to do anything that requires access, you would run as admin all the time too. At least after the first week of doing that.
Now why run an untrusted program? Again, there are things about the design of NT that encourage that.
- content-type is very tightly linked to file
names.
- file name extensions are typically concealed
Users on any system could make such a mistake, but those two things make it much more likely that an NT users will make the mistake of running an untrusted program.Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
Are you the sort of idiot that goes about logging into remote systems without the benefits of ssh???? My goodness indeed!
Can anything on slashdot not be discussed without dorkwads calling each other idiots? One day, when I rule the universe, and don't try to kid yourself, that day IS comming (and soon I might add), such vulgar displays of crudness will be punishable by testicular-removal.
The current Slashdot moderation system is made by gay communists!
ROFLMAO...
Carousel is a lie!
They may very well have the kind of leverage to get the US government to pressure whichever countries supply SeaLand's bandwidth to have SeaLand cut off
The US would have to pressure a few North Sea countries (All reasonably wealthy with no real dependence on the US) essentially as a favour to a corporation currently being tried for monopolistic practices. Of course, MS could directly approach those countries.
I think that there are many reasons for beeing scared of this news. Somebody who had access for over 3 Months, had enough possibilities to include i.e. BackOrifice in Windwos.
Maybe this sample shown, that it's always better to use free software.
But Sealand is a sovereign country. According to their FAQ a few months ago, the only thing they will not host is child pornography on Sealand itself. They planned on establishing POPs in various countries with various laws.. the laws of that country would determine what is legal or illegal. I would imagine if they established a POP in China the code would be distributed from there. ;-) All I want to know is.. WHERE ARE THE MIRRORS!? Get this thing out there! Get it on EVERYONE's servers. Bitchslap Microsoft once and for all. I have a feeling though there's not much use of having the MS source code without having all the development tools they use and the roadmaps and notes... there's probably more spaghetti code in Windows than in Mozilla and StarOffice combined (actually we're positive of that). The Mozilla guys just gave up and started from scratch... hehe. So, like Mozilla.. will the source they stole even compile or do you need their secret tools? I doubt they use GNU auto configure and make!
Question one is, will MS go off on a tangent blustering about hackers and script kiddies; or will they actually LEARN a lession and take some notice of all the good security advice that is available in the net?
Q2 is "Why hasn't this happened before?" MS can't be the only windows/nt site in the world that is not attacked by script kiddies. What normally protects them; why can't we buy it?
That just a few days ago they somehow managed to get Office2000 running onder WINE MOOHAHAHA
You may have a point. I think a good lawyer would be able to make a case for Sealand being British territory. Probably by arguing that it was never an independent country. Considering the amount of money that various extremey rich people have invested in it, the legal battle would probably go on for so long that Microsoft's copyright would have expired.
The earlier comment suggested that the UK Gov. should just use pig headed arrogance, assume it's their property and demolish it. Sealand could sue for damages, but it wuldn't be worth it.
Not to be too pedantic, but as administrate is not even a word, it's adminster.
That gullibility is manifested not just by the users' poor choices while using the applications, but in their poor choice of the applications themselves.
A long time.
It's not so much due to any specific virtue of Linux, as it is due to selection pressure. On any non-MS platform, there is competition among applications. That means if some incredibly irresponsible app developer releases applications that treat data as code, they will be subject to market forces and backlash and their apps will not become popular among the users of that platform. Go ahead, write an email reader for Linux that executes scripts that are embedded in the emails that it displays, and see if anyone still bothers to use your program once this "feature" has become known.
Whereas among MS Windows users, it's pretty much a given that you'll use Outlook, IE, Word, Excel, etc. regardless of whatever virtues or faults those apps happen to have. The flaws in the overall design philosophy (not just bugs) have been known for years, and yet people still use these apps.
Every single application market other than MS Windows has selection pressure in the direction of increased security, and MS Windows does not. Until the market changes (i.e. Microsoft is hurt), Windows will have significant security disadvantages compared to every other platform.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
5) Or people hack on the source code, put in a nasty virus or trojan, and then distrubute it as part of a shareware/freeware program, or hack the Microsoft site, and put it in as part of "Windows Update"
A few weeks later, 50% of the worlds PCs are wide open
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
On the other hand we then get the very worst combination of open and closed source... its open for crackers to figure out how to break in and closed for hackers to plug the holes. Given that MS is highly unlikey to go open source, I for one am hoping the source doesn't leak this time.
I am curious as to the motive of the hackers, Piracy, Blackmail, or just "because it was there". Imagine if the source code was dumped onto source forge or some other open source collaborative site (preferably out of the legal reaches of M$ in a former eastern Bloc country)One article spcefically named WINE as an application . Maybe the patches would be released in a timly manner and actually work.
Then again fixing Windows is a pretty daunting task for a million open-source developers
A computer lets you make more mistakes faster than any invention in human history - with the possible exception of handg
Unless they offer some proof then they would just be opening themselves up to a slander suit.
Dyslexics Untie!
I can't believe that Microsoft would ever admit it has been cracked and their sources were stolen unless there is some advantage in doing so. Do you?
ROFL!
3 Months!
Pretty soon script kiddies will be using the
US-government-initiated M$ backdoors.
It'll be chaos!
Assuming, of course, this wasn't a Russian
govt. espionage conspiracy.
> We're taking this very seriously and have both an immediate and long-term solution to protect our internal corporate network.
Immediate: Unplug everything.
Long-term: Upgrade to Unix or VMS.
Sheesh, evil *and* a jerk. -- Jade
And making samba work with the secret protocols used by PDCs, and doing the same for Wine, and
perl -e 'fork||print for split//,"hahahaha"'
WEll, if you know what you targeting, you bloody make sure that you try to get a trojan in that's binary compatible. That trojan didn't get there by chance.. Of course it was aplanned attack.
If they knew MS ran *nix, then they would have used/build an *nix trojan....
if (!signature) { throw std::runtime_error("No sig!"); }
Indeed, Windows source code leaked. Here's a fragment.
/*printf("WelcometoWindows3.11");&nb sp;*/
/*printf("WelcometoWindows95");  ;*/
voidmain()
{
while(!CRASHED)
{
display_windows_logo();
display_copyright_message();
display_bill_rules_message();
do_nothing_loop();
look_for_new_hardware();
sleep(10);
look_again_for_new_hardware();
scandisk();
if(detect_cache())
disable_cache(); if(first_time_installation)
{
make_50_megabyte_swapfile();
do_nothing_loop();
totally_screw_up_HPFS_file_system();
search_and_destroy_the_rest_of_OS/2();
hang_system();
}
write_something(anything);
display_copyright_message();
do_nothing_loop();
do_some_stuff();
if(still_not_crashed)
{
display_copyright_message();
do_nothing_loop();
basically_run_windows_3.1();
do_nothing_loop();
do_nothing_loop();
}
}
if(detect_cache())
disable_cache_again();/*just to be sure*/
if(fast_cpu())
{
set_wait_states(lots);
set_mouse(speed,very_slow);
set_mouse(action,jumpy);
set_mouse(reaction,sometimes);
}
printf("WelcometoWindows98");
if(system_ok())
crash(to_dos_prompt);
else
system_memory=open("a:\swp0001.swp",O_CR EATE);
while(something)
{
sleep(5);
get_user_input();
sleep(5);
act_on_user_input();
sleep(5);
}
create_general_protection_fault();
}
-
Roses are #FF0000, Violets are #0000FF, find / -name '*base*' |xargs chown -R us && mv zig greatjustice
However, as bad as this is, it is good for free software as highlights the benefit of having access to the source and the drawback of proprietary software. It should be strongly stressed that this break in and possible insertion of back doors in literally millions of computers via MS software just underlines things we all already know: When the source is not open, the consumer has *no* way to prove its level of security.
In the past MS and others have used the ``argument'' that having the source available to black hat hackers makes free / open source less secure. This (false) argument rested on the assumption that Uncle Bill kept MS source under lock and key. Today this argument is now double false.
Why would it kill of MS???? it was just the ME source and the Office (ok, that's quit big)?
Ain't gonna hurt them more that all those pirate copied CDs, except for the humiliation...
No more than a couple of geeks are willing of going through the process of compiling it b4 using it and they can't really release it big style as a official distro... hence, it wont do more harm than rouge CDs...
And soon MS will be out with new (probably incompatible) versions...
Trust me, I'm not a big MS fan but I don't see any need for stuff like this or the DOJ (little bit uncertain about that one) in order to beat them, they will go down anyway...because there will be better alternatives around than MS.. Mind you I don't think they disapear either, probably gonna be the major desktopOS for home users for quite a while... so what? not my problem, as long as I don't have to use it....
if (!signature) { throw std::runtime_error("No sig!"); }
This is obviously bait, but I'll bite.
Do you have first-hand personal knowledge that Microsoft employees would do something "moronic" like downloading a trojan?
As I've mentioned before, I used to be a program manager at Microsoft. As a whole, I found my co-workers there to be some of the most computer-literate, intelligent, and most capable people I've ever worked with (rivalled perhaps by my new company, Avacet). I can not think of a single one who was not educated about the dangers associated with blindly running executables that come in email.
Also, Microsoft's network security was rather strong, especially considering that they have something like 25,000 employees worldwide and hundreds of thousands of machines to deal with.
Seriously, feel free to critique MS technologies -- I do it myself all the time. But an uniformed criticism of everybody who works there is just inappropriate.
Seriously, though... one of the more serious reasons that viruses/trojans spread more easily on Win32/Mac is "user imbecility/gullibility". And one reason (among many others!) why Linux/BSD was considered secure is that (1) users were much more sophisticated, and (2) the OS often compromised on security over 'ease-of-use'.
Today, with Linux (not BSD though (thankfully!)) reaching more and more into the newbie space (I'm just waiting for the first "for-newbies" distro (oh, wait, Corel comes to mind)), how long before something like this happens on a Linux box? Remember, there are a lot of newbies out there running Linux (and also Win2k/NT, for that matter) on their PCs with exactly one user account -- "root"! (or "administrator".)
Most class idiots aren't pulling down A's. Microsoft software is almost standard (as in, it's there and used)in business environment.
As some people have pointed out, if someone makes the source to Microsoft software avaiable, a whole pandora's box could open:
- 3rd party programmers may be able to increase the stability and speed of their software under Windows.
- By examining the source to say, Windows ME, Windows 2000, etc, we may have proof that Microsoft does or doesn't code their OS's to break specific peices of software.
- As others have pointed out, this berak in proves just how insecure NT is. However, if the source is published, it may be possible to make NT more secure.
Of course, this makes it impossible for Microsoft to ignore obviouse problems with Outlook running vbs scripts from an e-mail.--
Intelligence is definitely a recessive trait.
"But industry experts said that [a E-mail Trojan] is a relatively unsophisticated hacker's tool, which isn't likely to have duped Microsoft's systems on its own." duh. I find it hilarious. Eskil
First, you'll notice that it's just internic that has the problem.
Next you'll notice that 'microsoft.com' is at the START of the host name... This is 'flaw' in the internic code. The way it searches entries is by searching the start of all hosts first, then hosts those that end with the search criteria.
You could do the same and make any host appear like this.... just make a host that STARTS with microsoft.com and it's fine.
So microsoft.com.suck.because.internic.is.fucked.myho st.com *would* work
A real crack would be i.hate.microsoft.com becuase it's appening to the start of the host name.
Better to stay silent, and let people think you're an idiot than to open your mouth and remove all doubt
This may very well be true, but given the ferocity in which people hate Microsoft it is my opinion that the code would spread like wild fire. People would be willing to stand up for this fight due to the fact that this would surly destroys MS.
I have a sneaky suspicion that these guys are going to release the code. They know that this one act could very well put them in the history books if they do.
Disclaimer: I am not condoning their acts. Hacking is wrong and may cause cancer, but I sure would like to see if those secret hooks that Netscape et al. keep complaining about are real.
Any one want to buy a T-shirt -Bill a month after the release of the Windows source code.
Crack |
It seems from reading the news articles that the writers don't agree on what's worrying about this. Is it worrying because...
GROGGS: alive and well and living in
Microsoft would just buy SeaLand. Remember, BillG is the man who would be king, so that would fit nicely into his plans. Need Christmas shopping ideas Melinda dear?
Don't you know? He's still dangerous because he's learned how to manipulate his telpathic powers to hack into computer systems remotely. While he's off at a conference in St. Petersburg, he's using his ESP to compose email for Microsoft employees...
Or, at least, that's the impression the parole board has of his computer abilities. Considering for a long time they wouldn't even let him give lectures about computers, they must believe he's figured out some new non-computer-based way of cracking.
--
Those of you with just slashdot:
/home/mystik]$ whois microsoft.com
.com, .net, and .org domains can now be registered
R ORISTS.NET
V ES.NET
.COM, .NET, .ORG, .EDU domains and
/home/mystik]$ whois aol.com
.com, .net, and .org domains can now be registered
.COM, .NET, .ORG, .EDU domains and
[mystik@roast
[whois.crsnic.net]
Whois Server Version 1.3
Domain names in the
with many different competing registrars. Go to http://www.internic.net
for detailed information.
MICROSOFT.COM.IS.SECRETLY.RUN.BY.ILLUMINATI.TER
MICROSOFT.COM.IS.RULED.BY.HACKERJACK.COM
MICROSOFT.COM.INSPIRES.COPYCAT.WANNABE.SUBVERSI
MICROSOFT.COM.HAS.NO.LINUXCLUE.COM
MICROSOFT.COM
To single out one record, look it up with "xxx", where xxx is one of the
of the records displayed above. If the records are the same, look them up
with "=xxx" to receive a full display for each record.
