Windows - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Windows


Leaked Code Still Could Bear Malicious Fruit



 By: Dennis Fisher
2004-03-14
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Windows story.


Rate This Article:
Poor Best
When news of the leak of a portion of Windows source code broke last month, many in the security community cautioned against overreacting, saying that the leak likely wouldn't lead to a slew of new vulnerability discoveries.

When news of the leak of a portion of Windows source code broke last month, many in the security community cautioned against overreacting, saying that the leak likely wouldnt lead to a slew of new vulnerability discoveries. But that attitude has changed in recent weeks because researchers said that crackers have uncovered several previously unknown vulnerabilities in the code and appear determined to keep the flaws quiet for their private use.

Many in the legitimate security world have shied away from downloading and examining the code, out of fear of legal problems with Microsoft and out of a desire to keep their research unspoiled by what could be corrupt or damaged code. However, malicious crackers have had no such reservations. Immediately following the codes posting on the Internet, members of the security underground began poring over the code, searching for undocumented features and flaws that might give them a new way to break into Windows machines.

There were some early claims of success, including one man who said he found a new vulnerability in Microsoft Corp.s Internet Explorer. However, at the time, security experts said that because the leaked code was so old and was only a fragment of the entire Windows source, there would likely be few actual weaknesses found. But experts who monitor the underground security community said the crackers continued to share the code with one another and have apparently had some success probing for flaws.

Resource Library:

"I know of vulnerabilities that have been discovered as a result of the code being exposed to the Internet. I suspect that additional new vulnerabilities will be discovered as time goes on, due to the breach of security," said Ken Dunham, malicious-code manager at iDefense Inc., a security intelligence company in Reston, Va.

The real danger isnt the vulnerabilities that this crowd finds and then posts for all the world to see; its the ones that they keep to themselves for personal use that have researchers worried. Experts said there has been a lot of talk about such finds on cracker bulletin boards and Internet Relay Chat channels of late, indicating that some of the bad guys are busily adding new weapons to their armories.

"We are always keeping an open ear in the underground, and people are definitely finding good use of the leaked source," said Thor Larholm, senior security researcher at Pivx Solutions LLC, based in Newport Beach, Calif. "However, they are also keenly aware that Microsoft is actively pursuing anyone that claims to have a copy of the source, so they are keeping a low profile. So far, we have seen a few publicly announced vulnerabilities based off the leaked source, but I estimate that most of the remaining vulnerabilities will be kept out of public view and part of private weapon arsenals."

Another concern for Microsoft and its millions of customers is that even though the leaked code is more than 10 years old, it forms the base of the companys current operating system offerings, Windows XP and Windows Server 2003. This means that any vulnerabilities found in Windows NT or Windows 2000 could exist in the newer versions as well. This kind of thing keeps security people awake at night, tormented by visions of crackers roaming unchecked through their networks.

"Perhaps the greatest danger is that code in the leaked data is the same as that in nonleaked source code. If that is the case, it may give hackers additional motive and payoff for exploiting something that is a newfound vulnerability that may work in multiple [operating systems]," said iDefenses Dunham.

Check out eWEEK.coms Windows Center at http://windows.eweek.com for Microsoft and Windows news, views and analysis.
Be sure to add our eWEEK.com Windows news feed to your RSS newsreader or My Yahoo page:  



  Reader Comments: Leaked Code Still Could Bear Malicious Fruit
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Windows Articles          >>> More By Dennis Fisher
 


