Slashdot Mirror
FBI on the Windows Source Code Theft
Chris Gondek writes "There are various articles about the Stolen Windows Source Code, but today it is confirmed that an FBI task force hunted for a cyber-criminal who posted on the internet source code for Windows which says 'I can confirm that the Northwest Cybercrime Task Force was investigating, FBI spokeswoman Robbie Burroughs said. The posted program is part of the source codes, or blueprints, for Windows 2000 and Windows NT 4.0, according to the company.' "
Can they track torrents? Not that I'm afraid of the Fumbling Bumbling Idiots or anything...
There will be a scapegoat regardless if they find the real criminal or not. After all, Microsoft wants to ease the minds of consumers and investors.
Life is not for the lazy.
The FBI really needs to crack down on this whole Internet thing before the terrorists get their hands on that source code. Good to see they're doing something about it.
In any case, Microsoft's code allows the company to keep its near-monopoly on computer operating systems, for the same reason Coca-Cola guards its secret formula.
Yes, It's very lucky that there is absolutely no way to obtain any MS source code!
Unpretentious Sydney reviews by unqualified Sydney reviewers
Anyone that's a peer in the torrent has your IP address. All they have to do is connect to the torrent and start collecting IP addresses of any peer that sends a piece of the file.
The security officer at Microsoft, Scott Charney, used to be the head of the FBI Cybercrime unit. I'm not sure of his exact title at either position, but I remember him speaking to my college class shortly after he left the FBI and before he started at MS.
I wonder, if as a bi-product of releasing the Microsoft code, that hackers will write more viruses and worms after seeing the source code, if I can sue the person who let out the code because it will increase the time I have to spend securing my system.
I hope the FBI finds and nails this guy. Considering the scale of his/her actions, they should lock up the SOB for a long time. This person should be the person they make an example out of.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
The article says FBI spokesperson said 'It's illegal to download it.'. How can that be? Is it really so? What if your girlfriend downloads a file called 'cookingrecipes.zip' and it happens to contain stuff she did not know - such as Windows source code? Does that mean innocent downloaders can be put in jail?
"[...] As a result, the US software industry loses $US13 billion ($A16.52 billion) a year for counterfeiting and other forms of software piracy." Nevermind that piracy is the reason they have difused so much in poor countries. I doubt that a significant % of people in asia would buy it, if forced to pay the US price. Statistics...
What's with calling code "blueprints"?
The BBCs Bill Thompson says in a recent article:
"In the coverage of the release of the Windows source code we've seen journalists try to describe what it is that has been posted to websites around the net, but those who didn't descend into cliche seemed only able to use the most misleading metaphors.
Perhaps the most common is to describe the source code as a "blueprint", presumably because we've all seen movies in which architects pore over blueprints of buildings under attack, or because middle-class readers all have the blueprints of their extensions carefully filed away.
But source code isn't the blueprint: it is the thing itself. The source is the set of instructions given to the computer that, when executed, cause the behaviour we see on screen."
Aha. Microsoft gets one of its sock puppets to expose some obsolete source files of an old version of Windows, and has them do it on a Linux box in order to make it look like Linux is as shaky in the security department as Windows. My God those people are Machavellian. I'll bet some of the same people behind the fake Mars landers are behind this.
Why would the FBI care unless the source code had all the secret gov't backdoors plainly visible? :)
Chris
but at freenode a guy said he downloaded the source in one of his company computers and on the other day the admin/root got an e-mail from Microsoft with a warning and the IP which did the illegal download.
As one have already said here, the best thing to do is to stay away from that file.
You'd think the FBI had some sort of pro-corporate bias!
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
It was only about 5% of the source that got released so we'll only see about 20 backdoors.
>..is part of the source codes, or blueprints,..
or punch cards (just in case you still dont get it)
REWARD
Have you seen this code:
MOV AH,09h
Believed to be part of a larger gang of code, this fragment is guilty of initialising a register for potentially illegal or disruptive purposes, notably the dissemination of disturbing messages or misinformation. Older intelligence indicates that the code was often seen accompanied by its partner:
INT 21h
But now believed to be part of a larger organisation.
AT&ROFLMAO
There has to be intent. If you set out to get a copy of the source code, then you're breaking the law.
So, anyone happen to have a torrent link for this "cooking_recipes.zip" file?
I think there will be a lot of wraith unleashed onto p2p again. Like "See? all that p2p is good for is piracy and theft" And the best thing we can do for p2p's sake is not to download the thing. Unless your "sometext.zip" happens to be the NT source code.
Yes, while Linux only sees 1 kernel exploit every few months, AND we have /full/ source.
The Yasashii Syndicate ||
Revenue at 11. --- "What is your fascination with my forbidden closet of mystery?"
1888 Franklin St.
Why does a magazine called "PC World" write idioticisms like
Yeah, blueprints is kind of weird.
One thing that really peeves me is that in all other industries, when you get a copyright, you are supposed to "publish" your work. But for software, you get a copyright and you don't normally publish your source code.
5% of 63000 is 3150.
:-)
(c.f. Bugfest! Win2000 has 63,000 defects!
MSHTML.dll for those that don't know is the heart of Internet Explorer , (iexplore.exe is just a wrapper for mshtml) prepare for some exciting browser exploits , Winsock should ensure there is plenty of fun to be had with windows networking sockets
and don't forget MSPaint was in the source tree so Adobe had better watch out
What went wrong with the US law system? Microsoft is finally in compliance with their anti-trust regulations, opening up API's and stuff, and now the FBI is investigating that? ;-)
my other sig is a 500 page novel
Excellent explanation
After reading the article, I can only say it's pure PR speak, factually error prone, and more than a bit slanted. Perhaps this paragraph explains the timing:
"The announcement of the leak came on the same day Microsoft pushed in Washington for tougher anti-counterfeit legislation in the United States and worldwide, saying pervasive pirating of computer software was hurting the industry."
Given that any number of companies and computer professionals have access to Windows source for various reasons, it's not unreasonable to think that occasionally chunks of it appear in the wild.
