Slashdot Mirror


Microsoft Warning Leaked Code Traders

An anonymous reader writes "Broadand Reports notes that Microsoft is now sending snail mail warnings to downloaders of the leaked source code. They're also apparently working in conjunction with several un-named peer to peer vendors to send out legal warnings to any users who search for the leaked code. The notice on Microsoft's website has been updated to reflect the new warnings."

16 of 833 comments (clear)

  1. Traders or Traitors? by monstroyer · · Score: 5, Interesting

    [tin_foil_hat]

    I think the title should have read "MS Warns Leaked Code TRAITORS" considering that the code probably got leaked from one of their own.

    From the MS Notice page:

    Customers running Windows XP Service Pack 1 or Windows Server 2003 who have installed all of the latest updates are not impacted

    In other words: "Dear companies running on W2K, please pay for upgrades ASAP. We would like more money. Thanks."

    [/tin_foil_hat]

  2. Warnings? by Xeed · · Score: 5, Interesting

    I thought the thing to do nowadays was to sue the pants off downloaders. Is M$ trying to play good guy warning downloaders rather than suing them?

    --
    ...don't question it!!!
    1. Re:Warnings? by stratjakt · · Score: 5, Interesting

      What noone picked up on is MSFT is SNAIL MAILING downloaders.

      No matter the text of the letter, the implication in recieving a snail mail vs. an e-mail is obvious: "WE KNOW WHO YOU ARE AND WHERE YOU LIVE, MOFO!"

      --
      I don't need no instructions to know how to rock!!!!
  3. Re:kazaa, bittorrent, emule/edonkey? by W2k · · Score: 5, Interesting

    ah well. it's kinda scary that even the largest/richest software co in the world can't stop the spread of their IP, and that it takes only one person.

    Not scary at all. I'd say it is a good thing that not even one of the most powerful forces on this planet can stop information from spreading across the web. Information wants to be free, remember?

    --
    Quality, performance, value; you get only two, and you don't always get to pick.
  4. I'm skeptical by Doesn't_Comment_Code · · Score: 5, Interesting

    While it may be illegal to steal source code that is privately held. I don't know that it is illegal to view it once it has been released. Perhaps someone has a more educated viewpoint. But this seems like a scare tactic without much legal standing.

    --

    Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
  5. For those sharing the source... by Lovepump · · Score: 5, Interesting

    ... or just using the P2P networks, PeerGuardian can help. I reject about 250 requests per day on the Emule network from tracking companies. Here's about 40 minutes worth:

    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:49:19)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:50:00)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:50:42)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:56:11)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:56:55)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:57:37)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:59:00)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:59:44)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:00:26)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:08:53)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:09:35)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:10:16)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:18:51)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:19:34)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:20:14)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:28:40)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:29:24)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:30:06)

    You can get it from Methlabs.org. Windows only as far as I know.

  6. Re:Bad Reasoning by Erratio · · Score: 3, Interesting

    Software will have flaws, or if not "flaws" exactly, incompatibilies. But flaws and security issues are 2 different things. Bugs don't have to lead somewhere. You can't account for every possibility when you write a program, but it's how the integral error handling type functions of your program handles those things you didn't think of, and when you're writing programs for which security is an issue, those problems shouldn't lead anywhere they're not supposed to go.

    --
    I don't try to be right, I just try to make people think
  7. Re:Someone got kicked off their ISP... by cant_get_a_good_nick · · Score: 5, Interesting

    Don't know if you were joking, but some folks really got MS Office war3z letters from the BSA for putting up OpenOffice downloads.

  8. That is a slick tool.. haven't heard of it before. by steppin_razor_LA · · Score: 4, Interesting

    It looks like they have a fairly extensive IP block list. It shouldn't be too hard to get this list to work w/ IPtables.

    My question -- will IPtables run "okay" with a few thousand block rules?

    --
    Evolution: love it or leave it
  9. Makes you wonder... by ValourX · · Score: 3, Interesting

    why Microsoft isn't so rabid about stopping the spread of Windows XP and 2000 ISOs on filesharing services...