>>> Last update of whois database: Thu, 26 Oct 2000 06:47:54 EDT <<<
The Registry database contains ONLY
Registrars.
[mystik@roast
[whois.crsnic.net]
Whois Server Version 1.3
Domain names in the
with many different competing registrars. Go to http://www.internic.net
for detailed information.
AOL.COM.KCAUTOWEB.COM
AOL.COM.IS.REGULARLY.HAX0RED.BY.INSIDE-AOL.COM
AOL.COM.EATMYSHIT.ORG
AOL.COM.AMSLIQUIDATORS.COM
AOL.COM
To single out one record, look it up with "xxx", where xxx is one of the
of the records displayed above. If the records are the same, look them up
with "=xxx" to receive a full display for each record.
>>> Last update of whois database: Thu, 26 Oct 2000 06:47:54 EDT <<<
The Registry database contains ONLY
Registrars.
Why aren't you encrypting your e-mail?
Bwahahaha
More than likely, it was an excel or word macro virus. Most viruses are implemented in these tools.
Which of our favorite uber-hackers has been released from prison within the last year that might want to rebel against the establishment by pulling off something so dasterdly? Could it be.. hmm.. oh I don't know.. maybe.. hmm.. THIS GUY? He DID steal source code in his previous days. ;-)
If the source for windows/office is really out there now, guess that'd prove once and for all if there's GPL/equiv code in there somewhere, if someone takes the time to look
The award for the "hackme" LinuxPPC contest was that you could get the hardware, but I didn't know that with the www.windows2000test.com you would get the whole Windows source code! ;-)
Jacco /var/log
---
# cd
-------
Warning: Slashdot may contain traces of nuts.
What's the picture in the CNN story?
Mice crawling over a keyboard?
Well, y'd have to be running some program as stupid as Outlook, which runs arbitrary executable attachments, inside your supposedly "clean environment". I can't imagine a competent UNIX sysadmin would set things up this way.
perl -e 'fork||print for split//,"hahahaha"'
Haven't they learned yet? They keep using the word "hacker" and it makes me sick. At least /. has the brains to use the correct word. What would happen when OSI, ESR, or RMS does something extraordinary? Lemme guess...computer "genius". It seems more like "hacker" is the right word, because when you hack around with something, you play around with it, you tinker around with it, and you develop either new uses or new fixes for something broken. However, "cracking" makes me think of "cracking the code", which in turn makes me think of breaking code, breaking security, or solving a code you weren't supposed to know. Oh well.
Definitions:
XML: Leading the way to make the web a ebiz thing
So, does this mean that we are finally getting MS Office for Linux?
I will release the blueprints unless you pay me one milllllllllllion dollars...
Arm yourself with knowledge.
> I'm a Linux user in all, but if MS fall I want
:)
.|` Clouds cross the black moonlight,
> them to fall the right way and no other
Precisely, couldn't agree more. Let them hang themselves, rather than someone coming along assassinating them.
(Mind you, if it can be shown to have been an M$ product that was cracked, I'd feel justified in saying they had hung themselves
> It's Illegal all I have to say about it...
Well, there might be that.
I think it's more to the point that you'd be breaking the license agreement by so doing, myself; laws come and go and we've got a shed-load of stupid ones doing the rounds just to prove the point, but settle for "right" and "wrong" instead. If you're doing what the license at the top of the source file says you shouldn't, you're doing the Wrong Thing(TM).
~Tim
--
~Tim
--
Rushing on down to the circle of the turn
"Other possible motives include economic espionage, though experts said only a rogue company might knowingly buy stolen software, using it either to improve its own products or make those products more compatible with Microsoft's best-selling operating systems."
So, they admit you can make your software more compatible if you have the source code of Windows? What are they hiding in it?
only a rogue company might knowingly buy stolen software, using it either to improve its own products .....
:)
If that's the case, maybe we need to forward a copy back to Microsoft.
--
doubt that many Open source people would be too interested in Windows source... Too big and nothing new in there anyway.. Look how hard it was for the mozilla people to get programmers to work in the mozilla code...
COmapnies can't use it either, even if they found it. Might get caught and that would be too serious to be true...
if (!signature) { throw std::runtime_error("No sig!"); }
Nevermind them releasing the source code, what if they modified it? If Microsoft can't detect a break in security for 3 months(or more), how is it going to detect changes in the source code? I wonder if they will go over the ME code? Or the SP1 for W2K?
Here's my question: If a user got bit by an attachment and it opened a port on his machine, how did the cracker connect to that machine? Shouldn't they be behind a firewall? Or did someone start a new email attachment trojan that does an outbound connection instead?
2)The people who broke into MS are criminals. I'm not sure about this either. OK, they did break in and they did copy information, but we don't know much more than that.
3)Judges are stupid. Nope, not always true. I doubt the fact that MS code was "stolen" will make all other programing illegal.
4)MS code is worth copying. I don't need it, or Wine for that matter, do you?
So, does this make MS open source?
Friends don't help friends install M$ junk.
OK, we all know this is bad for MS...but how does it effect the Linux community. I think it has both good and bad implications. Good in that maybe individuals and business will seek a more secure solution, thereby exploring Linux as a possibility. Bad in that it could give Linux bad press...any developments toward a more "windows like" OS could be blamed on using "stolen" code. That is, if they do indeed find that code was stolen. I'm sure their NT logs will be good enough to determine which files were acessed by who, and when.
Nothings as simple as just find the changes. Whoever broke in had access to valid, active accounts, they would have no problems making changes to source code through the normal methods. Some poor sods are going to have to look through every source change for the last three months to find something 'suspicious'.
> open source can't compete on this level unless it incorporates itself under law
What on earth does that mean? Can you (or anyone) please elaborate.
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
Don't recognize humor when you see it, do you?
The break seems too weak to believe. Doesn't it seem like orchestration with the government to reinforce the Anti-Hack Treaty ? Showing such case to europeans and other signaturers may be a good reason. You cannot forget that government of USA entered in the World War II alleging that a ship was sunken by german sub and it was not true.
sourceforge purrhaps???
if (!signature) { throw std::runtime_error("No sig!"); }
I think Microsoft security should be praised. I mean, how long has Microsoft been high-ranking on the scales of hacker's hate list? It seems to me that they ran a tight ship that has finally been damaged. We'll see if it sinks or not... :-)
~paqez
A lot of M$NBC pages simply do not work on *ix boxes, including this one. I am on an AIX machine at work, I have had trouble with M$NBC pages at home on Linux too. You get down to the arrow that says "complete story" and a couple of box ads below that, then NOTHING!!!! View page source shows the HTML is there, it just won't display. There is some kind of link to some weird site that hangs it up.
But then, what do we expect, it's **M$**NBC. (Not surprising that M$ would want to hide the story on THIS one.)
Teen Angel - a Ghost Story
Actually quite a few banks use unix for their core systems. I worked at places which use RS/6000's running AIX.
check out bugtraq, dammit. Linux got quite a few holes as well.... you better be aware than be taken by suprise....
install the fixes!
if (!signature) { throw std::runtime_error("No sig!"); }
If their shareholders found out they'd been keeping it secret, then the directors could go to jail.
perl -e 'fork||print for split//,"hahahaha"'
Maybe it's just a hoax, so MS has someone (other than themselves) to blame for all the bugs in their software. i can hear it now "no, your honor, we didn't knowingly hinder the performance of non-MS software, it must have been those hackers". You never know
What was up with the CNET article insinuating that projects like WINE would benefit from getting access to the stolen source code? That's all we need -- "Oh, well, the source was in the wild, therefore we can assume that you saw it, therefore WINE is illegal." Charming. Mind you, that whole "innocent until proven guilty" thing doesn't work when it's a big company just trying to cause grief for the little guy who has no money.
www.HearMySoulSpeak.com
This has to be the biggest hack in history ??
The most obvious application of the source, is using it as a cheat sheet in purported 'clean room' reverse engeneering efforts.
Wine and starOffice submissions could coincidently increase.
Serious legal heat would come down on any outright financial demands or commercial applications. Open source contributors could endure Federal investigations too.
I hope that whoever did this does have the whole source code. This can only improve Windows...if the source gets out, there is no way it will dissappear again. (decss for example) everyone will release their own windows and it will make microsoft products a million times better. I bet it was an actual M$ employee who was told to do this and to make it look like it was someone else. This is the only way that M$ could release their source without having too much egg on their face.
The anti-salmon
But if the operating system had a proper security structure, then a rampaging binary would not be able to cause any damage. Thus NT is at least partially to blame.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
WIth the source code people will be able to see just how much of the eratic behavior of Windows is due to incompetence and how much is malice. Do they really have secret API calls that only Microsoft apps use? And isn't it amazing WINE announced this week it can suddenly run MS Office?
Automated computer security is vulnerable to bugs and social engineering. I wonder which was responsible here. Basically, you need a man in the loop to notice the funny patterns. What would be interesting would be a thorough search through the code for back doors, but I suspect that has been done by MS, at least for the ones not deliberately inserted. What would be scary is the perps doing a thorough search through the code for buffer overflow opportunities.
"the company couldn't say one way or the other whether source code had been stolen."
In other news, a new build of Wine was released today boasting 100% emulation of the Windows environment at native speeds. When asked to comment, the dev team replied "We could tell you how we did it, but then we'd have to kill you".
(note to morons : go check on freshmeat just in case!)
-Billco, Fnarg.com
St. Petersburg (!AP) -- St. Petersburg police have found the bodies of three young computer experts. The three were found in one of the their apartments, lying on the floor in front of their 486 running SuSE Linux.
"Our police experts stated that they were those who broke into Microsoft's servers and stole large amounts of code", says a police agent via translator. "Experts were able to tell from lengthy headers, pointless libraries, and pointers to nowhere-in-particular that this must be actual code for Windows 2000' successor."
After a preliminary exam, forensic pathologists state that their deaths were all caused by ruptured lungs.
"If I didn't know better, I would think that they would have died laughing", said the pathologist.
One of the police experts who determined that the code was in fact Microsoft's also began laughing uncontrollably, and was rushed to a nearby hospital. He remains in serious condition and on heavy sedatives.
DrQu+xum: Proof that the lameness filter doesn't work.
Actually banks don't use Microsoft, or Unix. They use VMS, which according to what I have heard, kicks the crud out of everything else. VMS (from DEC) is posibly the best operating system, as it has everything Linux/Unix does, windows does, and I have never heard of a VMS box crashing or locking up.
The CNBC report I saw mentioned "data ransom." Hmmm. "Give us a billion dollars or we fix the bugs in Windows 2000!"
Al Gore has the quote "I invented the Internet" fused to his name. It's been used time and again to demonstrate Gore's penchant for hyperbole, his untrustworthiness as a leader. Many of you probably already know, though, that Gore never actually said that he created the Internet, but rather that he was the key political figure in the early days of funding the Internet (still an inflated claim, but nowhere near as sensational as the other.) Does the fact that he never actually said what countless media outless attribute to him, often as a direct quote, make any difference whatsoever to his image and reputation? Nope. The media and his opponents decided to nail him to the wall with a hyperbole of their own, and with a bit of hard work and luck, it has become Truth. Truth, in that wonderful Orwellian fashion of 'if all official sources report the lie as the Truth, then the lie becomes the Truth, and the truth a lie.'
It wouldn't matter how much you or I knew the truth, much like it doesn't matter that Al Gore never actually said that he invented the Internet. The Sheep and PHBs everywhere will swallow whetever pill they're given, and you can bet dollars to donuts that the story line wouldn't play out in favor of Open Source. If you think it's hard to convince your superiors to utilize an Open Source model now, try and imagine the brick wall you'd hit with your boss' brain automatically substituting "what happened to that stolen MS code" for "Open Source".
For the moderators out there, I'm not saying that I think Open Source is theft, just so that's sufficiently clear. I'm just saying that it's worth considering the damage that the mass media PR monster could do to the Open Source movement, especially in light of the fact that most major media outlets are heavily invested in (and guided by) large, mean corporations. Think about it.
Obliteracy: Words with explosions
"We are confident that the integrity of Microsoft source code remains secure." Dammit, I hope this isn't true.
What?
Oracle and unix guy.
"Well, y'd have to be running some program as stupid as Outlook, which runs arbitrary executable attachments, inside your supposedly "clean environment". I can't imagine a competent UNIX sysadmin would set things up this way.
It doesn't matter what OS you're running or what Email proggy you use if the person is dumb enough to run random executables.
It may take a little extra work to run it in *nix but if the guy really wants to look at that p0rn.exe they will find a way to run it.
What they need to do is just find the employee that ran said stupid trojan and fire his ass, or do something worse like make him work on securing their network.
MOD this up as funny :-)
Perhaps this is a UK-only phenomena. Eventually the BBC etc might stop assuming that their audience thinks of computers as huge semi-sentient boxes with spinning tape drives and flashing lights that talk to their operators. Or that Microsoft are the best and only software source in the world. ("How could this happen to Microsoft of all companies?" asked the same interviewer.)
And the use of "hacker"...
/me goes up in a puff of unsmoke.
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
I work with bright people too who don't know any better. On an MS box that screen saver runs as root, but most don't know what that means. Someone who does not program and has never been exposed to *nix would not. They have been assured that their data is safe and trust that it is. That's the way it goes.
MS employees might better know their software than people who listen to the MS sales department but, again, can you vouch for everyone? From Bill down to secretaries and janitors on the night shift? I don't think so.
Friends don't help friends install M$ junk.
If all you want is to do whois:
GROGGS: alive and well and living in
WOW! Have you been on slashdot very long? It's very appropriate here.
---
DO NOT DISTURB THE SE
--
--
"Just believe everything I tell you, and it will all be very, very simple."