And certainly a lack of source code hasn't slowed down the virus and worm industry.
Consequently I have to assume that this story is just a way for Microsoft to build support for even more draconian anti-piracy and DRM laws.
As a post-script - the original post and magazine link should be modded +5 funny at best. It's really quite pathetic.
Three Squirrels
..just for the sig :P
I don't feel bad for Microsoft, but I do feel bad for Windows using consumers. They are the ones who will feel the brunt of this, should any virii arise from the leak.
Among other things, the zip contains the source code to Notepad (you always wanted that!) along with an intriguing bugcodes.txt file that explains a lot of bluescreen/stop errors in more detail than you'll find anywhere else.
G Kv54~o6A
E MG Kv54~o6A/windows_2000_source_code.zip
File: windows_2000_source_code.zip
Key: CHK@JANQuMJMYGNWPVWyfwBwyXPsgBwPAwI,LeWue01uUKoEM
Bytes: 213748207
CHK@JANQuMJMYGNWPVWyfwBwyXPsgBwPAwI,LeWue01uUKo
Of course if you don't have Freenet yet (what are you waiting for?) you'd do good to visit http://www.freenetproject.org.
ed2k://|file|MSDOS_6.0_Source_Code.zip|21107046|8F DE89245233B5F0501C6817BFF48C6C|/
I can hear them laughing from here
'Blueprint' implies a map of something, but the 'something' in question would be software. Software can hardly be a map of itself.
A better - the only accurate - simile is DNA: precise digital instructions for building, assembling, (called 'growing' in organic circles) or otherwise the virtual machines we call 'applications'.
Blueprints are much, much too abstracted compared to software.
Counterfeiters don't want the source code, they just copy the binaries and maybe a hack to circumvent registration.
"Computer activists" even less so -- copying Windows code would poison any GPL project.
In any case, Microsoft's code allows the company to keep its near-monopoly on computer operating systems, for the same reason Coca-Cola guards its secret formula.
True; but the reason Coke and MS have near monopolies is because of marketing, not innate superiority of their products (Pepsi wins most blind taste tests; Macs win all usability tests).
In parts of Asia and the former Soviet Union piracy rates approach 90 per cent, they said. As a result, the US software industry loses $US13 billion ($A16.52 billion) a year for counterfeiting and other forms of software piracy.
Debatable; but irrelevant anyway.
The US Congress is considering legislation designed to close a number of legal loopholes often allowing counterfeiters to get away with their activities, specifically prohibiting trafficking in genuine authentication components.
Again, the idea that this will make piracy more prevalent -- it will have no affect at all on MS warez.
--CTH
--Got Lists? | Top 95 Star Wars Line
whats the big deal?
Its just heaps of crappy buggy code that runs some badly thought out monopoly-applications to line the pockets of those investors in Microsoft.
Someone needs to start again. OpenOffice is a good example.
I wonder how many Slashdot readers directly or indirectly get a cut of MS dividends and profits. More than you think....
It amazes me just how much emphasis is placed on financial losses due to piracy. Just because people are using pirated versions of software does not mean they would have bought it anyway! The figure qouted is a "best case scenario" projection of what could have been new sales, but the companies are not actually losing that amount from money they have already earned.
the main functions of law enforcment are revenge and the instillment of fear rather than prevention. they seem to be performing thier function quite well.
"It's so convenient to have a system where everyone is a criminal" - A. Hitler
Could have been. But, as per Occam's razor: it was Windows, since that's the one resembling a many-holed cheese, security-wise. The simplest answer prevails!
It's useless for the vast majority but it's not totally useless. At least it can be used to find some security vulnerabilities. I'm sure there'll be worms based on it but I'm also sure that there will be some helpful anonymous e-mails and patches sent to Microsoft.
Read what you quoted: having eliminated two big possibilities, they probably have a very good idea what happened.
The bonus from this situation is clearly not the free code. It is that we actually get free coporate based entertainment. People would pay good money to see Microsoft cry.
Big it up for Captain X.
Intellectual property, eh!? What intellect? What property? Get over yourself MS.
NT4 (230 Mb)n fo_ha sh=66a26447f563c3dc2336de74ae37dc14d11dd8b9
n fo_ha sh=f03fc1e04869294d5644d3c8c5d0fb8f2d26aa59
http://torrent.spyderlake.com/download.php?i
W2K (208 Mb)
http://torrent.spyderlake.com/download.php?i
Not illegal in China, India, Asia, Europe, Scandinavia... I can hear them laughing from here
Well the defense of U.S. computers does depend a lot on the security of MS-Windows. And Microsoft has said that if the source code were made public then it would compromise the security of Windows.
So...
prepare for the imminent attack?
If you believe what Microsoft said in court, and what the US government said on TV, it might be time to look at buying generators and water filters...
If MS corporate net was really compromised, like BBC reported, the leaker should have posted it on download.microsoft.com.
If it were posted there ( like in DirectX9.1.zip or somesuch ), would they still have legal grounds to hassle the users who downloaded it ?
http://validator.w3.org/check?uri=http%3A%2F%2Fwww.slashdot.org Errors found while checking this document as HTML5!
On the flip side, I've already given up on Microsoft, and want nothing further to do with them or their products, so somebody leaking their code is almost a bad joke to me at this point. The most likely conspiracy to come out of this is that the next version of the Linux kernal will have a cloud of accusations that it derived some of its functionality from Windows 2000 source. (Oh please...)
I guess the ugly part is dealing with the feds out there who are intent on taking names and kicking ass... After all, it's a national emergency! Microsoft's code has been leaked!
Feh.
Many of us have woke up to the fact that you don't need Windows to accomplish your goals on a computer. While the rest of of us are trying to actually get something done with our computers (instead of updating them every 15 minutes), Microsoft is suddenly crying out "Thieves!". Just how does MS come up with these horribly written plot devices?
