Windows 2000 & Windows NT 4 Source Code Leaks

[darko21]

Copied from Neowin.net

Neowin has learned of shocking and potentially devastating news. It would appear that two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT. At this time, it is hard to establish whether or not full code has leaked, and this will undoubtedly remain the situation until an attempt is made to compile them. Microsoft are currently unavailable for comment surrounding this leak so we have no official response from them at the time of writing.

This leak is a shock not only to Neowin, but to the wider IT industry. The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn't bare thinking about.

We ask that for the wider benefit of the IT community that members and readers support Microsoft by forwarding anything they know about the leak to the Microsoft's Anti-Piracy department.

If I glanced at a spilt box of tooth picks on the floor, could I tell you how many are in the pile. Not a chance, But then again I don't have to buy my underware at Kmart.

 

[Spitfire_x86]

It's a very good news if it's true

----------------
<b><A HREF="http://geocities.com/spitfire_x86" target="_new">My Website</A></b>

<b><A HREF="http://geocities.com/spitfire_x86/myrig.html" target="_new">My Rig & 3DMark score</A></b>

 

[djsmiley]

Its both good and bad, i just want to see whos faster


The virus writers, or the patchers?


We will end up with one of 3, a DEAD os, a NEW os, or a PATCHED os.

I personally hope its the last one.


Thats even if this is the WHOLE code etc.
We have seen pranks before, this could just be another one.

Cheers.

<A HREF="http://www.pcpitstop.com/techexpress.asp?id=93KKKW4QV4MSW1M3" target="_new">PC STATS</A>
|| SmileY ||

 

[darko21]

Microsoft had a press release on their website but they pulled it. I'm not sure why. I found this though.

http://www.betanews.com/article.php3?sid=1076632515


Microsoft Investigates Leak of Windows Source Code
By Nate Mook and David Worthington, BetaNews
February 12th, 2004, 7:35 PM


UPDATED Microsoft is currently investigating a potential severe security breach that has let loose onto the Internet source code for its Windows 2000 operating system. Portions of the code viewed by BetaNews contain a mix of library files, executables, text documents, scripts, and un-compiled code.

In addition, rumors have begun to circulate claiming that the source code to Windows NT4 has also gone astray.

It is currently unknown how much of the source has been compromised, and just how damaging its disclosure will be for Microsoft.

The claimed Windows 2000 source code archive contains 30,915 files totaling approximately 13.5 million lines. The source is dated July 25, 2000, placing it after the official release of the operating system, which was rumored to contain between 35 and 50 million lines of code in its entirety.

Early references to "Whistler" -- the code-name for Windows XP -- can be found in the files, which is consistent with the post-Windows 2000 time frame. An internal alpha version of Whistler leaked in March 2000.

A Microsoft spokesperson told BetaNews that the company was looking into this as a matter of due diligence. "At this time, all we have to say is the rumor regarding the availability of Windows source code is based the speculation of an individual who saw a small section of un-identified code and thought it looked like Windows code," the spokesperson said. "If a small section of Windows source code were to be available, it would be a matter of intellectual property rights rather than security."

Sources indicates the leak is valid, but incomplete. Comments -- which are added to track changes to source code during development -- refer to specific bugs, Microsoft employees, and even organizational charts. Product code names are abound, with references to Daytona, Cairo, and Memphis, as well as beta timetables. The archive contains graphics files for Windows 2000 and Internet Explorer 5.0 included in resource files, according to sources.

Comments such as, "potentially off-by-1, but who cares..." are buried within code for the Windows Taskbar. Sources tell BetaNews there is no reference that calls Netscape developers "Weenies," as was alleged in court documents. Other comments range from mundane technical jargon to all out profanity.

This is not the first time Microsoft has experienced a code leak. Incomplete source to Microsoft's DOS version 6.22 surfaced years ago, but received little attention due to its obsolescence.

Senior Jupiter Research analyst Joe Wilcox told BetaNews he was surprised by the news. "I find it hard to believe that source code would leak. After all, companies put source code under lock and key, typically with no outside access available. That said, a substantial leak would be devastating for Microsoft."

"A source code leak would present multiple problems for Microsoft," explained Wilcox. "First, the loss of valuable intellectual property worth hundreds of millions in development cost. Second, hackers could look for and exploit new security vulnerabilities. That could create credibility loss for Microsoft, as some businesses question the security of Windows. Finally, Windows NT and 2000 are the foundation of Windows XP."


If I glanced at a spilt box of tooth picks on the floor, could I tell you how many are in the pile. Not a chance, But then again I don't have to buy my underware at Kmart.

 

[juin]

The FBI is allready on the case and i can guess there are army on that case to retriveve all file.If anyone want to see how federal prison look like go for it.Even anandtech made it clear not on our website.As any website that offer MS code to download pic or anything relate will be suit in court and put on the street.