"Investigators today discovered that the Kursk was sunk by a failure in an experimental launch system that was using stolen MS source code." Records recovered from the sub included this fragment:
"ok boot the launch system"
"roger"
"prime the payload"
"roger"
"uh we have a problem with the launch system"
"shutdown payload initiate"
"failure to shutdown payload, launch system will not start <garbled> blue screen <garbled>"
"payload is arming"
"Shut it down shut the <garbled> down"
"Can't - it won't start or stop, it's frozen. The <garbled> shows blue screen"
"Abort abort"
"payload is armed with proximity fusing"
"holy mother of God, shut the <garbled> down"
"complete lockout, no response, launch system failure, reboot reboot reb"
Loud blast noise followed by sounds of bulkhead failure. Air escape, bubbles, rumbling. Silence.
"
Now that you mention it though.. it is kind of odd that only a couple of days ago we read that Wine can now run Microsoft Word 2000 and Excel 2000. Coincidence? :-)
"Hackers huh? Hopefully they'll fix some bugs before they give it back. "
Hopefully they'll start with the bug in Outlook that allows these stupid trojans to get easily into their network.
whois netscape.com is also quite interesting! ;-)
I'm certain a group of 31337 h4x0r2 in St. Petersburg will be deterred by an American law against breaking into computers.
I know, I know, you can't expect to make sense of laws related to computers or efforts by the clue-challenged to pass them.
--
Someone you trust is one of us.
No more excuses.
:wq
What a hoot.
It's amazing that they hadn't put in security measures to keep this type of attack from happening again.
Or is it just not possible to lock down windows, due to it's lack of security? If the manufacturer can't do it in their own buildings... what chance has a normal person got?
________
Windows is just too weak. Bad design principles. Too much code. Too bloated. Too obscure.
Well, maybe the guys that took the source code will change this last part...
free the mallocs!
Only rogue companies would use stolen software?
While it's likely that companies with integrity would turn in any offers of the stolen software, I wouldn't limit the possibility that many not-as-financially-successful businesses would seriously consider it. Now that Communist Red China is no longer a rogue state, is the media trying to insinuate that the real threat here is third world capitalism?
*the Communist Red China crack came from a Republican ad run this weekend stating that Gore sold out American security for campaign contributions.
"I have a cunning plan..."
Ok, now THIS Kursk story is *funny*
I tried this running Netscape 4.7 on a Solaris box, and intially, I couldn't see the 'complete story' either. By chance, I went back a page (using the back button) and then forwarded (using the forward button) and could then see the rest of the story.
I'd venture a guess that this is a *nix Netscape rendering bug if indeed you are using Netscape.
-t
You really need to think before posting. Most of the security compromises you list for Linux are _local_ compromises. That means, you must already have a shell to do them. If you have a shell on Windows, getting root is even easier, unless you have all of the security updates. When NT4 was first released, almost every kernel call did not do proper checking, and you could comprimise security with _any_ kernel call. As far as _network_ security goes, securing Linux is just like securing any other OS - you check the network programs. The way you secure the console is by simply removing unwanted SUID programs. With Windows, you can assume that if someone is at the console or telnetted in (which you _can_ do with the proper software), you should assume they have administrator priviledges. As far as security advisories, most Linux security advisories come from the people developing the code, not from being cracked. This means you get to secure your machine _before_ script kiddies get their hands on things. With NT, the advisories are normally based on someone actually being cracked. Please think before posting, and make sure you understand the topic at hand.
I'm not even trying to say "Linux is better than Windows" with this post. I'm just pointing out that your arguments are comparing apples to oranges (network security to local machine security, and published exploits to theoretical problems).
Engineering and the Ultimate
Not even close. We figured it out, if you take all 60 million lines of code and shrink it small enough to print onto (let's be generous) 15 feet of cloth, the font size would be about 13 atoms tall. Given the nature of cloth, hardly any of the "paint" would actually end up on the threads. Most would fall through the holes. You would in fact get a tshirt that was kinda stiff, and solid white.
V
In the court of law (in the US), even illegally obtained evidence can be produced and considered as long as the parties prove that they didn't obtain themselfs.
For example, if a criminal breaks into a house and steals a book which details the crimes of the victim, the police can (and do) act on it.
III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIII
OK, how bout one of those nifty stadium tricks with giant index cards for everyone? Surely there's enough space on a setup like that?
Or, find particularly amusingly badly written functions or calls or objects or whatever (I'm no C++ guru, I can barely kludge together a complicated struct) and use those for the shirts...
Intolerant people should be shot.
Well, yes, technically, the source code in Outlook, but I meant more the whole way they designed it, I'll pick on Windows for bad programming and source code, in Outlook they _meant_ to put this "feature" in, so I can't really call it a mistake in the source code, but a mistake in the design.
Grades, Social Life, Sleep....Pick Two.
--Justin Mitchell
"2nd Place is a fancy word for losing" --Bender (Futurama)
According to the journal, it looks like they got
cracked with the same methods ILOVEYOU used.
Is it just me, or isn't this a tad ironic?
:-)
order the biggest freakin' code review in history.
If I were a hostile cracker, I wouldn't go the "data hostage" route -- to risky. The police will follow the money.
Instead, posing as an engineer, I'd slip a few buffer overrun vulnerabilities, just where I could use it. Knowing the cruftiness of MS operating systems I'd have my own private back door into any system shipped with Windows for years to come.
Give a man a fish, and he'll eat for a day. Hand a fisherman a crate of hand grenades and he'll catch all the fish in the river.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I'd expected more mature responses to MSFT being hacked than childish attacks either blaming NT like the above post or claiming that MSFT being hacked is good for Open Source like others I've seen. Frankly *nix and Windows are roughly equivalent in default security (except for OpenBSD) and only through the machinations of a good sys admin is either OS properly secured.
For those that believe *nix is somehow more inherrently secure than Windows here are a few sources that may refute that claim The major security issues in Windows are Outlook (disable preview pane, be careful with attachments) and Internet Explorer (disable Javascript). Doing that and using a firewall like ZoneAlarm is most of the securing that a typical Windows box needs. On the other hand due to the use of insecure C libraries (str* functions, *scanf functions, etc) most of the services that are enabled by default in a typical Linux install are insecure (especially RedHat the primary consumer Linux OS in the U.S.). Take a quick look at security sites like Attrition.org, CERT, SANS, rootshell, SecurityFocus, etc and check the results. Defacements of Linux sites has been rising at a steady rate and now there are more defacements of Linux sites than NT sites. CERT regularly has more Linux and Unix security advisories than for Windows. The SANS (System Administration, Networking, and Security) Institute top ten list of security holes has more entries for *nix than Windows. A quick search of the terms "linux" and "windows" on Rootshell's seearch engine come up with 84 downloadable exploits for Linux versus 39 for Windows.
The above post is not intended to be flamebait (I run Win2K but plan to reinstall Linux on my second machine so I am a Linux user) but as a counterpoint to the above post which was rated +5 when I replied to it.
Second Law of Blissful Ignorance
--- Submission is feudal.
AVAILABLE - Slightly frazzled security Admin seeks Immediate Position after undertaking imposssible task at unnamed Redmond, WA. employer. Canned due to circumstances beyond control. Will take any offer not relating to windows. Added Plus - Able to interpret arcane source code for popular and possible unintentially Open Source Operating System (you hear that Larry E.?). Used to long hours and sleepless nights, anything's a change for the better. Looking for stock options (in a company that's still gonna be worth something in a month).
Imagination is the silver lining of Intelligence.
From the CNN link: "it would be tantamount to suicide" for competitors to exploit illegally obtained information about Microsoft code for their commercial benefit.
Now is this a legal threat or just the fact that even Microsofties realize their company has no economic future?
-----BEGIN GEEK CODE BLOCK-----
v.3.12
GCS d-(--) s+: a-- C+++$>++++$$ UL++$>++++$$ P+>++++$ L++>++++$ E--- W++$>++
Apparently the hackers were looking for some good or brilliant source code, and they weren't able to find it. This explain also why Microsoft persons are sure that source code wasn't compromised: "It's impossible to make it worse than that" one spokeperson said.
This entirely unlike DeCSS. DeCSS isn't illegal. It's still in court of the circumvetion of CSS is illegal. The sourcecode to windows is stolen property (intellectual property by law, whether you acknowledge such a thing or not). So hosting the source code is fencing stolen property. And fencing _is_ illegal in most countries.
----------------------------------------------
the pun is mightier than the sword
-- Soruk
it's not???
*world falling apart*
if (!signature) { throw std::runtime_error("No sig!"); }
If the source code ever becomes available... we would at last be able to resolve the issue that we have been pondering for years... "How much GNU and Linux is there in Windows?".
Weren't those same experts characterizing the risk that someone broke into their network as "remote", too?
Evryone knows the standard procedure for security break-ins. Isolate all machines, compare all binaries to archived copies, etc, etc.
RFC 2196, now does that ring a bell?
But of course not, it's going to be "bad hackers versus oh-so-nice Microsoft" all over again. Microsoft's software and OS design lacks in security, but guess what, it's going to be someone else's fault...
free the mallocs!
This sort of kiss MIRCOS~1's argument that Windows's security features are more robust than Unices'/Linux's because the source code is proprietary.
Any project started within the last 3 months may be potentially vulnerable to a legal Denial of Service attack, yes.
I refuse, however, to believe that there's a Court of Law in the world that's bone-headed enough to believe that project X, running for Y years and fully documented in that time as an open project (cf WINE), has benefited from the unrelated, unadvertised and recent breaking out of MS source code.
Come on.. Doom-saying is all fun and games, but please do try and stay within the bounds of reality...
--
I'd rather have a bottle in front of me than a frontal lobotomy
All MS would have to do is persuade the government that it is in the interests of the US New Economy and the perpetuation of the Long Boom to drop a few laser-guided fuel-air explosives on Sealand.
This was PRECISELY my first thought when I read these pieces: this is a staged event for some reason as yet to be revealed.
Of course, as a reluctant user of NT, I *know* it's vulnerable, and the fact this occured doesn't surprise me at all. What IS surprising is we haven't heard more of this coming out of Redmond; it can't be the first time.
I don't think the possibility that this is a way for Microsoft to reign in the Open Source movement is paranoid AT ALL. With M$ having its market share threatened by Open Source stuff, why not create an excuse that the people releasing it are ripping off internal code stolen from M$. Indeed, it makes perfect sense, and it wouldn't surprise me if the lawsuits start flying within 6 months.
I worked at a place where we had REAL break-ins, and the last thing you want to tell your customers is that you've been hacked. The fact that M$ is being so forthright about this--in direct contradiction to the way they typically stonewall against any less-than-flattering news--points to an entirely different motivation than just being honest.
Remember, the people that report these stories have extensive relationships with M$. There can be no doubt that they are spinning this is such a way as to ultimately benefit M$, or any initiative that M$ may find to its liking.
By the wall, Randall is *NOT* a criminal. Yes, he was convicted, but that means about as much as the stain on Monica's dress. Judge for yourself; go here for more information.
"The more corrupt the state, the more numerous the laws."--Tacitus, The Histories
I wonder if they've sent in any bug fixes yet.
This is not the greatest sig in the world. This is just a tribute.
--
--
You are a fucking moron.
I wonder how long now until we see the source to Windows selling on Ebay...
"The source to a popular operating system - this is a real fixer-upper! Kind of worked last time I used it, buy as-is. Will pay shipping. No reserve!"
Posted from the wireless couch.
According to the report, unknown hackers managed to procur a password to Redhat's network servers. They then used the password to download the blueprints to all of Redhat's products. Even worse, the password was circulated widely over the internet, allowing thousands, potentially over a million hackers to repeat the exploit.
One person familiar with the case said it appeared the hackers initially gained access to Redhat's corporate computers by exploiting a hole in the company's "FTP" software. This software is used to transfer files between remote computers. The hackers discovered that the password "anonymous" allowed them access to all of Redhat's intellectual property.
Most damning of the report's accusations is the claim that internal Redhat officers have known about the vulnerability for months, even years, but failed to alert customers or close the security hole.
The breach may have allowed hackers to insert instructions into the blueprints for Redhat's products, including the recently released Redhat Linux 7. One anonymous insider called such practices "common." When asked if they were planning an extensive audit of their code, Redhat officials repeated their reply, "What the hell are you talking about?"
They can't drag everyone to court, and the more people that host it, the more difficult it will be for them to bring lawsuits. How many people have been sued over DeCSS compared to the amount of people hosting it? Hosting the Windows Source would represent a protest.
Joshua
When in danger or in doubt, run in circles, scream and shout!
Congratulations, AC, You won today's edition of the tin foil hat awards! A black helicopter will be by later to give you your award.
--
"Don't trolls get tired?"
-- look, cheese ahoy!
Several people have reported over IRC that someone going by the nick "BigBG" hacked into ftp.kernel.org and STOLE the source code to LINUX. It turns out that the kernel.org servers were configured in such a way that "BigBG" could exploit the known Anonymous/Email user-account. It is unknown how long this BigBG has had access to the Linux source code, nor is it known what code this person could have introduced into the Linux kernel. Linux sys-admins are encouraged to check their systems for a mysterious kernal entry that may cause your computer to emit a so-called "Blue Screen of Death" upon a segmentation fault. Linus Torvalds was not bothered for comment.
;)
Verbatim
Price, Quality, Time. Pick none. What, you thought you had a choice?
on Office and Win 2000 whether or not MS wants it. Hmmm.......
Pay no attention to the man behind the curtain with all your metadata.
Considering the antitrust case going on, can Microsoft leverage this to show that Windows "now isn't closed" and "the code is in the wild" and thus claim they shouldn't be treated as a monopoly?