I am so relieved that the FBI is ensuring the security of Microsoft code (oxymoron alert: Microsoft and security) in order to ensure that our Homeland is Secure. (Oh wait...I get it now...the Dept of Homeland Security did this deal with Microsoft in order to experience massive security problems themselves so they could protect us. I am even more relieved than before).
Interesting. From this, one must conclude that either (a) Microsoft legitimately releases the code to others outside these two programs, but we don't know about it; (b) Microsoft has absolutely no idea how the source was released but is lying through its teeth claiming there was no security breach nor an unauthorized release from its shared source programs; (c) Microsoft leaked the code itself for nefarious purposes (e.g. destroying ReactOS).
We report, you decide.
For anyone who has access to the Windows 2000 source code, check out the following files:
. bm p. bmp
win2k/private/windows/shell/control/bitmaps/std
win2k/private/windows/shell/control/bitmaps/nt
TEH FUNNAY!!!!1
Or does it crack any of you up uncontrollably when someone says "source codes."
When I heard that some moron had stolen the source code I felt very upset for Bill Gates. That man has put his heart and soul into building up Microsoft in to the greatest company in America.
What that pervert did is downright un-American, and I hope that in the fullness of time he is ashamed of his actions.
Unless you use something like Freenet to download.
But even there they can see your IP. There just is no way to prove it was you that did the request, or was just 'forwarding' the request thru your node....
---- Booth was a patriot ----
Coca Cola Formula
We can't seem to get them to respond to infrastructure crime here. Former AT&T towers across the country are being stripped of materials, presumably for salvage, except some are active (and more being reactivated). Value of the materials stripped is well above $5K (many many times), not to mention the cost of labor to replace it.
Local law enforcement has tried getting FBI help on a national crime. No go. Has the FBI become a paid political (read: send your donation here for prompt attention) entity like our congresscritters?
The same 'tools' can be used for legit purposes, like if you are the security admin of a company..
Its your JOB to make sure that you arent vunerable..
But, you have to convince the jury of that....
---- Booth was a patriot ----
All you need is a jury, and explain you were doing something LEGAL, that turned out to be illegal due to the actions out of your control.
..
( this is assuming her recipes were not restricted from re-distribution of course ).
It would be the same case if you went to a legit store ( like a pawn shop or antique store )..
and bought an item in good faith that anyone would assume was legally theirs to sell...that later turned out to be stolen
Sure, they take away the object, but you dont get arrested...
This isnt a matter of 'ignorance' of the law, its a matter of intent beyond your control.
That said, if you *kept* said mis-labeld file, then of course its minor to prove intent...
---- Booth was a patriot ----
The latter portion of the quote relates to how the source code was not released by anyone who had legitimate access to it. The former portion makes it clear that Microsoft doesn't believe that someone actively stole the code from them. What does possibilities does that leave?
Well the defense of U.S. computers does depend a lot on the security of MS-Windows.
If it really is so then why did the government let Microsoft show the code to foreign nations and some universities?
That's what I've been asking myself lately. If it is a threat (like Microsoft itself claimed in court in 2002) to USA then why let them show the code? What's gonna happen if/when terrorists hire hackers to investigate the code? I put the blame on government.
Except for the fact that microsoft's contention is the exact opposite of the truh.
Although we'd have to be living in utopia if all of a sudden sourceforge projects sprang up to patch all the security holes in the Win platform.
Nope. I bet the people who stole the source will just sit on it, or sell it to somebody who wil use it to make their nation's technology that little bit less flexible and more insecure.
This story is a big yawner. Who in their right mind would even look at the code?
A dyslexic man walks into a bra.
Anyone pulling a SCO yet? Comparing the M$ source code to Linux looking for vague similarities.
Now we have the answer why C# has a "goto": microsofties can't code without it.
According to BetaNews, a company called Mainsoft is to blame. They allege that Mainsoft had access to the code in order to develop their Visual MainWin tool giving developers the ability to write Linux and Unix apps from within Visual Studio.
...between the real world and the ideal world.
First, get rid of the real bad guys. Once they are guarenteed to be gone, I'll support locking up anyone who enjoys 'testing' security on computers. Until then, they are a lesser evil made tolerable by their effect on the virulence of a greater evil.
On a side note - how often do you think the locks on your doors help you? I have yet to see a residential door that would stop a good shoulder. My old house had a lovely steel door - in a thin wood frame that would split if you looked at it. Windows break if they can't be jimmied. Only once was my house ever entered because I didn't lock the door - and that was a new neighbour who was mortified that she'd entered the wrong house!
Can we get the FBI to pin down GPL violations too, now ?
Toon Moene.
Apparantly the Microsoft source was leaked by a Pakistani Nuclear Scientist, who was an old buddy of Saddam Hussein and Usama Bin Laden. That is why it is right to trust India rather than Pakistan for our outsourcing. Its a good thing we have bigger bombs than they do.
"Except for the fact that microsoft's contention is the exact opposite of the truth."
Was it not uttered in court? That would make it either the truth, or perjury
You have to be currently downloading from the torrent right? I wonder if these bittorrent trackers are keeping logs? Not that I downloaded it anyway, but just wondering...
DO NOT moderate the parent. Not up, not down, not sideways, nor in any way shape or form. If you mod the parent funny, it can be presumed that you have seen the files in question and have thus "illegally" accessed the leaked source code!
It is not outside the logic of reason to think that Microsoft, the FBI, or someone else may force Slashdot to give up the records of anyone who modded the parent post. We all know that Microsoft has some astroturfies around here. Please DO NOT fall victim to a virtual sting operation...
Don't be ridiculous.
If you read more closely, you would have seen that I mentioned being a 'security admin', which has the job requirements to secure his companies network/servers/etc.. Therefore preventing break-ins is well within his job description. Its what he gets PAID to do...
Instead you just wanted to be 'cute'.
---- Booth was a patriot ----
This code is dated 25 July 2000. The breakin at Microsoft in the year 2000 was discovered around October 27th and in Microsofts own words the crackers were known to have been in the network for about three months.
