Slashdot Mirror
Microsoft Warning Leaked Code Traders
An anonymous reader writes "Broadand Reports notes that Microsoft is now sending snail mail warnings to downloaders of the leaked source code. They're also apparently working in conjunction with several un-named peer to peer vendors to send out legal warnings to any users who search for the leaked code. The notice on Microsoft's website has been updated to reflect the new warnings."
Don't mess with Microsoft, they have the money and the power to track you down, even on Internet and through P2P networks. And they will, this is just an example and a warning.
I will never download the source code and you should better not try too. Anyway what's the point in seeing/having it?
I think people don't really understand what having windows 2000 SP1 source code spreading on internet really means. That's quite important and even if it's only part of the source code it's already enough for the first exploits to appear.
The author was kind enough to tell us about the first one, but I bet many others did find bugs and didn't report them because they are working on viruses and attacks using them.
Let's see what happens in the coming months. I'm already working on the switch from Windows 2003 Server to Linux in my company for this exact reason.
Iraq: war to save the U
is kazaa one of the vendors? is there anything they can do about emule or edonkey users?
;)
the latter seem to traffic especially in things like leaked source RARs, and since most of the central servers are overseas and operated independently (and 'overnet' seems truly peer to peer with no central servers), it would be tough to crack down on them, besides having a bunch of fake clients that harvest IPs. anyone know if they do this?
(i imagine the same concept would apply for bittorrent downloaders -- except BT relies on central tracking servers which would be comparatively easy to shut down.)
seems like a natural, uh, application, for the freenet project
ah well. it's kinda scary that even the largest/richest software co in the world can't stop the spread of their IP, and that it takes only one person.
-fren
"Where are we going, and why am I in this handbasket?"
how are they able to know who's downloading the files from p2p network?
is that you big bro?
This has got to work even better than security through obscurity.
Now do you understand why we need Freenet?
What will happen when the Linux project servers for the version you use get breached. Or what if there are exploits that can't be fixed immediatly?
Switching off of Windows sounds great to me, as I really dislike using it, but your reasoning sounds a bit flawed. If it's because the software's buggy and prone to exploitation, great. But if it's just because some code got leaked.. and OSS software generally has all the code available all the time.. then your reasoning sounds a little flawed.
Any software will have flaws. It's inevitable. Knee jerk reactions too those flaws generally aren't a good idea though.
You're reading Slashdot. Of course you like Linux and pc hardware
Seeing that MS is sending out warning to those downloaders, it already knew who they are, thus it could be just a warning to those downloaders that if any exploits were out, they will be the first to be investigated.
Rock that crushes, Paper & Scissors that don't matter.
How do you figure that?
If someone hacked JK Rowlings computer, and leaked the "source" for the next Harry Potter book, would it be OK to donwload and read it?
It's their copyrighted work. It's at least as illegal to download the Windows source as it is to download copyrighted films or music w/o permission.
I don't need no instructions to know how to rock!!!!
The code is out, it wont come back.
There are hundreds and hundreds of sources in emule, and thousands have been downloading (5k requests the last 5 days). Not to mention irc, ftps, kazaa , winmx and the other stuff.
As an educated guess i would say that at least 50-100.000 people have the source currently on their harddisc.
Whoever wants it now has it....
HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
We should respect MS copyrights just as we expect MS to respect GPL. Sure MS may be dirty, but we are better than them.
1f u c4n r34d th1s u r34lly n33d t0 g37 l41d
If peoples' ability to disseminate information serves as a message to corporations that their attempts to turn the US into a police state won't work, then I can live with that.
- First they ignore you, then they laugh at you, then ???, then profit.
There have been many security comparisons between Linux and Windows, and the conclusions have always been mixed. One reason is because of the scope of the included software - because it's "free" Linux distributions usually include the kitchen sink, so there are more packages to count security exposures in. Another reason is multiple counting - one exposure across multiple distributions. Yet another factor not well estimated has been the severity of the exposures.
But these security exposures have all been in an environment where Linux source was generally available for inspection, and Windows source wasn't. A corollary of this is that most of the Linux exposures have been proactively reported, prior to being exploited. With Windows that's not so clear.
