The REAL story behind the Microsoft break-ins
on
Microsoft Cracked
·
· Score: 1
I just found this on the web at the site for the MicroSloth Gazette
and thought I'd repost it here. It definitely sheds a different
perspective on things. You can find the original article at:
http://www.microslothgazette.ru/articles/business/ 20001027/ms_hack_2000.htm
or
http://222.173.190.239//mad_cow_disease/bad_burger s_infect_redmond.html
Let us hope that the hackers / crackers, or whatever they
desire to be called, do not decide to release the Microsoft
code to the rest of the world thereby infecting the worlds'
programmers. After reading this, I believe that to do so
would set the software industry back 10 years and should
thus constitute an act of terrorism.
Apologies in advance if lines wrap weird; blame it on this
being my first post here.
Note: Some of the words or phrases are trademarks of somebody.
All others are open to the highest bidder.
-wallk_in_columbus
P.S.- I'm posting this anonymously, because this is not my
real name.
------------------------------------------------ -----------------------
The Real Story Behind Ballmer's Comment
"our source codes are intact"
By: Lacey Sheets*
----
* The author's real name. Heh, would YOU choose that name as a pseudonym?
----
2000-Oct.-28--St. Petersburg, Russia-- We at the MicroSloth
Gazette were cruising the web's leading news portals looking
to borrow another paper's story when we spotted the title to
a still unposted article at the Yahoo,Yippee,Hurray!!?! web
site that described the possible espionage and theft of source
code at Microsoft.
What intrigued us about the soon to-be-published story (available at
http://dailynews.yahooyippeehurray.com/h/nm/2000 1027/tc/microsoft_ballmer_dc_4.html)
was the comment made by Miscrosoft CEO Steve Ballmer.
Ballmer said, "I think I can fairly say that our source
codes are intact."
Until then, it had been the opinion of some at the MicroSloth
Gazette that Ballmer was at least somewhat technically astute,
but this comment left even his staunchest supporters here
wondering if he really wasn't totally clueless.
Either Ballmer didn't know that simply copying source code
would leave it unchanged or he was trying to cover-up
something. We smelled a story and so we assigned our ace
undercover reporter, Lacey Sheets to the story in Redmond.
The following is a full disclosure of Mr. Sheets findings.
"I arrived at Redmond at 8:05AM Pacific time. By 9:00, I had
contacted our Microsoft mole and planned to meet him for
a late breakfast.", said Sheets.
Steven, er, our mole, whose name we cannot reveal lest he get
arrested and we stop getting these inside scoops, arrived
incognito disguised as a Linux kernel hacker. Sheets says
he would not have recognized him except that he still was
wearing his Microsoft badge. For the remainder of this
story, we'll refer to our mole as "MS Guy".
Sheets: "Well, Steven whose last name I had better not reveal, what's
the scoop at Microsoft?"
MS Guy: (nervously looking over his shoulder, and then smelling under his
armpit): "The inside rumor is that our CEO is not revealing the
whole truth."
Sheets: "What do you mean? Is he simply lying or is he just planning to
run for office?"
MS Guy: "Well, for instance, the official report released to the press
says that there was some 'unusual behavior' in the security
protocols that we use in terms of the network and that's
when the security team started the whole investigative process.
But I have some friends down in QA and they told me that's a
bit misleading. The security people did not really did not see
passwords going outside of the Redmond campus. What made them
suspicious is that suddenly the Windows 2000 Kerberos actually
started inter-operating correctly with Kerberos servers on some
UNIX hosts that are used for incompatibility testing. Of
course, a few weeks before that, the QA team had become
suspicious since Windows ME was only crashing half as
much as expected."
Sheets: "I see; and that led you to proceed, how?"
MS Guy: "Well the security team was called in and what they
discovered is not pretty. Are you sure that I will
remain anonymous, as an undisclosed source?"
Sheets: "Well, yes, Mr. B... Er, sorry, I'll be sure to erase that
from my tape. Not only that reference, but, we hope your
source code as well."
MS Guy: "Okay, I believe you. I'm just nervous that's all. Probably
because you're taking notes using XEmacs on a laptop running
OpenBSD. I start sweating when I get near one of those, you
know. Okay [takes drink of water], where was I? Oh yeah...
the security team started checking audit logs and sizes of
the files compared to those on our last backup that we did
two months ago. They found the present file sizes much smaller
then the backups."