I submit that the code now making the rounds and the code lost in the Y2K breakin are the same code. I further submit that Microsoft knows that and would dearly love to blame anyone else because of the legal implications of hiding that information from the consumers.
Or at least a better one.. I don't care what the 'state law' is, with a good lawyer and jury you wouldn't have been liable when you didn't know.
Now as far as the $$ being lost, it's long gone. ( same goes if you manage to get a counterfeit bill from a store, you have lost the money, but you don't get charged... )
While I don't think it's fair to punish the 'innocent' parties in such a transaction, that is the law most places. ( though personally, id have gotten my money back one way or another... regardless of any civil court decision )
---- Booth was a patriot ----
Pssst, how about i connect to your SSH server with my SFTP server and we keep that under 4 eyes?
the source codes, or blueprints, Yuck! Please: Spokespersons from the FBI and people from the media - learn to say "code" not "codes". It's like the plural of sheep and hair is still sheep and hair. "codes" are encryption algorithms or something. And the source code for Windows is nothing like a blueprint. Source code is the actual thing we build - a blueprint is a guide for building the thing it describes. For software, the analogous thing to a blueprint would be something like a flowchart.
www.sjbaker.org
10 Bits= $.25
100 Bits= $.50
110 Bits= $.75
1000 Bits= 1 byte
Huh? IANAL, but I believe it's totally illegal here [UK], if only under copyright law.
The source code wasn't stolen from MS directly, but from some third party who had access to it?
USia only jumps the defensless little nerd. They never go to war with people who can defend themselves.
There is an other version... to this case...
The code could it has a fingerprint...
Second and most important thing.
Why??? , it could be a MS Tactic to force a lot of business clients to make the move to windows 2003....
THINK ABOUT IT!!!
I reinstate: there are sourcecodes of Longhorn out there in an 1295mb rar-file on eDonkey. Build 4008 the filename says...
7 f178862|
ed2k://|file|windows longhorn build 4008 source code (partial).rar|1357906140|dba2a19a3c822837ad6ade3b
It's not "theft", dammit! MS STILL HAS THEIR CODE. Stop thinking of it as "theft", information is NOT PROPERTY!
A proud member of the Onion-in-Hand alliance
Presumably the security concept of tagging copies and recording :)
who they issue them to hasn't occured to Microsoft. Their human
resource department must go to extremes to employ morons.
siggy played guitar
I'm surprised nobody has actually commented on the src here, maybe because they noticed the same thing I did - how good it is.
Ever try reading the back of the coke bottle? They used have cocain in it, but had to remove it.
... they were harvesting coca plants ... extracting some coca derivatives, BUT NOT THE COCAINE ... really makes me wonder what happened to all that cocaine ....
As I understand it (sorry I forget where I read this), although cocaine was removed from the formula, Coca-Cola continued to use other flavoring agents from the coca plant for some time (although I gather that today's Coke uses no coca derivatives whatsoever).
So
-kgj
-kgj
Why Microsoft stocks didn't go lower than just 1.34% on Friday?
Microsoft finally has something to say about this.
-I DDoSed your mom.
this reminds me EXACTLY of that, when guy montague was being chsed by the robotic hound, he jumped into a stream and the firemen and the hound lost him, so they went and found some random guy in the street, and killed him brutally just to ensure people would be satisfied that the firemen (who enforced the law and burned houses and books) did their job perfectly..
that's what will prolly happen with m$ as well..
get the wrong guy, the FBI will make up charges and shit on the man and ruin his life, throw him in jail for many years, while the real man goes free, and there's nothing anyone can do about it because thanks to president bush, the FBI has a police-state like power now and they're unquestionable, unless you want to be called a terrorist and be tortured to death in another country.
Yeah, now that the source code is out.. We'll see copies of an OS in stores called, 'Win Dows' or 'Windos' or just plain old 'Window' or 'Microwsoft Windows'
Like going to the border and getting a new 'Shrap' calculator for 50 cents.
p
Lots of files in /shell, and more than a few elsewhere, have no Microsoft copyright notices.
/iexplorer/mainloop.cpp?
Even found one in ntcrypto..
And where is the MS copyright notice in
No copyright notice = contributory negligence = unenforceable i.p.
What this means is that most of the source code to Windows Explorer, and Internet Explorer are now effectively public domain.
I'd like to see Microsofts lawyers argue against that position in court in a court of law.
torrent and Freenet are different things. Torrents are plainly trackable as noted by Bram Cohen in the New York Times, yesterday. Freenet is a very different beast.. read the Freenet page. If someone is saying that Freenet downloads are trackable, it is total FUD unless they give a technical explanation of how it is possible.
It is laughable to think that people still debate whether or not Kazaa or torrent file sharing is traceable. If you downloaded source code from anything other than Freenet while at your home. Start looking for a program to wipe your HDD in case you get a call.
p
If there are any damages brought on by this, then microsoft should be liable for failing to secure the source.
nevermind, I vow not to post before my second cup of coffee anymore. confused Freenode and Freenet. The second part still holds.
p
That's how you get bluescreens, right?
I don't know the meaning of the word 'don't' - J
I said it before and I'll say it again: the globalization MUST be improved. If they want investigations across the borders - they have to remove the borders. That include the freedom to trade across the borders, the freedom to hire across the borders, the freedom to ELECT across the borders, the freedom to immigrate across the borders.
You don't wanna give that freedom to people? Enjoy your useless attempts to sue DVD hackers in Norvey and find IP addresses in Russia.
Remember: there is no such thing as "half of globalization". It either exists givig equal opportunities and freedoms to everyone, or it doesn't exist at all.
Less is more !
Yes someone could write a crawler to see who is sharing the source code (by IP address) .01% segment of the windows source code.
But who is going to go after you for sharing a
And I love the lie Microsoft is trying to play off stating this is only 5% of the code base.
