Slashdot Mirror
Microsoft Warning Leaked Code Traders
An anonymous reader writes "Broadand Reports notes that Microsoft is now sending snail mail warnings to downloaders of the leaked source code. They're also apparently working in conjunction with several un-named peer to peer vendors to send out legal warnings to any users who search for the leaked code. The notice on Microsoft's website has been updated to reflect the new warnings."
Through an affiliate of Microsoft, that had it on a linux box non the less.
**It runs through my veins like radioactive rubber pants! Do not deny my veins!**
On Monday, February 16, Microsoft began investigating a reported exploit on versions of Internet Explorer allegedly discovered by an individual studying the leaked source code. This exploit is a known issue that Microsoft had discovered internally and addressed with the latest release of Internet Explorer -- Internet Explorer 6.0 Service Pack 1.
Um, don't usually like to argue semantics, but what was discovered was a security vulnerability (bug) in the code, not an "exploit".
Devising and revealing a method to take advantage of this problem (a virus, worm, bitmap) is an "exploit", right?
There is much cruelty in the universe, John.
Yeah, we seem to have the tour map.
Now that the source code is leaked, MS will probably get a lot safer, with all those hackers and crackers exploiting their bugs and thus revealing them ;-)
Download these two via eDonkey:
8 20 7|34bb9f3a3e8d3e0c4490a96ec30b9f3c|/
1 48 3|afcb4b1fd05ed574e2ee77618222621d|/
(Remove the spaces in the links.)
ed2k://|file|windows_2000_source_code.zip|21374
And:
ed2k://|file|windows_nt_4_source_code.zip|24113
Thus, Microsoft has no choice but to make the best effort it can to track and notify people who have acquired its source code without a license. If they didn't, they risk a court case where a defendent could say that Microsoft failed to protect and enforce thier copyright, and the court would have a very good chance of saying the material had thus moved into the public domain.
This has happened in the past, and will again. Microsoft isn't chasing anyone down to prosecute them, it's unlikely they've been monetarily impacted by any single downloader, but they must vigorously defend their copyright and trade secrets, or they lose them.
Since its a copyrighted work, you can't use it without a license. So compiling it (good luck) and using/distributing it would be way out of line.
Your example is a crime because you included hacking into a computer to do the stealing. Just like whoever stole/leaked the MS code committed a crime.
What we're talking about is more like picking up and reading the Harry Potter book that someone stole from a bookstore and left on the table. The reading part is not criminal, the stealing part is.
Furthermore, a books main purpose is to be read. A program's main purpose is to execute. I know that is knitpicking. But I wouldn't consider it copyright infringement to use a book I didn't own the rights to to prop up a table, or a CD I didn't own as a coaster.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
Plenty of folks have access to Windows source, I know for a fact that these guys do, they ship their fault tolerant boxes with a heavily customized version of Windows.
Plenty of other vendors do, too. Plus plenty of third party developers who work on windows. Not every component in there was developed in house, after all. I remember a time when RealPlayer was part of the package, Real must have had some source back then.
I don't need no instructions to know how to rock!!!!
I got two calls yesterday from my on-campus network administrator's office asking to speak to my room mate. This is odd because I believe he downloaded it through a DC++ connection, as he seems to avoid bittorrent for some reason. All they asked was that he removed the source from his computer, I don't think there were any other consequences. Anyone else have a similar experience?
I should not talk so much about myself if there were anybody else whom I knew as well. -Henry David Thoreau
If peoples' ability to disseminate information serves as a message to corporations that their attempts to turn the US into a police state won't work, then I can live with that.
Orrrrrr you could go through VALID channels and work for reform of intellectual property laws. Because as it stands now, if you trade in MS's intellectual property, it's WELL within their legal rights to come after you.
If you don't like it, do something about it. Something BESIDES breaking the law anyway because it suits you and hiding behind "civil disobedience".
nope, IPtables will probably crap out. Use NF-HIPAC which is basically a binary tree table instead of a linear one. I use it to classify everything going through my box as either local campus, Internet2, or general internet. I have around 5000 matches and it works great. Also the perl module NetAddr::IP and it's function NetAddr::IP::compactref is your friend; it takes a bunch of IP/masks and simplifies them down. It simplified my 9000 Inet2 networks down to 5000.
In many European contries businesses don't have automatically police powers. Besides it's illegal for ISP to reveal details about the clients to anyone else beside police. And police needs to have a good reason before they can ask that.
It is absolutely illegal to download OR view it. It is proprietary software that was stolen and the company(M$ft) holds this code as private. It is illegal to even view the code with the intent to view it(got that? you could pull up any random webpage and see the code itself but as soon as you realized what you were reading, you would have to close the page or you would infringe on private code.
This is a bunch of bullshit, people thinking that its just illegal to download, but you can view it all you want.
It depends.
If you live in a jurisdiction, which accepts private copying, then you are fine (downloading == making one copy of the work to your hard drive)
In some counties the source has to be legit (Denmark) or there's no notion of private copying (UK). In these places also downloading is illegal.
