Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Pressures Testers After Software Leak

Posted by CowboyNeal on from the everyone-play-nice dept.

narramissic writes "ITworld reports that Microsoft is 'taking tough measures to find out who leaked a Community Technology Preview (CTP) of Windows Home Server to The Hotfix.net blog.' The software preview was posted on the site by a user named 'Richard' soon after it was released to a small group of testers. In an e-mail to MVPs whose names contain 'Richard,' Kevin Beares, the Windows Home Server community lead at Microsoft, wrote: 'For right now, you have no access to the beta until I can find the Richard who posted the WHS (Windows Home Server) CTP on this site.... I will work with the Connect Admin team to determine which one of you is the real culprit of this leak.'"

8 of 263 comments (clear)

  1. Shades of... by Dogtanian · · Score: 4, Interesting

    ...the whole class being kept behind at school until they found the culprit.

    --
    "Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
  2. Why Richard? by apathy+maybe · · Score: 5, Interesting

    And I wonder why Kevin Beares thinks it was a Richard who leaked this. If I was doing such a thing, especially when there are only a small group of testers, I would use a pseudonym. Richard is as good a one as any other.

    Also, I wonder how he thinks he can work it out? Contacting the ISPs perhaps? (From the article it seems as if the webmaster for the site where the leak was posted will help.) I'm sure all the testers will deny being "Richard" of leaking fame.

    This whole thing seems like a big beat up.

    --
    I wank in the shower.
  3. Re:Oh good, another reason to not work for free by WED+Fan · · Score: 2, Interesting

    OK, get me if I am wrong here but the testers were working for free, correct. If MS (or any other company for that matter, even Apple), does not want to pay for work, then they take their chances. If they want testers that will follow their rules, they should pay the testers then. Very simple concept.

    Oh, yeah, because we know that when you pay someone, they don't steal. If you say, "play nice", they will. If you had a little pink pony...what planet do you live on?

    When a guy at work is making $80K and still rips off the company for office supplies, toner for his printer at home, and makes up receipts for his last business trip to cover the $40 in singles he used to tip a stripper in Tampa, you think this is going to work?

    Go home. Just shut up and go home.

    --
    Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
  4. Inside job? by Eudial · · Score: 5, Interesting

    Did they ever stop to consider the fact that besides these testers, undoubtedly lots of people on the inside will have had access to the leaked version?

    --
    GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
  5. Torrent? by ArchieBunker · · Score: 2, Interesting

    Anyone have a torrent of this so called leak?

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
  6. Re:WHS by mikelieman · · Score: 4, Interesting

    "Intended for users who have never seen or touched a server OS."

    Yeah, that's the supposed Idea. I remember when they pitched that line for NT, too.

    "Redundant storage and hot pluggable drives for those for whom RAID is an insect spray can."

    If you don't know what RAID is, why would you bother specing a home-pc with hot swappable drives?

    "To add storage just slip in another drive and you are good to go."

    Yeah, assuming you got a server chassis with hot swappable drives. Which, by definition, the end-user this is targeted at doesn't.

    "Automated backups for every system on the net. Recover older versions of files. Single instance storage"

    Yeah, that's a good pitch, too. So far? Vapor-ware!

    "Remote access and administration. Remote control over the web --- again, intended for users who have no experience in any of this."

    Oh, there's a security hole just waiting for a portscan to come along!

    This is aimed at Fanbois who just don't have the brains to make the leap to Ubuntu or Fedora.

    IOW, A cute toy.

    --
    Technology -- No Place For Wimps! Grateful Dead and Jerry Garcia Chatroom -- http://www.wemissjerry.org
  7. You assume that, but where's the evidence? by jd · · Score: 2, Interesting
    For all we know, it could have been a tester who found a way to spoof the username, or anyone at all who happened to pass by an unlocked console. Given the organization involved, it could also be that a UID table got corrupted and a completely different name originally existed.

    Based on the little that is known, the most obvious explanation is that this leak was intended to be discovered (there's no shortage of far more public sites that would offer far greater protection to the person involved) and that in turn makes the idea that an actual "Richard" was involved much less likely.

    We won't know until the culprit is found (if they ever are, and if we ever have any reason to believe that anyone unmasked isn't simply a convenient scapegoat) but if I were in this Kevin's shoes, I'd be far more interested in gathering information than issuing threats. For that matter, Mandatory Access Controls have existed for decades. Why was such valuable IP even placed under a discretionary access control system?

    (For those not familiar with MAC, it's a concept popularized by the US military but widely used in any secure environment. The idea is that the controls prohibit a user from copying to a location with weaker controls. In the military, you don't want people copying Top Secret files into an unclassified filespace or reassigning them to a user of lower classification, for example. So you simply program the access controls to block any such transfer. Properly implemented, there is no "superuser" - no need of one - and there is no possible way of violating permission boundaries directly or through privilege escalation.)

    Yes, this is theft. So would be taking a hundred dollar bill nailed to the gatepost. At some point, a little personal responsibility is called for and a few reasonable precautions should be taken. Kevin Beares' bosses should be asking why neither has happened here - although that might be asking a bit much of Microsoft. Failure to secure trade secrets has, in the past, been grounds for courts to nullify the protections on those trade secrets, and undue harassment by employers of employees has spawned its own lawsuits. (If a Richard isn't found soon, with definite blood on hands, harassment suits can't be far behind.)

    This is a very ugly situation for Microsoft to be in and they are hardly an innocent party as they have clearly shown they are not using suitable methods to protect that which is theirs. In a world that has been manipulated into believing there's a bogeyman hiding in every server cupboard, being able to protect your own is key to keeping the confidence of customers. The rights and wrongs are totally a side issue in all of this. The fact it was even possible is everything.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  8. Re:Now they are really screwed... by Creepy+Crawler · · Score: 2, Interesting

    And to foil that kind of obfusication, you just take one of those free translator services and translate it twice: once in a foregin lang, and once back.

    That munges things up enough.

    --