Lies, Lies, Lies or as George Bush once said "Fuzzy Math"
A blueprint is a set of instructions one gives to builders to make a building or a ship. In that sense, source code is a blueprint and the builders happen to be the compiler and the linker or interpreter.
This is my sig.
We may all agree that the law is wrong, but as long as it is not repelled, it does not matter whay we think, a state to justify its existence needs to make that those laws are followed.
This is particularly imortant in a democracy, where it is possible to modify laws if everybody gets off their apathetic/anarchist asses and do something about things.
IANAL but write like a drunk one.
A very high yield coca plant will have 1.5% of its weight as coca, with a normal coca plant at less than .5%. I think Coca-Cola used/uses coca plants that have very little coca in them, so there is less to remove. What is removed isn't actually cocaine, but a precursor to cocaine base (which isn't coke yet either). I was under the impression however that the Coca-Cola company STILL uses the coca plant for flavoring, and they are the only company in the US that can legally import the coca plant. The process is kept quite secret, primarily to prevent threat and/or scandal.
... I can't help but picture mountains of cocaine precursor ... of course, that's an "industrial waste by-product" ... the company probably, uh, burns the stuff ... or dumps it at sea ... yeah, that's it: mountains of cocaine precursor, dumped at sea every day.
Even with a low-cocaine coca plant, given how much Coca-Cola gets bottled and sold every second of the day, 24/7, around the world
In any case, Coca-Coca has no shortage of scandals to deal with, e.g. alleged CIA connections, screwing Bob Kolody, etc....
-kgj
-kgj
Whoever leaked the original code now is irrelevant, the consequences are far more bigger than just the leakage itself. FBI and every law enforcement or intelligence agency around the world should be *very* concerned about who is downloading _now_.
Why?
Let's be prepared now for Windows AQ (Al Qaeda), right from Redmond and a terrorist near you. Given enough code, spyes, terrorists or even corporations (or that jealous cousin you know), can remake core components in Windows and redistribute in order to sniff, crack or destroy whatever they want in Windows computers. This is a far bigger menace than many so toutted terror threats.
How will you differenciate a legitimate Windows version from a cracked one, pressed in legitimate looking CDs? No way.
Also, component substitution can come in any product that simply substitutes critical Windows files. It will perform the normal functions with whichever 'bonus' the cracker wants.
On the other side, on FS, diff is your friend if you're really paranoid about what's running on your computer.
Just a reminder to anybody out there that is doing any kind of development for anything, don't even look at the code because if you do and you are caught, any of your work from this point on can be considered property of Microsoft. If you don't think this would happen look at IBM and SCO. And I doubt any of you have enough money to take on Microsoft, even the DOJ failed, so what chance do you have.
Maybe somebody just sniffed their communications link to an outsourcing site in India?
you may receive a letter like the one below if you pull the file off of edonkey (Windows.source.code.w2k...). this is kind of ironic, because the file downloadeed was a fake.
> Hash: SHA1
>
> J.K. Weston
> Microsoft Corporation
> One Microsoft Way
> Redmond, WA 98052
> jkweston@microsoft.com
> Tel: (425) 703-5529
>
>
>
> URGENT/IMMEDIATE ATTENTION REQUIRED
> VIA ELECTRONIC MAIL
>
> Re: NOTICE OF POTENTIAL UNLAWFUL DISTRIBUTION OF MICROSOFT SOURCE CODE AT:
> xx.xx.xx.xx
> Date of Infringement: Detail below.
>
> Dear xxxxxxxxxx:
>
> We have received information that one of your users as identified above by
> the SITE/URL xxxxxxxxx may have engaged in the unlawful distribution
> of Microsoft's source code for Windows 2000, and/or Windows NT4, by
> distributing and offering for download these source code files via a
> peer-to-peer network.
>
> Since you own this IP address, we request that you take appropriate action
> against the account holder under your Abuse Policy/Terms of Service
> Agreement.
>
> We also kindly request that you forward this notice promptly to the user
> of the IP address listed above at the time and date stated.
>
>
>
> To the user at xx.xx.xx.xx:
>
> The unauthorized copying and distribution of Microsoft's protected source
> code is a violation of both civil and criminal copyright and trade secret
> laws. If you have downloaded and are making the source code available for
> downloading by others, you are violating Microsoft's rights, and could be
> subject to severe civil and criminal penalties.
>
> Microsoft demands that you immediately (1) cease making Microsoft's source
> code available or otherwise distributing it, (2) destroy any and all
> copies you may have in your possession, and (3) provide us any and all
> information about how you came into possession of this code.
>
> Microsoft takes these issues very seriously, and will pursue legal action
> against individuals who take part in the proliferation of it source code.
> We look forward to your prompt cooperation. Should you need to contact
> me, I can be reached at the address above or at jkweston@microsoft.com.
>
> Very truly yours,
> By
> J.K. Weston
Is anyone else fed up with articles constantly referring to source code as blueprints? I think the analogy has been overused to the point where it isn't necessary anymore.
The higher the technology, the sharper that two-edged sword.
Why not comparing SCO's source code to MS's source code? Then, they can fight it out and kill each other. Either way, we win.
Try MUTE http://mute-net.sourceforge.net/
Simple, anonymous, encrypted. I noticed the MS source code was available on the MUTE network yesterday.
Actually you can fake you IP partially (at least in ethernet). Just pick IP belonging to same local subnet so that trafic gets routed to your subnet and then grab packets with that IP.
In practice, it's good idea to wait till some machine is down and then use temporarily free IP. This only works 100% if you know exactly when machine/IP will be down (so it cannot see trafic you generated) and if you can change your card's ethernet address to be also correct. One could also scan constantly to check if rightful owner of IP has become online again but in ethernet everyone can see the scanning.
I'm assuming that folks have taken a look at it.....
IS this the beginning of the end???
The US Congress is considering legislation designed to close a number of legal loopholes often allowing counterfeiters to get away with their activities, specifically prohibiting trafficking in genuine authentication components.
WTF does genuine authentication components mean??
Something stinks here, me thinks there's a fish in the panties...