Could this have been "allowed" to happen? Note there seems to be a great deal of confidence no source code was changed, just code stolen.
Not rational sepculations, of course, merely interesting ones to explore the depths of paranoia.
"The Sage treasures Unity and measures all things by it" - Lao Tzu
Although I could see how some people might not see this event as a negative to begin with. :-)
--
. . . for Microsoft to be able to explain the back doors they have placed in software when the get found. Golly! There's a back door in Win2K?! Those nasty Russian Mafia people must've put that there. We'll comment that out, er, uh . . . remove that in the next service pack!
CEE5210S The signal SIGHUP was received.
I was thinking, wouldn't it be nice if login: slashdot123, password: slashdot123 was registered at all these annoying websites that make you register to read articles, access content, ect (like nytimes.com for one)? If we all just registered this id/pass when we'd normally register our own, we could save a lot of hassle for all other /. users.
daed si luap
"The motive behind the break-in isn't known...either to improve its own products or make those products more compatible with Microsoft's best-selling operating systems. "
What??? Trying to make one's software compatible with Microsoft's OS? How rogue of them!!!!! How dare they!!!!
========================== pipe(13) -- can you figure it out?
I like this
"We are confident that the integrity of our source
code remains secure. There's no evidence that any
source code has been modified or corrupted," Miller said.
You mean they didn't fix it.
Ask Slashdot - google for stupid people.
Wonder whats been added to the retail windowsME,free trojan with every copy? Guess M$ might be going open source...
I suspect the only reason we haven't already reposessed it is because nobody has paid any attention to it - nobody wanted the hassle. It's a bunch of metal and concrete in the north sea, so long as it's not being used for illegal purposes (drug running or terrorism), it's harmless and eccentric - and we love eccentrics.
Picture this: Offended party complains to FBI. US Gov. asks UK Gov. to do something. UK Gov. closes down Sealand and probably demolishes it. After all, it is government property, and the only reason it hasn't been knocked down is because there's been no real need to.
The idea that Sealand is going to be some kind of wonderful free data haven outside the reach of governments is a pipe-dream for inhabitants of cloud cuckoo land.
Hacker: A criminal who breaks into computer systems
"Information wants to be paid"
actually MS uses UNIX to protect themselves from viruses
...what in the hell would hackers want with Microsoft's plans? Script kiddies, sure. Crackers, of course. But actual hackers? No self-respecting hacker would ant or need to crib from Microsoft's notes. That would be like copying off the paper of the class idiot.
"How perfectly Goddamn delightful it all is, to be sure" Charles Crumb
Anyone else have trouble using their pron^H^H^H^H, hotmail accounts last night, login worked, no inbox though 2-2:30AM East US time
Read my plan to save the Bengals
I wonder what now Microsoft has to do to save face in light of these action being taken agianst them. As a Big player in the world of softawre this will hurt alot of thier products. For instance if the source code for IIS was stolen I feeel really bad for people who run NT servcers hey could find an exploits even quicker and I would think it would be harder for microsoft to fend these type off attacks.
I'm a Linux user in all, but if MS fall I want them to fall the right way and no other. Besides I wouldn't feel right putting something into my program and knowing that I got it the wrong way.
It's Illegal all I have to say about it...
=/
From Zero to Hero... Starbuck Zero
As he really likes to use MS software on major systems that we sell to our customers. With Unix we can tweak the security setings at a finer grained level. And (with OSS) find out where the holes are, and fix them ourselves.
Best Slashdot Co
it's easy to get the same functionallity if you KNOW how to administrate a WindowsNT
OK, I'll bite..
So you're saying that the company that wrote NT doesn't know how to administrate it?
(and please don't blame 'untrained users' - on a properly configured *nix system, an untrained user couldn't do any harm...)
It is interesting to note that with the "open" sourcing of any of the
stolen source code, there is the potential for the exposure of a
multitude of new backdoors/vulnerabilities into MS apps and a
proliferation of new exploits in the coming months. While I dread
the initial flurry of activity, it will be a great benefit to get
these backdoors/vulnerabilities closed and patched once and for all.
Sean
Sean Brown
Linux Evangelist
"I'll let you be in my dream if I can be in yours." - Bob D.
Here's hoping whoever did this took a copy of the source code, and will release it somehow (this is a great chance to test the efficacy of Freenet). This could help conquer a whole host of reverse engineering tasks facing the linux community.
Now microsoft is "open source" or it ever was ?
Overlord
Sorry, greedy little troll, RMS does live within the law and FSF software has noting to fear at all from this BS.
Friends don't help friends install M$ junk.
hmmm, you dont' even hage a page.
Ill post your picture later on tonight.
Ignore the Anonymous Pissant trolls !!!
Hmmm. Maybe Mr. Bill is a saint, rather than the anti-christ. Maybe he designed his software that way on purpose to make the world a safer place!
*loud exhale*
Wow, that's some good s**t.
Probably shouldn't post while I'm smoking it though...
Failure is not an option.
Failure is not an option.
It comes bundled with Windows.
Fixing some bugs would make more sense than fixing 'em all. That could take even the most bright and dedicated programmer(s) a lifetime. Maybe they could release it under the name Windows Hee Hee Version 1.a
I love the smell of Karma in the morning
>> No seriously, imagine forced open source.
I don't see any advantage to having the MS source "open" as a result of a hackers actions.
The information was gained illegally, so the possession or use of this information becomes illegal. The US judicial system does frown upon corporate espionage, which is how this would be considered. I believe that this would be illegal in most EU countries in regards to copyright laws.
If *nix is a superior OS to Windows, and you have the source code for *nix, then where is the desire to have the microsoft source? This would be a step backwards, which in the software world, is downright stupid.
"Microsoft has made computing accessible to a population who would otherwise not be able to use computers" - B. Kernigha
Your tagline said: I have seen the end of the world! I think it was an exit on the Jersey turnpike. Eerie how appropriate taglines sometimes are. The end of the world is Outlook. If one single piece of software has the ability to knacker the 'net, Outlook is it. Maybe now Microsoft will do something serious about fixing it? Yes, I know, it is wishful thinking, but stranger things have happened. On the subject of the potential theft of Office and Windows, Bill will just write a letter to the crackers complaining that he can't make any money if they steal his code, and then tell everyone else that it was a buggy release anyway and he's concerned that it'll give his company a bad image.
Got time? Spend some of it coding or testing
You can look at some of the damage that was done to the DNS @ Internic as of 8:30 this morning.
Richy C.
--
It may be a good time to sell your Micro$oft shares!
See my journal, I write things there
is what should be done.
III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIII
wasn't it a cool article on /. before regarding using the nameserver to tunnel out of firewalls?
if (!signature) { throw std::runtime_error("No sig!"); }
The funniest phrase in the whole WSJ article is the one above. "integrity" and "Microsoft source code" is something I never thought I'd see in the same sentence, unless of course there was a huge NOT stuck in the middle! Way to go Hemos!
Please release whatever source you got and let it spread like a virus. Please, oh god, please.
I thought Windows 2000 file protection was supposed to protect against exactly this sort of thing. This was supposedly a trojan that overwrote Notepad.exe, and Notepad.exe is one of the files that supposedly can't be replaced unless the replacement is signed by MS's private key.
...they didn't install some anti-virus mail scanning thing for Exchange? ;-)
Oh wait... Maybe they aren't using Exchange?
Oh well
Any technology distinguishable from magic, is insufficiently advanced.
this is for real? ms has been known to bullshit a lot. with things looking so bad for them with the trial, maybe they're trying to get a bit of public sympathy?
Well, federal law enforcement agencies are well known for lacking a sense of humor. If they found out that MS was BS'ing them, heads would roll.
The FBI doesn't have much of a sense of humor; maybe more for this than, say, a kidnapping, but it still isn't worth the risk. (The Secret Service has no sense of humor.)
I like you, Stuart. You're not like everyone else, here, at Slashdot.
It doesn't matter what OS you're running or what Email proggy you use if the person is dumb enough to run random executables.
But what happens when an email program provides a preview feature that will open an email and show you the first few lines and an auto-execute feature that will run an arbitrary program when the email is opened?
What happens when both features are enabled out of the box? Is a heart surgeon to be called stupid because he spends his days reading up on heart surgery instead of all the intricacies of computer security?
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
Boy I sure as hell hope you haven't posted message this from your home or work computer.
A message from our sponsor
.. they have any network access at all from the development environment to the Internet .. it should be unplugged by default ...
.. this shows that if you want a place to be secure you should not have physical access at all to the Internet from that place... Heck .. they should have two terminals one for the development systems and one for Internet access/mail etc..
Well
If they have different locations where they develop code you can actually lease a separate line and not use for example vpn over the Internet.
I really HAD another userid
Erm, ask for proof ?
Surely you're not judging an operating system on the symantics of it's move directory command?
cd == set def
rmdir == delete whatever.dir
By your reckoning MS-DOS is as good as any Unix, because it's got the CD command. Yeah, right.
Wow... on the eve of Bill Gates birthday... his most precious software source code gets found to be stolen. Have a great one Billy!! ;]
No matter how much you think Bill Gates is the anti-christ or hate Windows, this is most assuredly NOT good news. The judges, the lawyers, and the law enforcement that will certainly become involved in this case will look at one point, and one point only: someone broke the law. Know what else? They don't understand you, and they don't care that you want Wine to work better or an Open Source Windows.
In the interest of fairness, let's look at this from their point of view. "Hackers" (does anyone know what this word means anymore?) have been getting a lot of bad press lately. Hacking into Microsoft's site adds fuel to the fire. Stealing Microsoft's code is fanning the flames.
Everyone is making jokes about how insecure MS products are, as if Apache or Slashdot have never been compromised.
Even more worrisome is the opinion of the everyday, ordinary citizen. Some of which have made money off MS stock. Many of which use a computer, but aren't as "in" to them as we are. I bet you lunch that they see stuff like this and feel "insecure". And I guarantee you, when something like Carnivore comes along, the average person will suport it, because it makes, at least in their mind, the online world a safer place.
So laugh now about Microsoft's problem. Joke about an OSS Windows, regardless if they want it or not.
Ladies and Gentlemen, if you're old enough to understand, it's time to realize that this is most assuredly Not A Good Thing.
Disclaimer: MY computer runs Linux/BeOS.
...but what is the probability of a group of russian-teen-uber-hackers breaking into Microsoft's inner scantum, vs. the probability of the DOJ enlisting the aid of Microsoft to stage an "event" that will influence public opinion and help law inforcement authorities "crack down" on these vicious computer crimes?
If you think the gov't doesn't create news events for the sake of swaying public opinion, you haven't been paying attention.
Because the Russians seem surf the stability wave?
Bizar technology?
Other possible motives include economic espionage, though experts said only a rogue company might knowingly buy stolen software, using it either to improve its own products or make those products more compatible with Microsoft's best-selling operating systems.
I'm not sure how you can label a company as ROGUE whose purpose is to provide more compatible software...maybe now we'll get open source windows...
All abuse of MS aside, This could be positive for the market as a whole.
Ignoring the Windows source and focusing on the office source, it could now be possible to use some of this source code to make things like StarOffice or AbiWord properly import Word/Powerpoint/Excel documents. Once you have the source, you could use it as a basis to write new import code for any other Suite.
The hardest part about getting people to move to OSS was the fact you couldn't convert between MS Word and back. Now, maybe we can and Linux, BSD and BeOS can make serious inroads.
Lets see what new submissions to the various OSS suites happen in a few months...
If you weren't a spineless AC, I'd give you an IP, a user login and a password for this (my home) box, which is running an obselete version of Mandrake Linux.
I'll also bet you $Oz1000 that you can't use that account to sniff any passwords. I'll add a side bet of a further $Oz1000 that you can't ping or traceroute either.
This box has not been security tweaked (if it had you wouldn't be able to blow your nose here without special permission) indeed I've undone some of the default security.
Now, shall we discuss a system which is serious about security, like OpenBSD or OpenVMS? (-:
Horse puckey. They were trojanned, so no amount of firewalling would have helped. Microsoft's biggest mistake was limiting their use of Unix to software manufacture plus the odd curiostiy piece.
Got time? Spend some of it coding or testing
----------
----------
"Rock over London... Rock on Chicago..." -Wesley Willis
If you make a public registration somewhere
try/create standard cypherpunk/cypherpunk first. (or was is cypherpunk?)
(Please mod up if you know what I'm talking about)
But wait! Red Hat started the open source revolution.
"The secret of success is to know something nobody else knows." -Aristotle Onassis
While I agree with you - It is stupid to have full fledge scripting languages built into email clients - and setup in wayhs that are just RIPE for abuse - its not like thats the only problem.
Its not like noone ever found a buffer overflow in pine that would expoit as soon as the victem read mail. (of course - ive only seen that once - maybe twice - and it got fixed quickly)
Then again - that is the beauty of unix - every user can pick their email client - there is no push or need to make EVERYONE use pine or elm or mutt (though I do prefer the latter).
-Steve
"I opened my eyes, and everything went dark again"
My slashdot ID (13487) is 70,000 lower than yours (82141), isn't it. :) I've been around long enough.
/. ID is lower than the real Bruce Perens'.
You have nothing to brag about. Move along.
The real Threed's
--Threed
yup. Since the original host (infection 0?) was infected via an email attachment, it would have been easy for the attackers to tunnel through the firewall (port 80, perhaps: outgoing information encoded in the URLs).
I see several main possibilities here. The first is that this is real, and will be a great boon to the open source movement. I think that when we get our hands on the code that we're going to see some pretty nasty stuff in there.
Another possibility is that this is an untrue rumor, possibly started by Micro$oft in an attempt to push through the Draft Cybercrime Treaty, or for other, unknown reasons.