Sheets: (pouncing with his 'killer' question) "What do you mean?"
MS Guy: "You know... the sizes for the current files--both object
and source files--were almost all smaller than they were
before. And also, we found some of the files were
completely missing. For example, instead of the seventeen
different implementations of shell sort functions in six
different DLLs, there was only one sort routine in a single
DLL. Someone who had an old copy of Knuth's algorithms books
identified it as something called a 'quick sort' routine. Also,
it had a copyright by the 'Free Software Foundation'. Another
person mentioned it looked like the Gnu Public License. This
lead our security team to discover that this one function
not only ran much faster then all of our finely tuned
shell sort functions--including those handcrafted in
assembler--but it also appeared to be the same function
as the qsort function in the GNU libc library."
Sheets: "I see. So your source code really ISN'T intact, is it?"
MS Guy: "No, but we ran regression tests and had a 99.9% pass rate.
The few things that failed were things like case-insensitive
file names. The hackers seemed to have made FAT into a
case-sensistive file system. We currently have a team of 40
engineers repairing that, although we're hoping someone
can locate those backups of the DOS 2.11 code on 5 1/4 inch
floppies so we can simply retrieve the corrections from
the backup."
Sheets: "Interesting... anything else out of the ordinary turn up?"
MS Guy: "Well, one unusual thing of all was that all our patch blocks
had been removed from the source code. That reduced the source
code size by a factor of 10, but oddly enough, we saw no
corresponding reduction in the size of the object code. We're
still looking into that."
Sheets: "Patch blocks? What are patch blocks?"
MS Guy: "Ugh, you know, when you write code something you insert in
the source code to leave room for making later emergency
patches to the object code." [Illustrates by writing the
below on the back of his place mat.]
/* Purpose: Create NOPs in binary code to allow room for
* future emergency patches. Should be called
* upon entry of each and every C and C++
* function in this file. Furthermore, every
* C or C++ source file should define this
* function.
* Version: 1.4
*/
static void patchBlock(void)
{
// patchBlock();/* Don't call - infinite recursion! */
// Leave room for patches by inserting NOPs into code.
// Only use as multiple of 4 ';'s for proper alignment.
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;// etc.
}
Sheets: "Hmmm; I don't know much about programming, but that certainly
doesn't look like it does much."
MS Guy: "Oh yes, it has a very valuable purpose, given that we
have so many bugs and so many millions of lines of code.
We just replace these empty semicolons with patches so
we don't have to recompile everything to fix it. Do
you know how long it takes to compile 27 million lines
of C code? A long time!"
Sheets: "Er, well, I see, I guess... What else did your security team
notice in their audits?"
MS Guy: "Well, now that you mention it, in some portions of code that
was left, but simply rewritten, it was no longer written using
Hungarian notation."
Sheets: "Hungarian notation?"
MS Guy: "Yeah, you know... naming variables after their data type. We're
required to do that for readability or for some reason like
that. Actually no one remembers why we use it, but the code is
full of it and... Here, I'll show you..." [This time writes on
paper cocktail napkin.]
/* Copyright - 2000 - Microsoft. All rights reserved. */
/* Proprietary and not for disclosure. */
#include "sy.h"
struct SY *PsySz(sz)
char sz[];
{
char *pch;
... [runs out of napkin]
Sheets: "And that means, what?"
MS Guy: "Well, you see if SY is a structure for a symbol table, then
PsySz(sz) is a pointer to a function returning an SY that
takes a pointer to the first character of a null terminated
string. See how convenient that is? It's a lot easier to type
than to say, trust me. And by the way, I'll have to have that
napkin back."
Sheets: "Well, if you say so. So with all these changes, I'll bet you
found all kinds of problems and trojan
rubbers^H^H^H^H^H^H^Hhorses left behind, right?"
MS Guy: "Well, so far we haven't. We know the thieves have been in
for at least two weeks, but they only had a chance to replace
a few key modules. But incredibly, the QA team have had less
problems with the system and applications crashing then we
normally do. In fact, almost 50% less to date. In addition,
the overall performance has increased by 15%, and for some
modules, there has been a factor of 10 increase in speed.