To generate the blocklist? name=Downlo ads&d_op=getit&lid=54
http://mldonkey.berlios.de/modules.php
you are completely uninformed. It is illegal to:
1. Distribute it
2. Use parts of it as your own
It is not illegal to:
1. Possess a copy of it
2. Read the code
3. Think about what you have read
4. Talk about what you have read
If Open Source software developers have to steal code from proprietary software developers in order to make their own software stable, then Linux is already doomed.
Please tell me what law your claim is based on.
While the people who leaked the source code were probably bound by some NDA-like contract with Microsoft, those of us who have not signed any contracts related to it are bound only by copyright law, which does prohibit the distribution (copying) of the source code, but most definitely not its viewing.
The copyright laws in different countries vary in whether they interpret downloading as distribution (and thus copyright infringement).
Making copies of and distributing something you don't have the right to is the only thing that is absolutely and clearly illegal.
The leak came from a Microsoft partner, Mainsoft. The partner's access to Microsoft source was given long before Microsoft started their "shared source" program.
BetaNews has the details.
J.K. Weston
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
jkweston@microsoft.com
Tel: (425) 703-5529
** Feb 2004 **:**:** GMT
URGENT/IMMEDIATE ATTENTION REQUIRED
VIA ELECTRONIC MAIL
XYZ ISP COMPANY
123 SESAME ST
Re: NOTICE OF POTENTIAL UNLAWFUL DISTRIBUTION OF MICROSOFT SOURCE CODE AT: ***.***.***.***
Date of Infringement: Detail below.
Dear XYZ ISP CO:
We have received information that one of your users as identified above by the SITE/URL ***.***.***.*** may have engaged in the un lawful distribution of Microsoft's source code for Windows 2000, and/or Windows NT4, by distributing and offering for download the se source code files via a peer-to-peer network.
Since you own this IP address, we request that you take appropriate action against the account holder under your Abuse Policy/Ter ms of Service Agreement.
We also kindly request that you forward this notice promptly to the user of the IP address listed above at the time and date stat ed.
To the user at ***.***.***.***:
The unauthorized copying and distribution of Microsoft's protected source code is a violation of both civil and criminal copyrigh t and trade secret laws. If you have downloaded and are making the source code available for downloading by others, you are violat ing Microsoft's rights, and could be subject to severe civil and criminal penalties.
Microsoft demands that you immediately (1) cease making Microsoft's source code available or otherwise distributing it, (2) destr oy any and all copies you may have in your possession, and (3) provide us any and all information about how you came into possessi on of this code.
Microsoft takes these issues very seriously, and will pursue legal action against individuals who take part in the proliferation of it source code. We look forward to your prompt cooperation. Should you need to contact me, I can be reached at the address abov e or at jkweston@microsoft.com.
Very truly yours,
By
J.K. Weston
CaseID: *****
You have no idea how copyright law works do you? The source code is not subject to the same laws as stolen physical goods are. It is copyrighted material. There is no theft of goods here, but you are infringing on Microsoft's copyrights by downloading (and thereby making an unauthorized copy of) the source code. Which by the way is still a serious crime, but it is not theft in the traditional sense.
By the way, viewing it on a webpage still counts as downloading it because you have to make a copy of the webpage onto your local computer in order to view it.
Copyright infringement is not the same as theft. And if you believe otherwise you have been drinking too much of the RIAA Kool-aid.
There are legitimate ways for people to get windows code that are outside of GSP or Shared source.
Think about this - the code that was leaked is older than the shared source program. Was shared source the very first time any institution ever got windows code ?
No.
I thought the answer on where this code came from was publicly known, and even discussed here ?
The microsoft statement above, to the best of my knowledge, is correct. (iow what i know doesn't disagree with that statement) If the specific details to back this up aren't widely known, I won't disclose them. IOW, they know how the code got out, and its none of the things you mention. Mostly the distinction is that people have an overbroad interpretation of who the shared source program covers.
My opinions are my own, and do not necessarily represent those of my employer.
It was Mainsoft. They were licensed to get the code several years back, before the whole shared source business, to port some MS stuff to Unix. Thus it wasn't shared source, wasn't a breach of Microsoft's security, and wasn't a troubled Microsoft employee. Somebody at Mainsoft fucked up.
Where's my cookie?
Mainsoft has been a Microsoft partner since 1994, when we first entered a source code licensing agreement with Microsoft. Mainsoft takes Microsoft's and all our customers' security matters seriously, and we recognize the gravity of the situation.
We are cooperating fully with Microsoft and all authorities in their investigation.
We are unable to issue any further statement or answer questions until we have more information.
From Mike Gullard, Chairman of the Board, Mainsoft Corporation
But still, check out their front-page and count how many times the word Linux appears ^_^
My other UID is 1337
So has it made it onto Usenet yet?
ohhh yes.