Either way, the lawsuits will start flying like mad quite soon, and things will change.
Joshua
When in danger or in doubt, run in circles, scream and shout!
We may be missing something here. Did they find a way to turn this to their benefit? Their stock is GOING UP!
Or did they plan this all along?
Maybe the admin was logged in with as ADMINASTOR while checking his email?
If the admin was logged in as user "bob", your right a rampaging binary should of not cause that much damage.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
whois microsoft.com
also whois aol.com ; whois apple.com ; whois whitehouse.gov
How did they do it? Simple. Whenever you register a nameserver IP address, you have to include a domain name for the nameserver. I think the only thing checked is that the IP address pings and the domain name is part of a real domain.
--
"Open source is good." - Steve Jobs
"Open source is evil." - Microsoft
..if they are caught. Then all the info that they stole will become part of the public record. =]
Spazdot-1 in 10 insightfull articles, and 1 in 10,000 insightfull comments ain't bad.
Do you really think Microsoft really needs such a lame excuse to "go after" the Open Source community and efforts such as Wine? They are perfectly capable of thinking up a lot more believable reasons than that why such reverse engineering "infringes" on their IP.
Microsoft may be a huge bully, but I don't think they are a huge brainless bully.
--
Your Servant, B. Baggins
this is for real? ms has been known to bullshit a lot. with things looking so bad for them with the trial, maybe they're trying to get a bit of public sympathy?
how can they be an ultra-powerful monopoly if they are hacked by a bunch of script kiddies? hahahahahaha
abcdefghijklmnopqrstuvwxyz
The information was gained illegally, so the possession or use of this information becomes illegal. The US judicial system does frown upon corporate espionage, which is how this would be considered. I believe that this would be illegal in most EU countries in regards to copyright laws.
...
... We can do that by installing Windows now.
.iMMersE
Still, the fact the information was gained illegally doesn't mean anything - Compare with DeCSS, for example
If *nix is a superior OS to Windows, and you have the source code for *nix, then where is the desire to have the microsoft source? This would be a step backwards, which in the software world, is downright stupid.
How would having the Windows code be a step backwards. Having it would be very useful, having as much reference material as possible is good. It doesn't mean people are suddenly going to drop their current kernel code tree and start using the Windows one
codegolf.com - smaller *is* better.
True, not sure the email thingie would work against unix. However, all networks got cracks, there are flaws in unix thatr has ben used b4 to gain root access and there are probably a few around now as well, nothing is 100% secure...
Mind you I believe unix is far more secure than win, but it' s *not* 100%
if (!signature) { throw std::runtime_error("No sig!"); }
If the source code is so private, then why is M$ storing it on a network that connects to the Internet in the first place? The company I work for develops software but we have a closed network that the software is developed on. It has no connection to the internet. When the software is tested for internet compatability it is compiled and copied over. It seems to me for something that M$ would want such high protection on, they wouldn't let it anywhere near an Internet connection.
And now, more to the point, NOT MICROSOFT!
HA HA!
You'll never see an article about RedHat like this... "Yeah, they broke in and stole the source to our prize gem OS..."
dennis
In fact, it's probably the biggest misconception he made.
Relying solely on a firewall is the single biggest mistake a company can make.
True, a proprely configured firewall can make a huge difference, but _real_ security involves securing every machine on the network. A firewall won't fix a problem with bad client (such as Outlook) executing code it's not supposed to. A firewall won't fix a problem with a web/mail/whatever server running behind it.
The bottom line is that if a machine needs to talk to the internet, it _needs_ to be secured, because an improperly written app can make any firewall completely useless.
OTOH, it's always possible to get a trojan to a person's PC, f.e. by let the person download some moronic 'gadget' for the desktop. But it would have been way more difficult that way.
--
Never underestimate the relief of true separation of Religion and State.
rated it a 5 out of 10 for harmfullness
:o)
I wonder if they'll re-asses it now?
But be careful as noted by the above reply
"These were all very bright boys - cheerful, helpful and good at their day programming jobs" said apartment resident Canya Bolyevtis. "But last weekend that changed when they started walking around in a daze after an all-night session, as if they had been exposed to some terribly traumatic thing."
Californian software analyst Rich McGee says the teens were foolish to allow themselves to be exposed to Microsoft source code.
"Here you have some very bright young guys with some Unix experience suddenly coming into contact with the C source for kernel32.dll. I think they were unprepared for the shock."
St. Petersburg police chief Konstantin Bolygubov thanked the public for the information that led to the arrests, saying it was the easiest raid he had done in a long time.
"When we broke down the door, none of them moved," he said. "They were all just staring in horror at the screen of a PC in the corner of the living room."
--- Hot Shot City is particularly good.
What about the claims by some that M$ uses portions of GPL'd code? If that was revealed in the any sources absconded with, could this not work in open source's favor? Granted, M$ will still take the position the material was illegally obtained (probably rightfully so) and try to supress it (fat fscking chance). This could give the free software movement some justifaction for its model and some teeth for any legal wrangling they felt they should do.
just a thought...
-'fester
MS couldn't possibly be hacked. Why not? They have no Unix based machines! They are an NT only shop and are thus secure against any type of attack. Only Unix boxes can be hacked because they were not designed on a decent security model (as evidenced by the Morris Worm). NT has been designed to provide Enterprise level security.
Gotta cut the lecture short for today, I'm off to ddos some stuff to simulate the Slashdot effect. Don't believe And0ver pays me to ddos servers to simulate the Slashdot effect? See here!
Cunning linguists
NT *does* have a proper security structure, even moreso than Unix does.
I just found this on the web at the site for the MicroSloth Gazette/ 20001027/ms_hack_2000.htm
r s_infect_redmond.html
- -----------------------
0 1027/tc/microsoft_ballmer_dc_4.html)
/* Purpose: Create NOPs in binary code to allow room for
// patchBlock(); /* Don't call - infinite recursion! */
// Leave room for patches by inserting NOPs into code.
// Only use as multiple of 4 ';'s for proper alignment.
// etc.
/* Copyright - 2000 - Microsoft. All rights reserved. */
/* Proprietary and not for disclosure. */
... [runs out of napkin]
and thought I'd repost it here. It definitely sheds a different
perspective on things. You can find the original article at:
http://www.microslothgazette.ru/articles/business
or
http://222.173.190.239//mad_cow_disease/bad_burge
Let us hope that the hackers / crackers, or whatever they
desire to be called, do not decide to release the Microsoft
code to the rest of the world thereby infecting the worlds'
programmers. After reading this, I believe that to do so
would set the software industry back 10 years and should
thus constitute an act of terrorism.
Apologies in advance if lines wrap weird; blame it on this
being my first post here.
Note: Some of the words or phrases are trademarks of somebody.
All others are open to the highest bidder.
-wallk_in_columbus
P.S.- I'm posting this anonymously, because this is not my
real name.
-----------------------------------------------
The Real Story Behind Ballmer's Comment
"our source codes are intact"
By: Lacey Sheets*
----
* The author's real name. Heh, would YOU choose that name as a pseudonym?
----
2000-Oct.-28--St. Petersburg, Russia-- We at the MicroSloth
Gazette were cruising the web's leading news portals looking
to borrow another paper's story when we spotted the title to
a still unposted article at the Yahoo,Yippee,Hurray!!?! web
site that described the possible espionage and theft of source
code at Microsoft.
What intrigued us about the soon to-be-published story (available at
http://dailynews.yahooyippeehurray.com/h/nm/200
was the comment made by Miscrosoft CEO Steve Ballmer.
Ballmer said, "I think I can fairly say that our source
codes are intact."
Until then, it had been the opinion of some at the MicroSloth
Gazette that Ballmer was at least somewhat technically astute,
but this comment left even his staunchest supporters here
wondering if he really wasn't totally clueless.
Either Ballmer didn't know that simply copying source code
would leave it unchanged or he was trying to cover-up
something. We smelled a story and so we assigned our ace
undercover reporter, Lacey Sheets to the story in Redmond.
The following is a full disclosure of Mr. Sheets findings.
"I arrived at Redmond at 8:05AM Pacific time. By 9:00, I had
contacted our Microsoft mole and planned to meet him for
a late breakfast.", said Sheets.
Steven, er, our mole, whose name we cannot reveal lest he get
arrested and we stop getting these inside scoops, arrived
incognito disguised as a Linux kernel hacker. Sheets says
he would not have recognized him except that he still was
wearing his Microsoft badge. For the remainder of this
story, we'll refer to our mole as "MS Guy".
Sheets: "Well, Steven whose last name I had better not reveal, what's
the scoop at Microsoft?"
MS Guy: (nervously looking over his shoulder, and then smelling under his
armpit): "The inside rumor is that our CEO is not revealing the
whole truth."
Sheets: "What do you mean? Is he simply lying or is he just planning to
run for office?"
MS Guy: "Well, for instance, the official report released to the press
says that there was some 'unusual behavior' in the security
protocols that we use in terms of the network and that's
when the security team started the whole investigative process.
But I have some friends down in QA and they told me that's a
bit misleading. The security people did not really did not see
passwords going outside of the Redmond campus. What made them
suspicious is that suddenly the Windows 2000 Kerberos actually
started inter-operating correctly with Kerberos servers on some
UNIX hosts that are used for incompatibility testing. Of
course, a few weeks before that, the QA team had become
suspicious since Windows ME was only crashing half as
much as expected."
Sheets: "I see; and that led you to proceed, how?"
MS Guy: "Well the security team was called in and what they
discovered is not pretty. Are you sure that I will
remain anonymous, as an undisclosed source?"
Sheets: "Well, yes, Mr. B... Er, sorry, I'll be sure to erase that
from my tape. Not only that reference, but, we hope your
source code as well."
MS Guy: "Okay, I believe you. I'm just nervous that's all. Probably
because you're taking notes using XEmacs on a laptop running
OpenBSD. I start sweating when I get near one of those, you
know. Okay [takes drink of water], where was I? Oh yeah...
the security team started checking audit logs and sizes of
the files compared to those on our last backup that we did
two months ago. They found the present file sizes much smaller
then the backups."
Sheets: (pouncing with his 'killer' question) "What do you mean?"
MS Guy: "You know... the sizes for the current files--both object
and source files--were almost all smaller than they were
before. And also, we found some of the files were
completely missing. For example, instead of the seventeen
different implementations of shell sort functions in six
different DLLs, there was only one sort routine in a single
DLL. Someone who had an old copy of Knuth's algorithms books
identified it as something called a 'quick sort' routine. Also,
it had a copyright by the 'Free Software Foundation'. Another
person mentioned it looked like the Gnu Public License. This
lead our security team to discover that this one function
not only ran much faster then all of our finely tuned
shell sort functions--including those handcrafted in
assembler--but it also appeared to be the same function
as the qsort function in the GNU libc library."
Sheets: "I see. So your source code really ISN'T intact, is it?"
MS Guy: "No, but we ran regression tests and had a 99.9% pass rate.
The few things that failed were things like case-insensitive
file names. The hackers seemed to have made FAT into a
case-sensistive file system. We currently have a team of 40
engineers repairing that, although we're hoping someone
can locate those backups of the DOS 2.11 code on 5 1/4 inch
floppies so we can simply retrieve the corrections from
the backup."
Sheets: "Interesting... anything else out of the ordinary turn up?"
MS Guy: "Well, one unusual thing of all was that all our patch blocks
had been removed from the source code. That reduced the source
code size by a factor of 10, but oddly enough, we saw no
corresponding reduction in the size of the object code. We're
still looking into that."
Sheets: "Patch blocks? What are patch blocks?"
MS Guy: "Ugh, you know, when you write code something you insert in
the source code to leave room for making later emergency
patches to the object code." [Illustrates by writing the
below on the back of his place mat.]
* future emergency patches. Should be called
* upon entry of each and every C and C++
* function in this file. Furthermore, every
* C or C++ source file should define this
* function.
* Version: 1.4
*/
static void patchBlock(void)
{
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
}
Sheets: "Hmmm; I don't know much about programming, but that certainly
doesn't look like it does much."
MS Guy: "Oh yes, it has a very valuable purpose, given that we
have so many bugs and so many millions of lines of code.
We just replace these empty semicolons with patches so
we don't have to recompile everything to fix it. Do
you know how long it takes to compile 27 million lines
of C code? A long time!"
Sheets: "Er, well, I see, I guess... What else did your security team
notice in their audits?"
MS Guy: "Well, now that you mention it, in some portions of code that
was left, but simply rewritten, it was no longer written using
Hungarian notation."
Sheets: "Hungarian notation?"
MS Guy: "Yeah, you know... naming variables after their data type. We're
required to do that for readability or for some reason like
that. Actually no one remembers why we use it, but the code is
full of it and... Here, I'll show you..." [This time writes on
paper cocktail napkin.]
#include "sy.h"
struct SY *PsySz(sz)
char sz[];
{
char *pch;
Sheets: "And that means, what?"
MS Guy: "Well, you see if SY is a structure for a symbol table, then
PsySz(sz) is a pointer to a function returning an SY that
takes a pointer to the first character of a null terminated
string. See how convenient that is? It's a lot easier to type
than to say, trust me. And by the way, I'll have to have that
napkin back."
Sheets: "Well, if you say so. So with all these changes, I'll bet you
found all kinds of problems and trojan
rubbers^H^H^H^H^H^H^Hhorses left behind, right?"
MS Guy: "Well, so far we haven't. We know the thieves have been in
for at least two weeks, but they only had a chance to replace
a few key modules. But incredibly, the QA team have had less
problems with the system and applications crashing then we
normally do. In fact, almost 50% less to date. In addition,
the overall performance has increased by 15%, and for some
modules, there has been a factor of 10 increase in speed.