    -Jem

  10. What's wrong with copyright law by swillden · · Score: 4, Interesting

    Another inch closer to having a lock-hold on the Supreme Court when they finally make the big decisions about the validity of intellectual property!

    Funny, but it's worth pointing out that the USSC is not going to be making any big decisions about the validity of intellectual property... the US Constitution explicitly provides Congress with the right to make IP laws and even provides a brief rationale for them.

    What Congress should be looking at, though, is whether or not the current laws make any sense at all. What is really bizarre to me is this notion that you can keep something secret and yet still have copyright protection on it.

    The original reasoning behind copyright as we know it (as opposed to the true original reasoning, which was about facilitating censorship by the British Crown) was to enable authors to retain limited control of their published works, in order to encourage them to publish. When you publish a book, the content is out there for the world to see and potentially copy; there's no way to publish a book and keep it secret at the same time, so some legal protections are necessary if we want to enable authors to control and profit from their work.

    These "legal protections" are really limitations on what society is allowed to do with the work, in other words, freedoms we choose to give away, and the reason this is a good trade is because (a) it makes more material available now for people to read, learn from and build off of and (b) it ultimately puts more material in the public domain for anyone to use however they see fit when the copyright expires.

    Patents are really the same idea applied to a different space: Getting the details of inventions published for everyone to read theoretically encourages more invention. With patents, there's a *requirement* that the details be published, because unlike a book, it often is possible to keep secret the details of a piece of machinery.

    Even for copyrights, there is and always has been a sort of a requirement to publish -- under current law you cannot sue over copyright unless you have registered your work with the copyright office, and doing that requires you to submit a copy to them, placing it in the public record. Kind of. In the case of code, you only have to submit a few pages from the beginning and the end. The rationale behind copy registration was primarily to establish ownership, not to publish, because when all of this was set up publishing was just a given. Because that was the rationale, when code copyrights came along it was deemed too burdensome to deal with full printouts of the registered code (because they're really, really big) and, of course, the copyright office wouldn't have had any idea what to do with magnetic media.

    So now we've arrived at a situation that cannot have been expected or planned by the designers of the system: You can obtain copyright protection on something that you never published and never have to publish, even when you go to court to enforce your rights. The "trade" is no longer a trade, because society no longer gets to benefit from seeing what it is giving you protection for. There's no requirement that the code *ever* be published, even after the copyright has expired (assuming current copyrights ever will expire).

    In my opinion, it should only be possible to obtain protection for what you publish. If you want to keep your source secret and only publish binaries, fine. You get copyright protection for the binaries and you can use trade secret law to protect your source code -- but remember the caveat in trade secret law that once it's published it's no longer a secret, so you can only go after the person who gave it away the first time.

    On the other hand, if you want the full protection of copyright law applied to your source code, then you have to publish the code, at least before going to court over it. Publish *all* of it. I don't think the US Copyright Office of 2004 will have any trouble at all understanding how to manage data delivered on a stack of DVD-ROMs.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  11. Re:Don't mess with MS by DickBreath · · Score: 5, Interesting

    Yeah, released source code is horrible for security. Look at OpenBSD, all those servers just waiting to get hacked in to. Maybe now Microsoft will actually have to, I don't know...eliminate exploits instead of waiting for them to appear, then fixing them after it's too late (if it isn't already).

    Here is the real crux of the problem. You are pointing at the wrong thing.

    It is not whether the source is open and available that makes it insecure or more secure.

    It is whether the soruce was developed as open source. It matters that all those eyeballs were watching while the source was being written. Taking a buggy closed source program and suddenly opening the source simply means that all of the bugs will be discovered, and exploited. Developing a program as open source means that those security problems often don't live long enough to reach a release. Even when they do, they are patched rapidly.