To me it seems obvious that it is illegal to download the code. At the very least, it is just as illegal as downloading the Windows source code. It doesn't matter if it is compiled or not. It is a work of Microsoft, it is copyrighted and you need explicit consent from Microsoft to use it.
.zip-file containing the (portions of the) source. All the posting with the link said was something along the lines "Looks interesting: " so I clicked it and in the browser I could now see the list of files. I immediately pushed "Stop" in the browser.
However, here's another question: On a Danish news site a guy posted a link to the list of files in the
Did I do something illegal here? I wasn't aware it was the list of files however one could argue that one shouldn't just click away when you don't know what the link goes to. It could have been child porn fx.
Ignoring the issue of knowing/not-knowing what the link led to, is it illegal to download this list of files?
On the one hand, I don't think it is likely to be illegal to create a website with names of tracks on some CD, even though copying the CD itself is illegal and I think this could serve as an analogy to this example.
On the other hand, the file names are still the work of Microsoft and could potentially (but not likely) reveal something about the inner workings of Windows.
WTF is this? Steve balmer with a bitch-stick ?
boycott slashdot February 10th - 17th check out: altSlashdot.org
the jewels of Microsoft's software empire
Ah what a lovely expression. Hope they don't get crushed too bad...
the company which was founded in Redmond, Washington, in 1975
We know where they are today, but years before they were in Seattle, and before that in NM. Weren't they founded in Albuquerque? At any rate, AFAIK that's where they were back then - Altair and all that...
So did it first show up on warez sites or usenet or just suddenly show up on a "pub" (public FTP site) ?
Any idea, anyone ?
OH THE SHAME I fell off the wagon and use sigs again!
They do know where the source was taken from. Files in the archive being passed around indicated that the computer was owned by an exec at Mainsoft. Add, in a nice ironic twist, the computer was a linux box ...
. as p
http://www.eweek.com/article2/0,4149,1526831,00
Granted, we have so much riding on Windows that it being compromised is akin to loosing a national secret, but who is to blame here? If we lean so much on MS's code being secure, why are people storing data on there that could be a probem if the system was hacked?
--pete
I hate stupid people. This journalist is stupid. I hate this journalist.
:) OK, they forgot to add "without permission from the copyright owner".
:)
:) And I would really like to know who the hell are these activists? What, "Americans for cleaner code" or "C coders for forward compatibility"? And he messed up the plurals again. It's source code now, but it "were public"...
:) But since he is, let me just say that nothing like that was written in the MS press release. What MS claimed was that its internal security was not broken (the external security obviously was) and the code didn't leak via two specific programs - Microsoft?s Shared Source Initiative and Government Security Program.
An FBI task force hunted today for a cyber-criminal who posted on the internet source code for Windows, the jewels of Microsoft's software empire.
It hunted today, huh? Did they ride on horses when hunting? Will they stop hunting tomorrow? BTW, what the hell is "cyber-criminal"? And since when copyright violation is a crime? And didn't that idiot know that Windows is the brand for an OS, thus it's not really plural, so it would be jewel, not jewels.
In jeopardy is Microsoft's near-monopoly on operating systems found on 90 per cent of the world's personal computers.
How exactly is the near-monopoly in jeopardy? And while we are trying to understand the sentence, is the near-monopoly found on 90% of computers or is it the monopoly on Windows (i.e. the OS on 90% of computers)?
"I can confirm that" the Northwest Cybercrime Task Force was investigating, FBI spokeswoman Robbie Burroughs said.
What? Confirm WHAT??? Or, the quotation marks moved by themselves, never mind...
"Microsoft source code is both copyrighted and protected as a trade secret," the company said in a statement posted on its website today.
At least he managed to copy-paste the quote... I can't understand what "Microsoft source code" is, though...
"As such, it is illegal to post it, make it available to others, download it or use it.
The quote continues, but the ending quotation marks are missing... As for the MS press release, I really like them saying that it is illegal to make the Windows source code available to others. What did they just do?
The posted program is part of the source codes, or blueprints, for Windows 2000 and Windows NT 4.0, according to the company.
Pluralisation again... Are the source codes similar to cheat codes in any way? The last time I checked it was code. And saying "or blueprints" sounds really stupid. Really. Nobody uses blueprints for software.
Counterfeiters have been trying to get their hands on Windows source code for years. So have computer activists who say that programs could be made to work better with Windows if the source code were public.
Oh, brilliant! I bet counterfeiters didn't knew what they were trying to do all that time. I though they were trying to duplicate CDs MS was openly selling in retail stores, sometimes cracking the copy-protection. Well, now that they got the source code they must be happy and probably will stop counterfeiting.
Microsoft said that its own security had not been breached by whomever did the posting, nor was it released by a series of companies and governments with whom it shares the source code for the purpose of building software to work with Windows.
What the fuck? Let me ponder the absurdity of this sentence for a second. The code neither came directly from MS machines, nor did it come from the series (what series?) of companies and governments who had the code? If I wasn't sure that the journalist is a total moron, I would presume he suspects universities or research institutes, the only remaining category, which was not vindicated.
In any case, Mi
Future Wiki -- If you don't think about the future, you cannot have one.
The action of your president affect me every day but I have no influence over his election.
See my subject and figure out if it feels familiar.
What about using Peer Guardian? Would that help block your IP from the Feds?
- OohGodYeah!
But you can't replace your MS Home door latch. You have to wait for the landlord to feel like doing it. You are only renting the place.
With an Free OS, you can fix the latch yourself if you want to. Lots of people won't, but you can. And you may have a choice of parts to fix it with. You have more effective ownership of the free place, yet you paid for the MS Home! This is the strange, wonderful property (ho!) of Free software.
the same thing, not just business partners.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Apparently, they seek to hire people who are good at riddles, regardless of their other abilities.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
I hope I didn't say that out loud.