x}r㶲s\@♵M=ҔlcؖפN 1Er=JN~b:?qtMZe2{&-`h F; IG=!hnQ?sF7郿O$w}(s-G7^=A-wu E]}4 99r z=>%߽w *s=NN5KԜLxg&l es`p,="8zڀ':2,,Z P8$H.{H~Thg;9:"a}c$aL<Ĵ'l^b&{Bq<5;^7;F~B {.Y^Lߵ!Zq8b'*#O^3lְB1BE8 /t#,gu'9"QcO$ա%Uq˝LJAtX}:|p x09ry j5jfL {n_%z0sw<:"=3~4dЌaQӸ/! d2V#RbچgO?LI…N؎MYnݰ뺷}=-:ԍ!{֛i]Ԓ],r,U)0O)L|@?҈c"S9ˡ,șF3,Ӹ4 HSKVUBX)ڑ^0[=l*sܼϿΕiR]vήr$Qwwܖu`*.:'^O.7wq@α{A~A7"DT)Jj\(͒DCajLmd:~Hs|T㍒~7jJV4E; KHR ])1N,ԐX;~K~6/NM퓳NlM,!R42V,]?c{Ӡzq{ں}\=rڽ&MCR=BgC: ɗVy['^=:$Yz>5406Z-$5VMusBr,Ndo/ !}O}nr2GrI/o"KŗG)Hk7G osDfw[ atBjmҔ#Rƒ tKs;j\K}0[=RFp JpJq䰉3Zش 6,%̛ hJ@M2X U >hI,E[!fT}N}%I FBzBp4NQ'}Y}vi|Q}Ѧ>83ݘI70i\+Gݺ~NnXŞ*Fԇ9[i50CGA 6v|scм`y&@ܛ@[3衟#]ӽ[:?A2/?>fxsܧP}MrA}6g`sDoiChnPB?Ԇ!~9.b&A/tKt=JIAF"D%  h4AǰEEN@@7;.VKŤ\*1=Ri !sg Rsvn KŔ=*%nqR%a 3ʬ$&vϏa[LboD6], S mo3-muk{XT4V§#&c0a z {[W5ܴF K0Pl;i`0Ԑ(ʲEg9@ypm'ȓcS@6Êi֜Ǻ 2&٢͙iÂqjS9_A\!j5Xjo<` Yu-\'1uC4fX7*p=&.0|jj iS w$m˴)s7BgsݐC/2$\^&AB1 6d:l';oW fnR>MO9XScXO`Da>`(^HIbЙj!@)zէl.>?ΖM"kͲG{_No6ҁy2Km g@yC dl+/,;7kc:J+_iiHH*6@\X3-# %.?W0ZԒ686pc>7l{`(`R5JȄeê%M*K; ʸA6`ADLl5KW)թw⸀4="7zu@nztq˱3 ?`ǟG(a!w1ZJkX$ M=̔:Y[ |@'K |o2tJ.k1sM^^W꺰+]69g&A>0|p$'Z>plZ`/R7&twڵj 1SQ_.)UQH~2;2.eX k;=c*O|qNx@ Ez .҈ ڀ DrAab D$T `nR@:kRUԓxZC@^~~J%$tX2H=j=tǜ}h3ʫ2 yYZ J qlheU-UjRAfsϏyO="1Ԁ1h_yw꾿g՛? ڀRz7ܦ;PCs㑏.S˰)#.# ,c`72$hWXSJ$z0 w% ' L-n53Mᗬ6{ 0v?3j􍹏 8@qs;OM?b'%:<"pwC*2,`wY0>AG5"耰!(3E6(9;@+%5-| I1H%[SsGŕRCa׃133b_@URTʚwZu^,]pHRT i^p ZN&ZFB-†89k* OM= hQˤ̓G\\7hg?"XWP)~3hć)usC\Դ"Hw ضRsG'D.ƈkS@gt@ ɢ\' WeRU8J3Az' vBq]64HXx|{ `?KHHD>DiF\{e">QP(㜌t/xqq`zY*o@/I6S.:;Ղ_ ݘb3axք-$Qԕº}wiIAcا˾tڼ:#@#ЫH~x;C:(#r|8GijJx-}E\:$#?\w?^EC] gyi:dB&vB, 'H oHzq!'