    In fact, it simply may say more about the users or "administrators" than the availability of source. Remember the Bind 8 vulnerability? Remember how many servers run Bind 8? Remember how fast everything was upgraded all over the planet? Remember <Microsoft virus of the week>? Remember how many servers were vulnerable to that? Remember how slowly those vulnerable servers were upgraded? Even when the fix was available before the exploit? Now which of these two widely used software program vulnerabilities caused a huge upheavel affecting society as a whole?

    --

    I'll see your senator, and I'll raise you two judges.
  12. Interesting evaluation of the source code by Penguinshit · · Score: 3, Interesting
  13. Re:Don't mess with MS by GrodinTierce · · Score: 5, Interesting
    I'd definitely have to second the parent. I'm in high school, and I know a little C++ (I took the APCS AB exam and got a 5), and I've played around with Linux. Basically, I couldn't really do anything with the source (even if I should ever chance to look upon it) beyond reading the code, and I don't really have any desire to go beyond that anyway.

    Ultimately, like the parent said, it's the taboo that makes it interesting. If Microsoft had just posted the code on its website, I might not even be interested, but all the effort they're exerting has attracted my attention.

    --


    Tierce
    Who sponsors your feelings?
  14. How did they get the home address? by nurb432 · · Score: 3, Interesting

    They didnt goto court to supeona the information, how are they getting the home address of people so quickly?

    Is that even legal for them to do ( assuming they didnt get a court order. ... )

    --
    ---- Booth was a patriot ----
  15. Re:Someone got kicked off their ISP... by KidSock · · Score: 4, Interesting

    Don't know if you were joking, but

    It's no joke:

    Subject: [linux-elitists] Microsoft goes after Linux kernel downloaders?
    Date: Mon, 16 Feb 2004 20:15:28 -0600

    I went trolling, and it seems I caught the biggest fish of them all.

    When the story about the MS leak appeared on Slashdot this past week,
    I thought I'd have a bit of fun. A post entitled "Kernel source here,"
    which pointed to a torrent of Linux 2.6.2, was all it took to hook
    about a thousand would-be NT and 2000 source downloaders.

    "You can find the build applications and such with Google already."

    I trickled the torrent out at about 1k/s for the first few hours, then
    let it go full-speed once we'd crossed over 600 active
    participants. Let 'em all have the punchline at once.

    Imagine my surprise when my DSL stops working this morning, I call my
    provider, and I learn that I've been accused of copyright
    infringement. I argued that I was doing absolutely nothing wrong, and
    they turned service back on. After I asked to see the accuser's email,
    they forwarded the below. Sure enough, it's a bona fide valentine from
    MS Legal:

    J.K. Weston
    Microsoft Corporation
    One Microsoft Way
    Redmond, WA 98052
    jkweston@microsoft.com
    Tel: (425) 703-5529

    14 Feb 2004

    URGENT/IMMEDIATE ATTENTION REQUIRED
    VIA ELECTRONIC MAIL

    [My ISP]

    Re: NOTICE OF POTENTIAL UNLAWFUL DISTRIBUTION OF MICROSOFT SOURCE
    CODE AT: [one of my IPs]

    Date of Infringement: Detail below.

    Dear [My ISP]:

    We have received information that one of your users as identified
    above by the SITE/URL [My IP] may have engaged in the unlawful
    distribution of Microsoft's source code for Windows 2000, and/or
    Windows NT4, by distributing and offering for download these source
    code files via a peer-to-peer network.

    Since you own this IP address, we request that you take appropriate
    action against the account holder under your Abuse Policy/Terms of
    Service Agreement.

    The IP they chose wasn't the tracker, it was a system participating as
    a torrent peer. This makes me wonder if there are a thousand other
    P2P Linux 2.6.2 downloaders enjoying MS' Feb 14 love.

    Now, admittedly I was just asking for it by hinting at something that
    might offend the big giant. Still, it took them three or four days to
    issue this letter. In the meantime, shouldn't they have been able to
    find someone capable of cracking open a .tar.bz2? Did nobody raise the
    question of how a leaked CD fits into a 32m file?
    ___________________________________________ ____