I'm waiting for freenet to become a viable technology.
something like this happened, I've often wondered the following: say a die hard MS-hater CS student graduates, and is recruited by MS to become a coder for them. Instead of tellin them to go to hell, why not take their money, grab pieces of the code over time, then when its complete, upload it somewhere on a public filesharing network. But of course you wouldn't do it from work, or from home, but quite possibly by roaming around with your laptop and grabbin a free signal whenever you could. I've often wondered why the above scenario hasn't happened, especially with the increasing dissent of MS. Not saying this a plan or anything like that, just wondered how come it hasn't happened. btw, to find the source to which you seek, search and ye shall find. :)
may the source be with you
Yeah, but you can over analyze the media. Usually it's less than worthless.
h es _quote03.html
Check this out:
http://www.crichton-official.com/speeches/speec
Media carries with it a credibility that is totally undeserved. You have all experienced this, in what I call the Murray Gell-Mann Amnesia effect. (I refer to it by this name because I once discussed it with Murray Gell-Mann, and by dropping a famous name I imply greater importance to myself, and to the effect, than it would otherwise have.)
Briefly stated, the Gell-Mann Amnesia effect is as follows. You open the newspaper to an article on some subject you know well. In Murray's case, physics. In mine, show business. You read the article and see the journalist has absolutely no understanding of either the facts or the issues. Often, the article is so wrong it actually presents the story backward--reversing cause and effect. I call these the "wet streets cause rain" stories. Paper's full of them.
In any case, you read with exasperation or amusement the multiple errors in a story, and then turn the page to national or international affairs, and read as if the rest of the newspaper was somehow more accurate about Palestine than the baloney you just read. You turn the page, and forget what you know.
That is the Gell-Mann Amnesia effect. I'd point out it does not operate in other arenas of life. In ordinary life, if somebody consistently exaggerates or lies to you, you soon discount everything they say. In court, there is the legal doctrine of falsus in uno, falsus in omnibus, which means untruthful in one part, untruthful in all. But when it comes to the media, we believe against evidence that it is probably worth our time to read other parts of the paper. When, in fact, it almost certainly isn't. The only possible explanation for our behavior is amnesia.
I was stupid enough to start downloading a file that may or may not have contained the windows source (the file name had source and windows in in, and had a lot of connections) using an eMule client.
:p
After about 15 mins (and a dozen mb of random parts of the file being transferred) I noticed there were people connecting to my client and grabbing parts of it. I realized what an exposed and horrible position I was in.
I cancelled the client, securely deleted all traces of the file (and the client, just to kick myself). I used a direcway satellite link, which I know logs usage.
What should I do? Pray I don't get sued? I never had enough sequential parts of the file to decompress it, let alone know if it contained any copyrighted material, but it's been written over 30 times with random bits, so I guess thats a moot point...
Opinions? Don't waste your time fear mongering, I'm already there..
It never ceases to amaze me that in this day and age of digital living where computers are as pervasive as Air, the FBI and similar agencies still feel it is neccessary to inform the technological public that "Source Code" is a "Blueprint" for software.
I mean really. Basically the only people who would really be interested in this story enough to be following it would be people of a technical nature who would know what source code is. Does the "Fumbling Bumbling Idiots" (as the first poster put it) really think that people are so far out of touch that they have to 'edumacate' us as to what source code is?
If they were really trying to do a service then they should refer to source code as the 'Building Blocks' of software. The blueprint of software is Pseudo code.
Dorks!
Life is not a rehearsal. Step up!
Not sure if this has already been posted by someone else, but here are some interesting greps on the Win2k source code.
why it takes less than six days for M$ to be hot-n-heavy on the trail of the source of the leak while it takes M$ six months to patch a serious security vulnerability in their source code?
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
Re: NOTICE OF POTENTIAL UNLAWFUL DISTRIBUTION OF MICROSOFT SOURCE CODE AT: XXX.XXX.XXX.XX Date of Infringement: Detail below. Dear ISP: We have received information that one of your users as identified above by the SITE/URL XXX.XXX.XXX.XX may have engaged in the unlawful distribution of Microsoft's source code for Windows 2000, and/or Windows NT4, by distributing and offering for download these source code files via a peer-to-peer network. They are going after each one of us, one by one.. Be careful out there if you happen to be sharing the source...
Actually you can fake you IP partially (at least in ethernet). Just pick IP belonging to same local subnet so that trafic gets routed to your subnet and then grab packets with that IP.
Actually, you cannot do that. BT is TCP. The machine with the IP you're borrowing would never allow a TCP handshake to complete. RST RST RST If you used an IP that isn't being used, a good ISP wouldn't allow you out as there is no DHCP/PPPoE "lease".
Unless...
In practice, it's good idea to wait till some machine is down and then use temporarily free IP. This only works 100% if you know exactly when machine/IP will be down (so it cannot see trafic you generated) and if you can change your card's ethernet address to be also correct. One could also scan constantly to check if rightful owner of IP has become online again but in ethernet everyone can see the scanning.
...that's what you were saying here. I'm not being dick, I just don't understand what you meant.
3cx.org - A truly bad website.
From what I understand trade secrets become public domain once the secret is exposed, the method of exposure not being relivent.
So does that mean that the part of the windows source that was leaked/published on the web is now public domain which anyone can use???
Incidently if hypothetically SCO is sueing IBM for using some of the Unix source in their Linux development, wouldn't that mean those pieces of code are now public domain as their trade secret status has been broken? Meaning that code is now free to use by all, with SCO's only recourse being to sue IBM for the loss of that code to the public domain, due to them breaking the conditions of their Unix license by (hypothetically) compromising the trade secret status of the source code.
Now if that's (hypothetically) the case, how can SCO justify the demand that those using Linux should buy licenses from them?
Or was the Unix source published & copyrighted, rather than held as a trade secret? As I understand it IP can either be held as a trade secreted or patented/copyrighted, but can't be both - IE it's either one or the other.
you forgot to say it
Are you from MS, the FBI or just a troll?
Either way, you know that if anyone posts disagreeing with you, then you have proof that they looked at the code.