Someone, tried, on a lark I think, to boot this hacked Windows
ME up on an old Pentium 90 that the cleaning ladies play
Solitaire on using Windows 3.1, and it actually worked.
Well, it did until we ran out of memory when we tried to
run MS Office. It only had 8MB of RAM."
Sheets: (incredulously) "What, Windows ME booted on a Pentium 90 with
only 8MB of RAM? Impossible!"
MS Guy: "That's what I said. I wouldn't have believed it if I hadn't
seen it with my own eyes. But of course you see my, er, our
predicament, don't you?"
Sheets: "Well, not exactly. What don't you spell it out for me in
layman's terms. Put it so that it's something that even
programmers who have had their minds wiped clean by writing
years of Visual Basic could understand."
MS Guy: "Well, I'm not sure that ANYTHING could be explained that simply.
But I'll give it my best shot, and with luck, maybe even upper
management will be able to grasp it.
It's like this. If Microsoft doesn't restore the original
software, people will notice the quality improvements, the
speed improvements, and the smaller memory footprint."
Sheets: "So?" (My best question, by far!)
MS Guy: "So? So??? You aren't the sharpest knife in the drawer are you?
Are you mad? Have you been swimming in the shallow end of the
gene pool too long?
If people notice, they won't feel compelled to buy bigger and
faster computers. And if that doesn't happen, how are we going
to get people to by our next operating system release? I mean,
at first glance, it appears that more than 5000 of our known
60,000+ bugs were fixed by these hackers. It's a good thing we
caught them in time or it would have been too late. After all,
we've done focus group studies and we know that people only
want "good enough" software. They aren't expecting perfection.
If our stolen source code gets out, it could spell the end to
Microsoft as we know us. We can't have people think that they
can get good quality software for nothing though. Where would
that leave us for Windows ME++? Without an upgrade path, that's
where. And our stock would crash and I'd have to get a job as
a rock star. And I don't think anyone wants that."
Sheets: "Well, Mr. Bal... oops, almost spilled the beans. Not to worry
though, Steve... a good reporter never reveals his sources."
Im going to ignore you, and when i close my eyes, and the re-open them, your troll face will be gone.
TRolL stamped a$ ignored. M$ users are really pathetic people.
Ignore the Anonymous Pissant trolls !!!
Could be. I've found NT to be incredibly irritating to use as anything but Administrator.
I send them links to descriptions of both cracker and hacker but the response was:
I made all the changes and deletions except 'hacker'. My editors and I don't think anyone would understand the term 'cracker'.
Well, if they (media) do not use word 'cracker' because nobody understand it then it is obvious nobody understands this word (I do not know much people which when absorbing information from general media use dictionary).
hany
Here's a concrete example of why secret OS source code makes it harder for developers. I'm so frustrated at this point I feel like trying to find these guys in St. Petersburg and ask them politely if they could answer a few questions.
Right now I am trying to write an app in Visual C++ that downloads a web page. There's this object called a "CInternetSession". To download a web page, you create one of these "CInternetSession" objects, then you call a method on it to return a "CHttpSession". Okay, fine.
The thing is, I have to repeatedly download the same web page over and over, at regular intervals. I need to optimize for performance because of other stuff that's going on in this program. It would be simpler and more modular if I created a new CInternetSession every time I download the page. Then I just put all the internet code in one function and be done with it. However, of course it would be faster to create the CInternetSession once and reuse it. Which is preferable depends on exactly how much of a performance hit using creation of a CInternetSession object will incur.
If I was writing this on Linux, I would just check out the source code and find out exactly what each of these objects do. But since they are "black boxes", I have to either 1) rig up a framework to run some tests 2) muck around searching the web and the microsoft site to see if I can get more info about what these functions actually do or 3) just say "screw it" and pick one and forget about it.
Guess which choice I'm going with? You got it, #3. Proof positive that applications written for an open source OS have the capability, at least, to be much better quality than apps written for a traditional OS. Whether or not the OS itself is "better."
Don't post on slashdot. Get back to work.
In related news, Sun have recently released the source code to StarOffice/OpenOffice.
Not any more.
I'm sure that it is just familiarity, whilst, admittedly the directory specs (SET DEF $1$DUA4:[x.y.x]) can be a bit confusing, conversley stuff like SHOW SYSTEM == ps seems a lot less confusing than Unix to me.
I know it's practically heresy round here, but I've always viewed UNIX commands as being cryptic for the sake of it.
An anonymous post from somewhere deep in Russia to comp.so.windows contained a 250MB "patch" to the Windows source code. Improvements include the ability to compile with gcc 2.96, 65K bug fixes, thousands of speedups, and a cute Pengiun silhouette in the corner of the Windows boot up screen. Sources close to Microsoft said that their technicians issued a 'patch -p1', a several hours later went gold with the resulting product. "This is exactly what service pack 2 for Windows ME was going to look like, these folks just saved us the trouble of writing it;" an anonymous marketer at Microsoft said. "Users can expect to see the upgrade in stores in the next month, for a nominal charge of $450."
The difference between reality and fantasy is a nice soundtrack.
http://www.pla-netx.com/linebackn/news/bsod.html
--
h@hh@hh@...@.&.... "You shall not pass!"
I wonder if this could be the beginning of Microsoft being forced to open its code to major customers (at least)--those that will demand the code for independent review (say, Fortune 500 companies and major governments).
Along this line I am reminded me of controversial tactics used in the homosexual community to "out" prominent persons publically against their will.
Is it time to start a Planet Open? A movement to force companies to "open" their wares against their will?
Such a thing would be illegal--and participating would make one liable to Mitnick-type incarceration (or worse!).
But, it this inevitable?
Now hiring experienced client- & server-side developers
-- @rjamestaylor on Ello
Has anyone considered the upside to Microsoft from this? MS can now (truthfully) say that antitrust action needs to be reconsidered, since -everyone knows- that once something is released to the internet, the whole world has it in minutes. They can claim, with some validity, that since Windows source is 'in the wild', they don't need to be broken up. Sooner or later some Chinese or Ukrainian company will release a Windows clone and all of a sudden they have competition. Kinda hard to argue for antirust relief if that happens.
:)
Which, of course, makes me wonder: which low-level drone at MS did Bill pick on to give out the first password, and what did s/he do to deserve such a fate?
"Just because I'm paranoid doesn't mean they aren't out to get me."
mjs
Surely the source code couldn't be used for anything other than blackmail?
Hey Billy... Perhaps its time to write another one of those letters to the god damn homebrew community and ask them to stop stealing your software, eh?? Happy Birthday!!
this is idiotic. there is a little thing called evidence, and M$ would have none of it. nobody would believe such a ridiculous claim, and the fact that you'd make it is evidence of a disturbing amount of paranoia on your part.
tell me, do you worry about M$ fluoridating the water?
...dave
Think different? I'd be happy if most people would just think...
That knocking sound you hear is the FBI at your door. I hear Thursday's desert is stewed prunes at Levenworth. Don't worry, I'll donate to your commisary account.
Pay no attention to the man behind the curtain with all your metadata.
MS Does, it's pure W2K
> (and please don't blame 'untrained users' - on a
> properly configured *nix system, an untrained
> user couldn't do any harm...)
That depends on your definition of "harm".
They certainly can do things like use the same password for your system as they use over unencrypted connections elsewhere.
Stuff like that can at least open the door to harm. Lets face it - no system is completely bug free - and once someone gets on by sniffing a password - its that much easier for them to use the latest root exploit
(assuming they need root - last time one of our users had a password sniffed - the guy who broke in just setup an IRC bouncer - fucking looser too - I got the job of logging and monitoring his IRC sessions while we were gathering evidence for the Authorities. Just sat around in IRC all day talking about how "we can take over this channel" or "We want that channel" - get a fucking life!)
-Steve
"I opened my eyes, and everything went dark again"
one small step for a man,...
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
- if you love something, set it free; if it doesn't come back, hunt it down and kill it
Some new information has come to light over the Kursk disaster.
... A
For those with short attention spans, the Kursk was the submarine that blew up and sank in the Artic Ocean killing all 118 on board. The Russians tried to blame the incident on a collision with an unidentified object. However, sonar tapes which recorded the blasts (a small one at first, then a much larger one two minutes later) cast doubt on these claims. A whistle blower within the Russian military has leaked that the crew of the Kursk was testing a new type of torpedo when the accident occurred. It seemed very likely that the test didn't go quite as planned.
While rescue efforts to save the survivors of the Kursk failed, salvage crews were able to recover a 'Black Box' from the submarine which contained detailed accounts of the events leading up to the explosion. As luck would have it, we got a copy of those tapes.
It turns out that the submarine crew was trying to load Microsoft Windows on their fire control computer. Their intent was to replace the aging CP/M operating system with the flashier Windows OS. Apparently, the Russians didn't know about the legendary stability problems exhibited by Windows. The log tapes make this painfully obvious:
Captain: Is the new fire control Windows OS installed yet?
Seaman: Almost Sir. We just need to finish filling out the registration
card.
Captain: Excellent. Soon we will be able to point and click our enemies
into oblivion.
[evil laughter in background]
Seaman: Captain! It is booting! Look, it says "Preparing to run Windows
for the first time".
[long pause]
Seaman: Arrgh! Sir, it wants me to reboot again. That makes the 27th time.
Captain: Hmmm. This is not encouraging. Go ahead and reboot again.
Seaman: Aye Sir.
[another long pause]
Seaman: Captain, it is up again. It says it found new hardware
CD-ROM drive and that it needs drivers.
Captain: Where are the drivers?
Seaman: On the CD-ROM.
Captain: You are joking, right?
Seaman: No Sir.
Captain: Reboot the damn thing again. I am starting not to like this
Windows.
[another long pause]
Seaman: Sir! It is back! It says it found the Gorby2000 Torpedo and is
looking for the device drivers. Do we have a driver disk?
Captain: I do not think so.
Seaman: I will tell it to use the default drivers.
[another long pause]
Seaman: Crap. It wants to reboot again.
Captain: How many times are we going to reboot today? This is taking
forever. Our hull is going to rust out before this works.
[another long pause]
Seaman: Sir! It is up and this time it is not asking for anything!
Captain: Really? No device drivers? No registration cards? No user profiles?
Seaman: No Sir. I think it is ready.
Captain: Good work. Now click on the fire control icon and let us see how
this works.
Seaman: Clicking now, Sir.
[another long pause]
Captain: Why does the fire control screen have a dancing paper clip on it?
Seaman: I have no idea Sir.
Captain: Hmmm, well try clicking on the menu.
Seaman: Aye Sir. Let us see;
Open E-mail, Spam a friend, Mail a Virus, Fire a Torpedo.
Captain: We will spam a friend later. Let us fire a torpedo.
Seaman: Aye Sir.
[another long pause]
Seaman: It is asking us to load the torpedo and to click when ready.
Captain: Torpedo room, load a torpedo in tube number 1!
[intercom:] This is the Torpedo room. The torpedo is loaded Sir.
Captain: Click on the continue button.
Seaman: Aye Sir.
[another long pause]
Seaman: It is asking for a target Sir.
Captain: Hmmm, target the Rainbow Warrior.
Seaman: Aye Sir. Damn! It says the torpedo is low on ink.
Captain: Click ignore. We will get some ink when we return to base.
Seaman: Aye Sir. We are ready to fire.
Captain: Very good. You may fire when ready.
Seaman: Firing torpedo Sir.
[another really long pause]
Captain: Well?
Seaman: I am trying Sir. Nothing is happening. Wait a minute....
[a loud explosion is heard in the background followed by screaming on intercom]
Captain: WTF was that?!?!?
Seaman: Captain! A new screen has appeared! Outlook Express Fire Control
has performed an illegal operation and will be shut down. Click 'OK' to
continue.
Seaman: Oh my God! The paper clip has died! What should I do?
Captain: Shut it down! Shut it down!
Seaman: It is not responding Sir!
Captain: Try 'CTRL-ALT-DELETE'!
Seaman: Aye Sir. We are in luck! The task manager is still operating. I am
instructing the task manager to shut down Outlook Fire Control.
[another long pause]
Seaman: The task manager says that Outlook Fire Control is not responding.
Captain: Well no shit. Tell it to 'end task'.
Seaman: Nothing is happening Sir.
Captain: Try 'CTRL-ALT-DELETE' again.
Seaman: Aye Sir.
[sounds of frantic pecking on keyboard.]
Seaman: Oooh! What a pretty blue screen!
Captain: Holy Shit! Not the blue screen of dea....
[ KABLAM! A really big explosion. More screaming and the sound of rushing water.]
The tape ends at this point. During the week long rescue effort, divers
reported hearing tapping in the form of Morse code coming from survivors
inside the damaged sub. The rescuers couldn't understand why a group of
men would spend the last of their strength tapping out "Windows sucks" in
Morse code. The tapes of the last moments of the Kursk may offer some insight
into this.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
It seems michael has forgotten to include the link to the original article on the Wall Street Journal - it's here - login 'slashdot123' passwd 'slashdot123'. Very long, comprehensive and insightful.
Richy C.
--
This reminds me very much of a point I have
frequently made to a friend of mine about
the security of his network.
He had claimed that he didn't need to worry about
security because his networking folks had
provided a very secure firewall.
"Really," I said, "Do you have any Windows
boxes on your network."
"Yes," he replied.
"Do they run Outlook?" I inquired.
"Yes," he replied.
"Then why do you bother to run a firewall at all?"
I went on to explain that anyone could infect
Windows boxes behind his firewall via email
(which almost every firewall in the world
is configured to pass). Once infected this
Windows box could subvert his whole network
and tunnel anything it needed back out via
SMTP (we do after all, have examples of
tunnelling IP via SMTP).