Just to show dad

 

[tguzella]

LOL !!! Got the news today on the inquirer...
i cant find words to express my surprise. i would expect a new swarm of windows worms/viruses on the next months... or maybe not...

 

[DeEvolution]

LOL !!! Got the news today on the inquirer...
i cant find words to express my surprise. i would expect a new swarm of windows worms/viruses on the next months... or maybe not...

I would not expect a new swarm of exploit virii. There may be one or two, but it would be difficult to believe that M$ has that many severe security bugs remaining in the latest updates to Windows XP.

I am however more intrigued by the notion of the opportunities that this may provide for the Linux community. Windows interoperability has always been a difficult problem. For the first time they will no longer have to reverse engineer their solutions. They can simply look at the source code itself to design Windows compatability into their kernels.

<i>That</i> could very well provide Linux the opportunity needed to break into the M$-owned home/office market with a serious solution. Even if the legality is questioned in the courts I would still expect it to take on a serious hold that cannot be stopped if such is ever accomplished.


"Sad is the elephant upon the ice who went to put on his wooly coat only to realize that he left it in his other trunk." - DeEvolution

 

[darko21]

http://www.eweek.com/article2/0,4149,1526831,00.asp

BetaNews has learned that Thursday's leak of the Windows 2000 source code originated not from Microsoft, but from long-time Redmond partner Mainsoft.

The leaked code includes 30,915 files and was apparently removed from a Linux computer used by Mainsoft for development purposes. Dated July 25, 2000, the source code represents Windows 2000 Service Pack 1.

Analysis indicates files within the leaked archive are only a subset of the Windows source code, which was licensed to Mainsoft for use in the company's MainWin product. MainWin utilizes the source to create native Unix versions of Windows applications.

Mainsoft says it has incorporated millions of lines of untouched Windows code into MainWin.

Clues to the source code's origin lie in a "core dump" file, which is left by the Linux operating system to record the memory a program is using when it crashes. Further investigation by BetaNews revealed the machine was likely used by Mainsoft's Director of Technology, Eyal Alaluf.

References to MainWin can also be found throughout the leaked source files, which do not compile into a usable form of Windows.

Prior to Microsoft's Shared Source Initiative launched in 2001, Mainsoft, which calls itself "the software porting company," was one of only two partners with access to the Windows source code under Microsoft's Windows Interface Source Environment (WISE) program.

The goal of WISE is to enable developers to write applications using Windows APIs and deploy them on Unix operating systems such as Linux.

Mainsoft extended its WISE agreement with Microsoft in March 2000 to include access to the Windows 2000 source. Microsoft subsequently employed Mainsoft to port Windows Media Player 6.3 and Internet Explorer to Unix.

Although the leak poses a serious threat to Microsoft's intellectual property, its limited scope is sure to help the company alleviate fears of potential disaster. Microsoft has opened an investigation with the FBI and says its internal security in Redmond was not affected.

Because Mainsoft used only select portions of the Windows source for MainWin, Microsoft may find itself more worried about the egg on its face than possible exposure of its flagship operating system; Windows 2000 served as the foundation for Windows XP and Windows Server 2003.

It is not clear at this point how the three and a half year-old source code escaped Mainsoft.



If I glanced at a spilt box of tooth picks on the floor, could I tell you how many are in the pile. Not a chance, But then again I don't have to buy my underware at Kmart.

 

[darko21]

Statement from Microsoft Regarding Illegal Posting of Windows Source Code

REDMOND, Wash., Feb. 12, 2004 -- On Thursday, Microsoft became aware that portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet. It’s illegal for third parties to post Microsoft source code, and we take such activity very seriously.

We are currently investigating these postings and are working with the appropriate law-enforcement authorities.

At this point it does not appear that this is the result of any breach of Microsoft’s corporate network or internal security.

At this time there is no known impact on customers. We will continue to monitor the situation.



If I glanced at a spilt box of tooth picks on the floor, could I tell you how many are in the pile. Not a chance, But then again I don't have to buy my underware at Kmart.

 

[darko21]

Statement to the Media Regarding Microsoft Source Code Leak
Mainsoft has been a Microsoft partner since 1994, when we first entered a source code licensing agreement with Microsoft. Mainsoft takes Microsoft’s and all our customers’ security matters seriously, and we recognize the gravity of the situation.

We will cooperate fully with Microsoft and all authorities in their investigation

We are unable to issue any further statement or answer questions until we have more information.

From Mike Gullard, Chairman of the Board, Mainsoft Corporation


If I glanced at a spilt box of tooth picks on the floor, could I tell you how many are in the pile. Not a chance, But then again I don't have to buy my underware at Kmart.