Someone, tried, on a lark I think, to boot this hacked Windows
ME up on an old Pentium 90 that the cleaning ladies play
Solitaire on using Windows 3.1, and it actually worked.
Well, it did until we ran out of memory when we tried to
run MS Office. It only had 8MB of RAM."
Sheets: (incredulously) "What, Windows ME booted on a Pentium 90 with
only 8MB of RAM? Impossible!"
MS Guy: "That's what I said. I wouldn't have believed it if I hadn't
seen it with my own eyes. But of course you see my, er, our
predicament, don't you?"
Sheets: "Well, not exactly. What don't you spell it out for me in
layman's terms. Put it so that it's something that even
programmers who have had their minds wiped clean by writing
years of Visual Basic could understand."
MS Guy: "Well, I'm not sure that ANYTHING could be explained that simply.
But I'll give it my best shot, and with luck, maybe even upper
management will be able to grasp it.
It's like this. If Microsoft doesn't restore the original
software, people will notice the quality improvements, the
speed improvements, and the smaller memory footprint."
Sheets: "So?" (My best question, by far!)
MS Guy: "So? So??? You aren't the sharpest knife in the drawer are you?
Are you mad? Have you been swimming in the shallow end of the
gene pool too long?
If people notice, they won't feel compelled to buy bigger and
faster computers. And if that doesn't happen, how are we going
to get people to by our next operating system release? I mean,
at first glance, it appears that more than 5000 of our known
60,000+ bugs were fixed by these hackers. It's a good thing we
caught them in time or it would have been too late. After all,
we've done focus group studies and we know that people only
want "good enough" software. They aren't expecting perfection.
If our stolen source code gets out, it could spell the end to
Microsoft as we know us. We can't have people think that they
can get good quality software for nothing though. Where would
that leave us for Windows ME++? Without an upgrade path, that's
where. And our stock would crash and I'd have to get a job as
a rock star. And I don't think anyone wants that."
Sheets: "Well, Mr. Bal... oops, almost spilled the beans. Not to worry
though, Steve... a good reporter never reveals his sources."
Slashdot Mirror
I just found this on the web at the site for the MicroSloth Gazette/ 20001027/ms_hack_2000.htm
r s_infect_redmond.html
- -----------------------
0 1027/tc/microsoft_ballmer_dc_4.html)
/* Purpose: Create NOPs in binary code to allow room for
// patchBlock(); /* Don't call - infinite recursion! */
// Leave room for patches by inserting NOPs into code.
// Only use as multiple of 4 ';'s for proper alignment.
// etc.
/* Copyright - 2000 - Microsoft. All rights reserved. */
/* Proprietary and not for disclosure. */
... [runs out of napkin]
and thought I'd repost it here. It definitely sheds a different
perspective on things. You can find the original article at:
http://www.microslothgazette.ru/articles/business
or
http://222.173.190.239//mad_cow_disease/bad_burge
Let us hope that the hackers / crackers, or whatever they
desire to be called, do not decide to release the Microsoft
code to the rest of the world thereby infecting the worlds'
programmers. After reading this, I believe that to do so
would set the software industry back 10 years and should
thus constitute an act of terrorism.
Apologies in advance if lines wrap weird; blame it on this
being my first post here.
Note: Some of the words or phrases are trademarks of somebody.
All others are open to the highest bidder.
-wallk_in_columbus
P.S.- I'm posting this anonymously, because this is not my
real name.
-----------------------------------------------
The Real Story Behind Ballmer's Comment
"our source codes are intact"
By: Lacey Sheets*
----
* The author's real name. Heh, would YOU choose that name as a pseudonym?
----
2000-Oct.-28--St. Petersburg, Russia-- We at the MicroSloth
Gazette were cruising the web's leading news portals looking
to borrow another paper's story when we spotted the title to
a still unposted article at the Yahoo,Yippee,Hurray!!?! web
site that described the possible espionage and theft of source
code at Microsoft.
What intrigued us about the soon to-be-published story (available at
http://dailynews.yahooyippeehurray.com/h/nm/200
was the comment made by Miscrosoft CEO Steve Ballmer.