In the future, there's not reason to expect Linux security exposures to change significantly, except through becoming a bigger target because of increased usage. But the fundamentals of bugs, bug reporting, bug fixing, and security haven't changed.
The future story for Windows is different now, because some source has become available. *Maybe* some people will begin proactive security work on the source, and *maybe* Microsoft will roll that work into fixes. But for certain, others wearing differnt color hats will be examining that code for security exposures, too.
The living have better things to do than to continue hating the dead.
It is not illegal to view it. It is illegal to download it.
Microsoft says that it working with the FBI. How many DIY programmers could ever claim that they were getting help from the FBI to track down people who had pirated their software? This is an example of how intellectual property only exists to benefit the rich and powerful who can get the authorities to do their policing for them. Microsoft has the FBI. I guess the rest of us would have to resort to rent-a-cops and DIY cease-and-desist letters.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
I don't have their code, nor do I want it. But I realize that even if every single Linux user/GPL supporter refused to look at it or download it, it would still spread like wildfire. People download stuff like this just to say that they have it. I have a friend who is somewhat of a "collector" of things like this. He has no programming background whatsoever, he just wants to say that he has it. (ironically, he is actually in school getting a law degree with a concentration in Intellectual Property)
The cat-genie is out of the bag-bottle.
My beliefs do not require that you agree with them.
Now heres the thought-provoking question of the day:
If the leak was not caused by a network security breach, a physical security breach, a troubled-employee, or it's code sharing initiatives; how the hell was the code leaked? They said it wasnt network security, and it wasnt internal security (which takes away a physical security breach or a troubled employee), and it wasnt't its code sharing initiatives... Makes you wonder... how the hell did the code get out?
Answer this and get a cookie.
Over reacting?
You know, the entire non open source software world has access to the full source code of all GPL software and they do not seem to worried about being tainted by it. Just because the source is there does not mean you have to copy from it and the fact that you have it does not make you automatically guilty that either.
Bad boys rape our young girls but Violet gives willingly.
Actually, I believe it's illegal to upload it, rather than download it.
This is roughly the same as picking up a set of photocopies you see sitting on the curb. Copywritten or not, you haven't done anything wrong by picking them up, as you didn't violate the author's copyright.
The person who made the copies is violating the copyright (originally two words, godamnit!) not the person who picked them up.
This is one of the issues with the RIAA going after Recipients, rather than Source.
If I buy stolen goods at a garage sale, and the cops find me, they take them away and give them back to the owners. They arrest the thief, not the poor sucker who bought the goods.
I'll at least give Redmond credit for issuing warnings rather than subpoenas. Though "Searching for phrase != downloading files I shouldn't have access to."
Never attribute to malice what can as easily be the result of incompetence...
Has anyone noticed that the RIAA has tried for two years to figure out how to connect an IP address to a snailmail address with out resorting to subpeonas, yet M$ did it in about 4 days? Has this not raised any eyebrows, made anyone look over their sholder, or consider buying a Mac, Unix, Linux, OS/2, anything not Microsoft box. In fact I'm probably putting myself at risk just by typing this. Oh crap, there here already...
Why doesn't anything interesting happen when I have mod points?
Copy down the IP address of anyone who starts a multi-source download
Kill the download
Whois lookup
Letter to the ISP.
Of course if they're distributing it in that manner so that the hash codes match, does that qualify as them legally giving it away?
So has it made it onto Usenet yet?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Given that the code that was released is all older code, I have another reasonable theory about where it came from.
Remember a while back when it came out that a group of hackers had compromised MS's internal network and had access to it for over a month. At the time they admitted it they denied that the group obtained access to the source code. Of course they would deny it regardless of the truth or whether or not they knew. Basic damage control.
So say in the interest of avoiding getting too much attention directed at them, perhaps they waited until now to release what they found.
Just a thought, but it seems as reasonable as their assertions.
Really?
How exactly do you know that?
Seems like they may be a scapegoat - their CEO says that they didn't do it - thats the same amount of evidence that says that Microsoft didn't do it...
Are we believing the Microsoft Marketing Machine when they say that their security was not breached? I mean, they've never had security issues before have they?
This sig is in Spanish when you're not looking....