My friend thought I was nuts. Seems that something similar happened to Microsoft itself.
Guess I'm not nuts. There is no network
security on a network which has Windows
present.
-
The Wall Street Journal via MSNBC
- CNET
- MSNBC via ZDNet
- Reuters via Yahoo
- The Register
Also Happy Microsoft Day:- Wall Street Journal via MSNBC
- Reuters
- CNNfn
- CNET
- Newsbytes
- AP via ABC News
- Reuters via Excite re: Microsoft Stock Price
- http://www.symantec.com/avcenter/venc/data/w32.hl
l w.qaz.a.html
- F-Secure's Qaz description via datafellows.com
Hope this helps.Sigh. That thing on your desk is not a computer. It is an amplifier. If you are smart, it allows you to be very, very smart. If you are stupid, it allows you to be very, very stupid. Outlook allows folks to be very very stupid bigtime. When anyone who has any DP skills at all is in big demand, sooner or later, you will find someone who you have hired that is going to amplify their stupidity bigtime. You don't hand your car keys over to your 10 year old, but many places are doing the equivalent with Outlook, and other M$ products. I personally feel that the risk/reward against a tightly coupled rice-pudding OS/Application model such as M$ brings out. I shed no tears that they have been given a dose of their own medicine...
[whois.internic.net] Whois Server Version 1.3 Domain names in the .com, .net, and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
MICROSOFT.COM.IS.SECRETLY.RUN.BY.ILLUMINATI.TERROR ISTS.NET
MICROSOFT.COM.IS.RULED.BY.HACKERJACK.COM
MICROSOFT.COM.INSPIRES.COPYCAT.WANNABE.SUBVERSIVES .NET
MICROSOFT.COM.HAS.NO.LINUXCLUE.COM
MICROSOFT.COM
To single out one record, look it up with "xxx", where xxx is one of the
of the records displayed above. If the records are the same, look them up
with "=xxx" to receive a full display for each record.
>>> Last update of whois database: Thu, 26 Oct 2000 06:47:54 EDT
The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and
Registrars.
You are only popular on the Internet.
"Have you heard of XYZZY Smirnoff?"
Looks like Microsoft is finally becoming serious about open source.
:)
--
If it's a outside job and the crackers beat MS' secuity, now the whole world+dog knows that MS software sucks in protecting data.
From all the articles, it looks like this was a Trojan that may have been secreted during the execution of some email attachment. Knowing MSFT, they'll probably spin this as a virus similar to Melissa or ILOVEYOU and the general public will stop blaming them.
After all, no one is calling for their heads after Melissa and ILOVEYOU even though the main reason they caused so much damage is the lack of security built into Outlook and the ease of using Virus Building Script. Instead we'll probably get a lot of hacker crackdowns with this breakin, perhaps another Kevin Mitnick type case where he got reamed for seeing Sun's Solaris source. It's very possible to see the culprits doing massive jail time for supposedly causing MSFT zillions of dollars in lost revenue by merely looking at the source like Sun did with Kevin Mitnick. This is especially possible in the current climate of UCITA and the DMCA. I wouldn't consider that a win, would you?
Second Law of Blissful Ignorance
Bah humbug!!
When are people going to learn to use SSH???
I use it on my own local network at home, even behind my "invinsable" linux masq gate.
jonkatz@slashdot.org
All it says is they had access to stuff... and sniffed passwords. What evidence do they have that these 'blueprints' were stolen?
And they continually talk about whether stuff was modified.
And they think that this might be a 'data hostage' situation.
Hardly. I think said hackers would simply distribute the source around a bit then post it to usenet. THAT would be cool.
You're allowed to use your editor of choice and cut and paste...
Andy Armstrong
Now there is an elegant solution. Who would have ever thunk of that. Well, it is true, human is an adaptible animal, he can get used to anything if he applies himself.
I think I got it, it's all a marketing strategy. Okay I have no clear idea of what MS is trying to prove by making that announcement. But after all the interviews and tests to pass to work as an MS programmer, it'll be unlikely that a programmer was dumb enough to open an attachement especially if he doesn't have any anti-virus software installed. If that's true, such an employee should be fired and MS should re-think their hiring techniques. Or maybe MS is planning a good excuse to go Open Source?
Local root exploit are quite common, and tend to be fixed late compared to remote root exploits. Some admins think they should only mind about remote exploits because they trust their users.
Statistics show how wrong they are. And even if you can trust your users, can you trust what they get in the mail?
____________________
Ni!
What's with all the negative noise here!
They were probably well intensioned Hackers trying to fix bugs in M$ code!
They can't legally see the code, so they did the next best thing!
-- "To ask a question is to show ignorance; Not to ask a question means you'll remain ignorant."
This is exactly the same thing that happened to AOL a few months back. A trojan opened up a connection from the inside of the company.
Working for a blue chip company I can tell you that users are responsible for virus protection here (and very few use it). Are there any IDS systems that detect these trojans?
If the trojan sent out an encrypted email it would make finding it very difficult. I'm sure they just establish a connection through port 80 or some other common port. When I was an exchange admin. we caught trojans incoming on the server before they got to users.
If the Windows and Office source code starts circulating around, coder may just start coding stable apps and improve it since they'll have access to *everything*.
Bah, some dude in Scandinavia or Russia will release an open-source distro of Windows and we'll all end using and praising it... Imagine that, the Ultimate Revenge(tm)! MS forced to embrace OSS or else they die! Haha! Some are already creaming their pants, I know that for sure.
Linux is in danger!
/max
-- It's always darker before it goes pitch black.
In other news, the Windows Development group reports fewer bugs and longer uptimes than ever...
Jeff
From what the MSNBC article said, the crackers initially got access because some poor MS employee inadvertantly ran a trojan email attachment, then did some sort of password sniffing.
It should now be completely clear that attachment-running programs such as Outlook are dangerous and should not be used by any business which has sensitive data, i.e. any business at all. Any business which jeapordises my personal privacy by using such software is acting negligently, just as if they left their locks unlocked and their safe open at night.
I wish I could say that this marks the beginning of the end of such "back-door enabled" software. However I fear that this will not be the case.
perl -e 'fork||print for split//,"hahahaha"'
Of course, this seems to be more or less happening naturally without the source!
PJRC: Electronic Projects, 8051 Microcontroller Tools
The Linux security *model* is weak in comparison to NTs. It's just that NTs is more easily circumvented. If Microsoft plugged the holes a little more, NT security would theoretically be better than Linux.
/proc/ports/incoming/8080, and /proc/services/http [for stateful inspection]. The user gets the most restrictive permission applied to them. There's probably flaws in that system [it was thirty seconds of brain work], but the concept remains.
RWX permissions offer no fine grained control, and should have been abandoned years ago. There's absolutely no reason Linux should be using this security model besides legacy support. The hazards outweigh the advantages.
Unix provided the basis and way of thinking for most modern operating systems. Some, [or even most] brilliant OS ideas came from Unix. But rwx permissions wasn't one of them [neither was the backspace/delete difference]. In fact, rwx permissions often mean things end up being less Unix like. POSIX even has provisions for ACLs.
On of the Unix fundamentals is that many things should be represented as files. Another is that of code-reuse, and uniformity. But since rwx permissions provide such pathetic granularity in security, many applications, such as Squid and Samba are re-implementing their own security models because the current system is to basic. This is both a kludge and a security risk - more implementations mean more fronts to fight crackers on, and makes things hard to manage. Most serious level DOD certifications require the use of ACLs [among other security measures, like Domain Type Enforcement and Capabilities].
Another example would be firewalling. Let's Unixify it - make it into a file. Set ACLs on
rwxs is pathetic. Multiple security implementations on one platform is a kludge. People using an account which has full access to the system is a security risk - let's distribute administrative load to priviledged accounts. `root' sucks. Sudo is a kludge. Deal with it.
Yes, implementing ACLs on Linux will break things, but so has a stack of other things [the change in binary format, various GlibC bits and pieces]. In those instances the benefit was worth it, and it will be again.
Works already been started. Get involved. ACLs for Linux 3.0 If you can think, stew about it with compatriots on your mailing lists. If you can hack, then take the time to look at some of the work and discussion by hunting for Linux ACLs on Google. If you have a project, think about the security implementation, and design with the future in mind. If you work for any company that wants to see widespread corporate use of Linux [which is assisted by shiny things like DOD certifications], then fund the damned think. And thanks for listening - especially if your name is Alan, Richard, Theodore, or Linus.
POSIX ACLs for Linux 3.0, let's do it.
Yep, just like every story published out there did.
You and I and probably 99% of the readers of this site can differentiate between the two, but the media can't/won't. Why waste your time preaching to the choir? Try to convince the media. 'course you'd probably have more productive results converting lead into gold.....
Personally I've given up on the VERY old argument of hacker vs. cracker. I have better things to spend (ok, ok, waste) my energy on.
---- The price of freedom is eternal vigilance. -Thomas Jefferson
? I don't get it.
YOu can select 'run attachment' from just about any mail client. How is this bad? It's a USER CHOICE to execute something mailed to them.
Whether or not it's a script is not the point.
I agree, it was stupid to have scripts that executed off a single click (a-la those trojans a while back)... so you didn't have time to think...
You'll be issued a ">" prompt. Type in the domain name (e.g.: "authorize.quake3arena.com", "slashdot.org", etc.). The IP address of the domain name is returned in the very last line before the next prompt.
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
but the real culprit is Outlook.
How do you mean its outlook - any program which makes its way onto a Windows computer has the opportunity to do this. A diskdrive is as big a security hole as is Outlook. Period. You dont need Outlook to do this. Patching outlook to not receive attachments will not solve this problem.
We could write a prog which used whatethehellever *.DLL offers the API to send email. If some goober executes any code on a Windows computer it can do anything it pleases. No one will argue differently - because the OS has NO INHERENT SECURITY
Re-writing Windows is necessary to fix it.
Well if you want to invest in St. Petersburg check out the web site. They have a VC forum called "BRAIN" that was launched yesterday. Just look for any interesting new projects for a "Windows-like Operating System" or a "Fully capable Office equivalent" for Linux.
The guys who have stolen the code are going to be in deep dodo. There are people in St. Pete that Redmond can place under contract who don't know that "Terminate and Stay Resident" is to do with computers. This kind of 'service' can be obtained for less than $1000.
However once a trade secret is disclosed, life gets very difficult for the owner of the secret. No business advantage.
Anyway, when I'm nect in St. Pete I'll ask them if they have and Windows Source CDs at the black market. The binaries sell there for $2 per disk.
On the servers at work (NT), admin NEVER checks email, and is almost never logged in. The superuser account would never run any unchecked binaries period. If I get a questionable attachment (happens pretty regularaly), I forward it to a dummy user account that has no rights. I also keep my virus scanner up to date. If you're going to run one that's 3 months (or older), then don't even bother!
the earlier story about Wine running Excel and Word takes on new meaning.
Lacking <sarcasm> tags,
Then again, nah. Microsoft probably used source control to remove the patches...
If you read any of the above articles before posting, you would know that there are several uses for it.
1) Use the source to find out what new features are being added into windows, this can be used by competitors to either get their products compatible before others, or add features into their product before MS adds it directly into Windows.
2) Try to sell it back to them
3) Compile a "Warez" version of Windows (haha yeah right).
Anyway, there have got to be more uses for it than this. One post above mentioned putting it on Havenco and letting the world read it
"... getting hacked just as we face more and more legislation against hacking."
... while again someone used word "hack" instead of "crack".
hany
as of last check, 11:02EST, MSFT was up over 2points. This just proves, to me anyway, that wallstreet is as delusional as Bill G.
Hawks
"Developers are the redheaded bastard step children of the computer world",
in anima Apparatus
Yeah, then their emulator will be great.
And MS didn't pick this up? On August 14, 2000, PC Mag ran a story on this trojan and only rated it a 5 out of 10 for harmfullness. WTF?
Pay no attention to the man behind the curtain with all your metadata.
It's not as if they stole anything valuable, is it?
They will document all of the 'secret' API calls and publish them so that the non-M$ world has a chance for developing WinApps...
Has anyone take a look at MSFT stock chart? It's rising!
Well Windowzers nothing to worry about. It were Microsoft partners who sneaked the code.
Microsoft partners:
"AAAAAAAHHHhhhhhh. AT LAST!!! Now we can get a look at that dumbiness of kernel exception that has been segfaulting our code for 10 monthes and get a fix for it...
Hello? Mr. Investors? We finally get a solution to our problems. This time code will be stable and fast. Soon a new set of fresh killer-apps will be on the market. So Windows will still live for some time...
Investors:
Ok Dealers NOW you can buy some of that M$ stock."
Now MS gets to know and understand, firsthand experience, just how negligent and slipshod their products are designed which allow too easily the insertion of backdoors via automatically executing email attachments. I have no pity.
I'm surprised I haven't seen an messages in here about the REALLY funny and ironic part of that story.... It was an *email trojan* that allowed the crackers to get access. The exact weakness that everyone has been bitching at Microsoft for months about (ever since ILOVEYOU and MELISSA).
This *should* (but probably won't) make it clear to everyone why email trojans are really dangerous! (particularly for MS-OS's!!
...especially as all the work is already outsourced >:)
---
"What, I need a *reason* for everything?" -- Calvin
Free PC version of ChipWits at http://www.breueronline.de/klaus/chipwits/
How does Microsoft KNOWN that the hackers
have only had access for three months?
I have yet to hear how they are establishing
this claim (which is largely how they are
defending themselves from suspicion of their
code base being corrupt).
Yeah, except this joke is older than Microsoft and used to circulate at IBM for their OS's.