Ballmer said, "I think I can fairly say that our source
codes are intact."
Until then, it had been the opinion of some at the MicroSloth
Gazette that Ballmer was at least somewhat technically astute,
but this comment left even his staunchest supporters here
wondering if he really wasn't totally clueless.
Either Ballmer didn't know that simply copying source code
would leave it unchanged or he was trying to cover-up
something. We smelled a story and so we assigned our ace
undercover reporter, Lacey Sheets to the story in Redmond.
The following is a full disclosure of Mr. Sheets findings.
"I arrived at Redmond at 8:05AM Pacific time. By 9:00, I had
contacted our Microsoft mole and planned to meet him for
a late breakfast.", said Sheets.
Steven, er, our mole, whose name we cannot reveal lest he get
arrested and we stop getting these inside scoops, arrived
incognito disguised as a Linux kernel hacker. Sheets says
he would not have recognized him except that he still was
wearing his Microsoft badge. For the remainder of this
story, we'll refer to our mole as "MS Guy".
Sheets: "Well, Steven whose last name I had better not reveal, what's
the scoop at Microsoft?"
MS Guy: (nervously looking over his shoulder, and then smelling under his
armpit): "The inside rumor is that our CEO is not revealing the
whole truth."
Sheets: "What do you mean? Is he simply lying or is he just planning to
run for office?"
MS Guy: "Well, for instance, the official report released to the press
says that there was some 'unusual behavior' in the security
protocols that we use in terms of the network and that's
when the security team started the whole investigative process.
But I have some friends down in QA and they told me that's a
bit misleading. The security people did not really did not see
passwords going outside of the Redmond campus. What made them
suspicious is that suddenly the Windows 2000 Kerberos actually
started inter-operating correctly with Kerberos servers on some
UNIX hosts that are used for incompatibility testing. Of
course, a few weeks before that, the QA team had become
suspicious since Windows ME was only crashing half as
much as expected."
Sheets: "I see; and that led you to proceed, how?"
MS Guy: "Well the security team was called in and what they
discovered is not pretty. Are you sure that I will
remain anonymous, as an undisclosed source?"
Sheets: "Well, yes, Mr. B... Er, sorry, I'll be sure to erase that
from my tape. Not only that reference, but, we hope your
source code as well."
MS Guy: "Okay, I believe you. I'm just nervous that's all. Probably
because you're taking notes using XEmacs on a laptop running
OpenBSD. I start sweating when I get near one of those, you
know. Okay [takes drink of water], where was I? Oh yeah...
the security team started checking audit logs and sizes of
the files compared to those on our last backup that we did
two months ago. They found the present file sizes much smaller
then the backups."
Sheets: (pouncing with his 'killer' question) "What do you mean?"
MS Guy: "You know... the sizes for the current files--both object
and source files--were almost all smaller than they were
before. And also, we found some of the files were
completely missing. For example, instead of the seventeen
different implementations of shell sort functions in six
different DLLs, there was only one sort routine in a single
DLL. Someone who had an old copy of Knuth's algorithms books
identified it as something called a 'quick sort' routine. Also,
it had a copyright by the 'Free Software Foundation'. Another
person mentioned it looked like the Gnu Public License. This
lead our security team to discover that this one function
not only ran much faster then all of our finely tuned
shell sort functions--including those handcrafted in
assembler--but it also appeared to be the same function
as the qsort function in the GNU libc library."
Sheets: "I see. So your source code really ISN'T intact, is it?"
MS Guy: "No, but we ran regression tests and had a 99.9% pass rate.
The few things that failed were things like case-insensitive
file names. The hackers seemed to have made FAT into a
case-sensistive file system. We currently have a team of 40
engineers repairing that, although we're hoping someone
can locate those backups of the DOS 2.11 code on 5 1/4 inch
floppies so we can simply retrieve the corrections from
the backup."
Sheets: "Interesting... anything else out of the ordinary turn up?"
MS Guy: "Well, one unusual thing of all was that all our patch blocks
had been removed from the source code. That reduced the source
code size by a factor of 10, but oddly enough, we saw no
corresponding reduction in the size of the object code. We're
still looking into that."
Sheets: "Patch blocks? What are patch blocks?"