If the code is so brilliant, why are there so many holes in it MS boy? Wouldnt your time be better spent coding a decent OS for once?
Now if the Linux source was leaked, that may actually be worth something...oh wait...it already is!
I am Monkey, the Great Sage, equal of heaven!
As I recall reading recently, Microsoft has already released all its source to various universities, corporations, and developers with special agreements, for those os's. Correct me if I am wrong.
In which case, in typical Bill Gates style, he would be attempting to put kids in jail for distributing source code they probably copied from their university, all the while soaking the media attention by making it appear to be something other than what it is.
Lets re-iterate that. Bill Gates would be trying to throw people in jail, most likely kids, destroying their lives, for code he's already released to many people outside of Microsoft.
A seemingly minor point, but one that should be made over and over again: copyright infringement is NOT THEFT, because nobody "owns" copyrighted material. There are only copyright HOLDERS, who are granted certain rights by the government for a limited time, much like being able to drive in the carpool lane. You can't steal copyrighted material by distributing it any more than you can steal the carpool lane by driving in it alone.
Infringement may cause financial losses. So do a host of other things, but we don't call them theft. Arson is not theft of firewood. Murder is not theft of metabolism.
The reason it's important to keep making this point is that copyright holders, usually corporations that did nothing to create the actual material, use the false notion of infringement to cast themselves in the sympathetic role of the little old lady running after a purse-snatcher, or the outraged homeowner chasing down a drug addict who ran off with the TV. The public can identify with the idea of property theft much more easily than it can understand the ethical and social issues that surround copyright and the public domain. Businesses built on the control of copyright want the public to have a simplified, inaccurate picture of copyright as property. It makes it easier for them to get away with things like paying legislators to shape copyright law to their advantage.
Speaking of which, last time I checked we had a law against bribing federal employees to perform official services. I'd rather see the FBI raiding the offices of senators and representatives who write laws in exchange for campaign money, than shaking down ISPs to find out who posted some buggy OS source code.
Dear Microsoft,
I have received information that because of highly faulty operating system, e-mail, and web-server software that your company produces my inbox and the inbox of millions of other Internet users around the world receives a continual torrent of unwanted and unsolicted attacks in the form of spam. In addition to causing me lost of procudtivity and loss of hardware resources which must be utilized to retreive, process, and elimate these unwanted e-mail attacks your products are creating a severe strain of the infrastructures that the Internet operates upon. As a consumer of Internet access services these costs are passed on to me.
Your company is costing hundreds of millions of dollars that is being passed on to consumers.
I am glad that your source code was leaked. I hope more of it leaks and you go out of business because you make shitty products and I am tired of seeing hundreds of worm attacks daily in my Apache server logs originating from the thousands of infected machines that run your shitty operating system.
I demand that you immediatly cease and desist from distributing crappy, insecure software products and that you refund every user of the Internet who has borne the indirect expenses of your faulty products.
source code to non-techies. One of these is usually relatable
--something from which you can make another of the real item.
As ocie said, "executable" or "binary" would be the complement.
No analogy can be perfect; in using one you have to realize that it's just a crutch
--a tool to relate something that they don't know about to something they might recognize.
gewg_
Write this guy back and tell him to kiss your ass if you get an email such as this. This is just karma kicking microsoft in the ass for screwing over progress by not making their software open source years ago. It's their own damned fault.
I find it immanently interesting that MS only claims that Windows NT and Windows 2000 were compromised. Considering that XP and Server 2003 are built off of the same source code, wouldn't it also affect them? Could MS have intentionally have left out mentioning XP and S2003 in order to:
a) Reduce panic about their current OS
b) Induce people running those older OSes to upgrade post-haste?
Are we soon to hear a claim from M$ (ala SCO) that Windows source code has found it way into the Linux kernel?
It would seem to me that Microsoft has, through its negligence and incompetence, represents the party with the most guilt regarding damages to businesses and individuals. CP/M was little more than a poor substitute of a subset of the original UNIX code. Gates bought/stole it from Gary Kildall and called it MSDOC and licensed it to IBM. When Intel went from 4-bit to 8-bit processors, Microsoft basically screwed up the original kluge with one of their own by folding the address space back on itself, mirroring what Intel did. Intel cleaned up their act later...MSDOS never did. Windows was built on top of MSDOS....crap on top of crap. They ought to go back and re-architect the whole mess, but don't have the talent or manpower to do it. So what you have is a little bit like a bank that everybody in town uses, but where nobody knows how to "lock the doors." There are all these "backdoor" opportunities for security breaches that are fundamental characteristics of Windows. It seems to me that institutions that charge customers usary (rental) rates, leave their own back doors wide open, then wonder why some people wander in a cause mischief are far more guilty of criminal activity than those who distribute instructions as to where to find the wide-open doors, or those poor teenagers everybody wants to throw in jail for accepting the Microsoft invitations!
It would seem to me that Microsoft, through its negligence and incompetence, represents the party with the most guilt regarding damages to businesses and individuals. CP/M was little more than a poor substitute of a subset of the original UNIX code. Gates bought/stole it from Gary Kildall and called it MSDOS and licensed it to IBM. When Intel went from 4-bit to 8-bit processors, Microsoft basically screwed up the original kluge with one of their own by folding the address space back on itself, mirroring what Intel did. Intel cleaned up their act later...MSDOS never did. Windows was built on top of MSDOS....crap on top of crap. They ought to go back and re-architect the whole mess, but don't have the talent or manpower to do so. So what you have is a little bit like a bank that everybody in town uses, but where the bankers don't know how to "lock the doors." There are enormous numbers of "backdoor" opportunities for security breaches that simply fundamental characteristics of Windows. It seems to me that institutions that charge customers usary (rental) rates, leave their own back doors wide open, then wonder why some people wander in and occasionally cause mischief, are far more guilty of criminal activity than those who distribute instructions which lead to the "wide-open doors," or those poor teenagers everybody wants to throw in jail for accepting Microsoft's "open" invitations!