Old, old, old and tired joke.
No problems. Why all the bitching?
Linux source code have been available for a long time and nobody is worried . Is microsoft worried that people will realise how crappy their code is if they see it?
"Failure is not an option, it come bundled with the software"
Ah, yes, evil hackers from Russia stealing the "software blueprints". Smells like the plot of a James Bond movie.
"And now, Mr. Bond, by altering the blueprints I will be able to take control of every desktop computer on the planet! I'll have an entire cybernetic zombie legion at my disposal!"
"We're one step ahead of you, Smirnoff. Office is a very fragile piece of code. Change even one line and the whole thing will come crashing down like a house of cards. The worst you'll be able to do is crash every computer. And who would be able to tell the difference between that and the way Office normally runs, eh?"
"Curse you, James! Now I'll have to kill you by an incredibly intricate device which you'll no doubt escape. The only way out of your cell is to cross this tile floor. Land mines are hidden under nearly half the tiles. Fancy a game of full-contact Minesweeper, Mr. Bond?"
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.
We are confident that the integrity of Microsoft source code remains secure.
The next stable release of Wine should run the entire Microsoft Office suite pretty nicely...But don't use Outlook, you wouldn't want a nasty email attachement getting through...
Remeber the Mircosoft ad that was posted on /. a few days ago.
hmm... for fun I enjoy launching DDoS attacks against 127.87.42.5
CNET : News : Entertainment & Media : Story
-----
If Bill Gates had a nickel for every time Windows crashed...
I would like to say that if M$ can't protect their own data, what makes the end-ms-user think he can do it better? All those people out there running M$ products are probably crying their heads off, becuase they know they can't protect their own data.
I had to ask this question, and im sure many of you are probably asking the same thing. 2000 is a poorly built OS, I hope whoever stole it will take it and build it better.
Ignore the Anonymous Pissant trolls !!!
Okay then..
With this news in mind, can someone explain why MS shares have gone up nearly 5% so far today?
-- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz
This is endemic to Microsoft. Take this quote for example:
"Thursday, people familiar with the case said the company was meticulously examining every computer file on the compromised network that was modified for any reason during the preceding three months."
And exactly how would one know which files had been changed within the last three months? If a system is compromised, one must assume that ALL files have been maliciously modified unless they have some sort of secure checksum app like Tripwire. Backup tapes should not be trusted either. Who knows if you were backing up altered data...
--
*Condense fact from the vapor of nuance*
25: ten.knilrevlis@wkcuhc
*Condense fact from the vapor of nuance*
If the code for Microsoft's products -- especially OSes such as Whistler -- gets out, then you could expect to see bogus alternate versions making the rounds. Unsuspecting warez kiddies could be installing copies of Windows that contain trojans galore. Some of this bogus software would surely find its way onto a few company networks, which would then be vulnerable to any number of creative exploits. That is, even more than the usual ones that IE so generously affords.
So do this mean we will start seeing t-shirts with MS source code on it, like DESCSS (whatever it is) code?
That would be cool.
I want a full body suit printed up with Windows ME code.
Uh um, I take that back, some Linux zealot might hit me with their car..
I am a Linux zealot FTR. I don't hit people with my car (on purpose) any more.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
You know, your post would have been +5 in my book if only you had left out the generalization of all Slashdotters. This is one comment out of 400+ so far. One. Go ahead and flame that loser back to hell, but don't you dare lump me (and all the other sensible people here) in with that kind of crap. Appealing to some false majority won't get you anywhere...
--------
-------
"Every artist is a cannibal, every poet is a thief."
As someone in the IT consultancy business I can tell you now that this is going to send a lot of shockwaves through the ranks of middle-managers and CTOs who consider themselves tech-savvy because they know what IIS and how to add a new printer to their machine.
Microsoft has always made a big point of claiming that they run their own products to ensure rock-solid reliability, which is why they recently moved Hotmail over from BSD to Windows. But now, people are going to worry, and it's going to affect the whole industry, not just Microsoft. Confidence will be eroded, and the only winners will be people like me who advise on setting up mission-critical platforms in exchange for large amounts of $$$.
But what of the missing source code? This gives Microsoft a huge weapon with which to engage in legislative and legal warfare with evil hackers who were involved in this backdoor penetration. There's already a fear of cybercrime in the air thanks to people like Eric Corley who consider it to be 1337 to give away people's secrets and break the law, and this is going to fuel that fire.
Microsoft can sue anyone who looks like they have a copy of their code (Wine), and what are they going to do? Nothing, open source can't compete on this level unless it incorporates itself under law, and the pseudo-communistic rantings of gurus like Stallmann will prevent this from ever happening.
Well guys, see you in court.
Jon Erikson, IT guru
Actually, when I tried out the network edition of Colel 1.0 ( the one you find on magazines and on the 'Net), I was astonished to find out that the installer did not ask for root password ( I guess it was considered too complex a concept for newbies to grasp). As a result my box was perfectly installed - and anybody could became root with no password.
Not a big thing, for a unix/linux user - but I would not be surprising if Corel users are still surfing the Net without protection for their root accounts.
Ciao
----
FB
Maybe we'll finally get some NTFS drivers that don't trash your filesystem. I hope these guys do post it.
--- If something doesn't feel right, you're probably not feeling the right thing.
yep I got it. MS will soon be releasing their own Linux distribution. Many of MS employees have been pushing for it. And after all the studies, MS finally realized they may be able to make money with Linux.
Whistler : Looks good, newbie friendly, great features
Windows Server : Rich with features, easy to maintain, easy to use, great for small businesses and some big ones
MS Linux : an OS for security conscious people, great as a webserver, firewall, router, etc.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXL
Michael
http://www.buymeasportscar.com
http://www.buymeasportscar.com
No, really! I'm serious!
Nice to see Bill finally being shown how unsecure Windows really is.
If nothing else i hope this incident will get microsoft thinking more about system security in the future.
No. It's just about the software which comes with NT and Microsoft sells for NT and everybody uses on NT. An equally stupidly-designed UNIX mail reader would be equally bad. But most UNIX systems don't use such software.
perl -e 'fork||print for split//,"hahahaha"'
Are you saying that first I have to inhale, and then exhale, and then inhale, and then exhale again, and then think about what I want to write, and then move my hands to the keyboard, and then start typing, and then hit the backspace key when I mis-type, and then keep moving my eyes back and forth, and then shift my feet under my chair, and then remember to breathe again, just so I can respond to some inane post on slashdot...
Still, you have a point that we could improve the interface rather than make other people accomodate. However, HTML forms are rather limited which makes the interface designer's job difficult: What about those with 640x480 resolutions for example? The comment box looks a lot bigger on their screens.
Just what we need. A high-profile company that has decent lobbying skills getting hacked just as we face more and more legislation against hacking.
And this on the hells of the story below about pushing for more UCITA support. crap.
---- The price of freedom is eternal vigilance. -Thomas Jefferson
Lets see, if Microsofts source code is posted all over the web, Microsoft would start a massive campaign to protect its intellectual property. 1. MS goes through StarOffice, KOffice, AbiWord code. 2. MS states that your "search and replace" code looks just like our "search and replace" code, you must have used our stolen code. Please remove it now. 3. MS gets a judge to believe that other closed source programs contain stolen MS code. Judge allow MS to view the closed source code. MS uses that info for all kinds of bad stuff.
http://www.windmeadow.com/
Maybe they were just trying to figure out how to make the paperclip go away?
Segfault has some underreporte d details in its coverage :)
Right. Because they've always been so reliable and trustworthy until now.
It doesn't look like it; the news articles seem to imply that it was just some low level accounts cracked and just read-only access to anything important. (Yeah, like they could slip an extra bug into Windows source code and anyone would notice)
But that wasn't my first thought. That headline, "Microsoft cracked", is terrifying! Are all the Windows users here keeping their systems up to date? If you aren't, you're probably vulnerable to the new "Win9x doesn't always check whole SMB passwords" bug, the old "malformed IP packets confuse the hell out of Microsoft engineers" bugs, or a whole plethora of Outlook exploits (including a buffer overflow when email is downloaded, so turning off previewing and javascript won't help).
But if you are keeping your Windows box up to date, then you'll be one of the hundred million computers that get 0wn3d by the first person to crack windowsupdate.microsoft.com and stick in a trojan. This isn't just a Microsoft problem, of course; every OS vendor (even taking the broadest definition of "vendor" for Debian people) keeps their repository of updates, and all the good ones have an easy way for users to sync with those updates.
I still think that Windows Update, and the idea of autoinstalling security updates from vendors in general, is a good thing; it certainly beats having millions of exploitable computers hanging off the net. But that central download source then becomes a central point of failure for your operating system security; God help us all if Microsoft ever really gets cracked.
It's funny that none of the articles raised any issues of how this affected any networks that relied on MS servers for security. They all managed to pick up on the industrial espionage quote though.
M$ will now overhaul their security architecture (yeah I know alot of poeple think don't have one).
It will also make many of their customers think carefully about implementing a proper security policy as well.
IMHO this will be a good thing for the world as M$ will finally have to do something more than just issue patches...
Bottom line of this event is human error.
It doen't matter what OS are you having AFTER Firewall as long as stupid human error is not involved in "Network Design".
Human error is main issue here, you may ask why? Simple, if you are Network Admin of Microsoft Network you are really stupid if you leave enabled direct communication between WORLD and local host on network (remember official story of how breakin happened, trojan -> connection from NET -> spread deases...).
What happened with "Bastion host(s)", "Demilitared zone", "Network Address Translators", etc.
Igor Loncarevic
One can customize here anything one can think of, and then some, when dealing with displaying the threads. That component is one of the better thought out than any I've seen. It doesn't seem beyond the current technology to have an extra checkbox on the customization screen to select small or large edit box. And if the author of this component really gets creative, some day we even may get the medium size option, too.
How many of you out there have considered this to be all one big Microsoft conspiracy ?? think about this: Microsoft are facing the DOJ about their monopoly and so forth. Microsoft may have even gone as far as to release a dodgy version of it's source code, and setup for a "hacker" group to download it. (whether this "hacker" group are employed my MS ??). If this dodgy version of it's source code gets out ... then when Microsoft appeals to the courts, they will try and rule the case obsolete, as all the company secrets and source code are out. ... well that's my 2c worth n e way :-)
Oh well, I have not installed windows on a machine in more than 2 years. Will not be doing it again anyway.
Friends don't help friends install M$ junk.
With all the weight M$ has, I am sure they probably have a lot of influence regarding these concerns in the national and internation world. Now they can use it to say, "Hey look what the mean old nasty crackers did with public information, we must do away with all of it/censor it/arrest anyone with the info...including all the wonderful known bugs."
Is it just another coincidence, that the major coverage of both stories comes from MSNBC...hmmmmm...
BreezyGuy
Eric B
ebresie@gmail.com
But I think this raises a lot of questions.
Sun is pushing for sourcecode both in the EU and US. They feel the right to "steal" other sourcecodes.
Why do people think that stealing is OK to do this?
Why do people think that regaining market shares is legally done by looking into copyrighted sourcecode?
and read an account of the Windows upgrade that was behind the Kursk disaster.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
that all your data is stored on a remote, secure server at Microsoft.
What I worry about is the blatant use of the word "hacker" in the articles. Yet another situation that will put a bad spin on hackers. No matter how many times we insist that the proper term to use is "crackers," they keep coming back with "hackers." Unfortunately, the general public does not hear about the good things that hackers do, such as this or this. If only the media would not blur the line between the two.
Oh, and did you notice that in the articles about M$, it almost sounded like they were talking about a country. You could substitute "nation" in for "company", and it would still make perfect sense.
Vote Libertarian. The only party that wants to treat you like a grown up.
Tired of sitting at that karma cap? Start a flame war today! See just how low you can go!
According to Steve Ballmer, "I can assure you that...the source code...has not been modified or tampered with in any way." Damn.
Can I bum a sig?
I'd like to jump into conclusions. Bear with me for a second here.
Say that the recent high profile cracks (a.k.a. hacks) are only the beginning of a tidal wave, where companies are attacked for fun and profit. The world cries for help, and out goes the countries (US and Europe, for starters) and
What will happen? At first, things will look promisingly better:
- Hacking sites will be banned and closed. The few which will remain will go on-line and off-line quite a bit, and spend their time mirroring and evading law enforcement
- The script kiddiez will be gone! What used to be a game will have some kids arrested, and the rest will be scared s***less and cease to function
- High profile cracks will become the sign of stupidity, as the cracker is sure to find the feds outside his place in a matter of hours
But in the long run, we will start to see, IMHO, deeper influences:- Underground groups would form. They will use the Internet for communications, just as before, but will probably be more closely-knit and use steganography and/or encryption as standard means for communications.
- Most of these groups would be benign, acting with the spirit of true hacking, but some will be malignant secret societies. I'm speaking of highly intelligent people, with the know-how and intention to commit those cyber-crimes, and some form of fscked up ideology about how "we must hurt them to prove they can't touch us".
- All kinds of those groups will work feverishly in research of new technologies to subvert security systems, which will be slower but continue nevertheless, while
- OTOH the security systems development will shift into lower gear. After all, the hackers are gone, right? The high profile dudes are in jail or on the run. Let's leave the door open at night, who cares?
A dark era is coming. Information will be limited to the few who dare have it. The majority will live in the bliss of ignorance, while the few will silently loom in the shadows, waiting for their chance. Some will treat it as a game, knowing they control the power and get high on the feeling. Some will silently slip into places and perform subtle acts which will really pass unnoticed, like long range logic bombs and backdoors. System administrators will grow lax and less educated, while hackers-crackers will rummage their systems undisturbed.Call me paranoid and pessimistic. Flame like hell.