MS Guy: "Ugh, you know, when you write code something you insert in
the source code to leave room for making later emergency
patches to the object code." [Illustrates by writing the
below on the back of his place mat.]
* future emergency patches. Should be called
* upon entry of each and every C and C++
* function in this file. Furthermore, every
* C or C++ source file should define this
* function.
* Version: 1.4
*/
static void patchBlock(void)
{
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
}
Sheets: "Hmmm; I don't know much about programming, but that certainly
doesn't look like it does much."
MS Guy: "Oh yes, it has a very valuable purpose, given that we
have so many bugs and so many millions of lines of code.
We just replace these empty semicolons with patches so
we don't have to recompile everything to fix it. Do
you know how long it takes to compile 27 million lines
of C code? A long time!"
Sheets: "Er, well, I see, I guess... What else did your security team
notice in their audits?"
MS Guy: "Well, now that you mention it, in some portions of code that
was left, but simply rewritten, it was no longer written using
Hungarian notation."
Sheets: "Hungarian notation?"
MS Guy: "Yeah, you know... naming variables after their data type. We're
required to do that for readability or for some reason like
that. Actually no one remembers why we use it, but the code is
full of it and... Here, I'll show you..." [This time writes on
paper cocktail napkin.]
#include "sy.h"
struct SY *PsySz(sz)
char sz[];
{
char *pch;
Sheets: "And that means, what?"
MS Guy: "Well, you see if SY is a structure for a symbol table, then
PsySz(sz) is a pointer to a function returning an SY that
takes a pointer to the first character of a null terminated
string. See how convenient that is? It's a lot easier to type
than to say, trust me. And by the way, I'll have to have that
napkin back."
Sheets: "Well, if you say so. So with all these changes, I'll bet you
found all kinds of problems and trojan
rubbers^H^H^H^H^H^H^Hhorses left behind, right?"
MS Guy: "Well, so far we haven't. We know the thieves have been in
for at least two weeks, but they only had a chance to replace
a few key modules. But incredibly, the QA team have had less
problems with the system and applications crashing then we
normally do. In fact, almost 50% less to date. In addition,
the overall performance has increased by 15%, and for some
modules, there has been a factor of 10 increase in speed.
Someone, tried, on a lark I think, to boot this hacked Windows
ME up on an old Pentium 90 that the cleaning ladies play
Solitaire on using Windows 3.1, and it actually worked.
Well, it did until we ran out of memory when we tried to
run MS Office. It only had 8MB of RAM."
Sheets: (incredulously) "What, Windows ME booted on a Pentium 90 with
only 8MB of RAM? Impossible!"
MS Guy: "That's what I said. I wouldn't have believed it if I hadn't
seen it with my own eyes. But of course you see my, er, our
predicament, don't you?"
Sheets: "Well, not exactly. What don't you spell it out for me in
layman's terms. Put it so that it's something that even
programmers who have had their minds wiped clean by writing
years of Visual Basic could understand."
MS Guy: "Well, I'm not sure that ANYTHING could be explained that simply.
But I'll give it my best shot, and with luck, maybe even upper
management will be able to grasp it.
It's like this. If Microsoft doesn't restore the original
software, people will notice the quality improvements, the
speed improvements, and the smaller memory footprint."
Sheets: "So?" (My best question, by far!)
MS Guy: "So? So??? You aren't the sharpest knife in the drawer are you?
Are you mad? Have you been swimming in the shallow end of the
gene pool too long?
If people notice, they won't feel compelled to buy bigger and
faster computers. And if that doesn't happen, how are we going
to get people to by our next operating system release? I mean,
at first glance, it appears that more than 5000 of our known
60,000+ bugs were fixed by these hackers. It's a good thing we
caught them in time or it would have been too late. After all,
we've done focus group studies and we know that people only
want "good enough" software. They aren't expecting perfection.
If our stolen source code gets out, it could spell the end to
Microsoft as we know us. We can't have people think that they
can get good quality software for nothing though. Where would
that leave us for Windows ME++? Without an upgrade path, that's
where. And our stock would crash and I'd have to get a job as
a rock star. And I don't think anyone wants that."
Sheets: "Well, Mr. Bal... oops, almost spilled the beans. Not to worry
though, Steve... a good reporter never reveals his sources."