^Y{{l:km}<.odhq^8K%y;"˶u ߽<rDpBjw>\(d0 srn^ 6b7L`jX&ID#Sk!k`ziB_KվĂqK՜$"j ON3$nPe88mj1w~eXFwoH2|(_bHH\T dDӻ:o~Nlen/ m! D785S*PW2REHIAFZu_f bt<~Ut":Ho1r!~_!c&o8~P6hLuf:nܐ!4t㿜yAG$M "a]Zqn{ӾJ=$Ss4vD)fTxi'y0:Ɩp8쀒N1{LGlOܡM]nĖ39Z)ŔL iuxȠ3%dBE۰Blb%%hҫoeW!؁\Cp0 Zl aڕCrWkb~=DZU$ݝf0FX4b`/awʜW#SaZ ?Y ./v6}`>&k?dN-Ɣ @ف9^gtb )ca0 ~]ު箅MM%&aq*hcͰ<#sÑ3MGZ]ry}Mg q+=Fz t{Do7ۨ.||,=}![7'zxyuo8!M k_:ܓ9̆ 'oc Ǿv/ݻw~Zږ[q*A=wKb5o14L,*z>;[fv?sL:>dO1\j[@3zyg,d9a}43ؖrbLd<$J;omݭn T v_!O!%FJMc-!_Ц õcVǴ IpjulE;/'Ɏ?e{kA|;-e\1kp௩_Lo-)B?дg=.00S/sK[^}lQߏo%~!әi*2.CN_cO`]WrZs&~;:I# 3Xx!)Qh?Y6L@o5?S'`@؈G DU~{zT_ٻ47bo9%$(7CfH+weJM6Fxё?XP[3NL7- `J/֜y'+4JrUh! =[.`ƈh6FDc5'Dc$RvFd2{ ƙf9Md!ƳA޵.yyJ6y/t'2s!gT9ؔhSK BA)-1?ƉO,.C$Ob(TU~3پ*B$=1g -lKPHQ(\z>Kka ne׵>fWjMɠ{所h;`+; 6 }ATXz45 4/]YTZxx?l;K}MÀeR 4ېO!@#hD@SB}; vkmzaǂfں5z`1t2`:^ UUnCoA'I$O8xZ0_|V(Ihi<ݥZݖ:/E /{j9.z*eW)":=T@]R%%@xM+gPB"Pg $!}DbV4ێm'(Ue[Y%%#w`dvEu@W\lax1^"M`GxWA1;4ZAd QCѨb "+[f~ ~eq0%< Sbbbb~]sQ+/beKxכtB`TYVkzτ|TB듋W2Ӿa5X4?r~^kI;M75a^Pe>at=g25u{q<Z,o&a"vC >|}P3_ 6B=_gؒ0 / E2'>,B+Ov T/"_d*_ 4X=:uKM}+u8wSD),$?&E Ea94\1po`98}ej؈3;%^\4cA҂TuMS777* WxX"w6_,r^̃JO\3 )LMYyROSkJx >tx1nniy!N1#!8B Tpg;M藒Ɠ_ݒ*/ߗ/{jYҹ>E{D3,{ ` &M^wucS ]S7@6-)hVCX.$Ye(nUc/~)19|w 6Nuf_T:pۍUgm0 ) 6݃;KnH,^D4t˘{EAC! * ƛʟH/(v~c_9gCɹ2ǶD7Kbqt{/D-6=>sdiditb9P᥇6Kɜy 9xg OG&+ k&s8ܭضkeVؑA_Ae1h8FF DOx-&n}`.@;`q7'5P#_>p|kl. P'y355EtcuIWh Ν3>k.P=?(b A$'?[b=rQQF3\OkB *K_|5'5Osi`uq3nݺlP!Nigf5Nơc67{{m_ro6`^lj[VEQ~z򃧻.L m~[~G̹+ftQ-gvc ~2oO@85Q/NlHD(&wGPEX1̭-?dn;=V_҈p=yW`Έ/cc RpsF"a1O_/Em/4oqfx|WciYɀ{@4=0n*L,S&Lm!90! ǔhM6]`kmw>Ļ&fcCя"9svh2݀w *k+H 9T\ǭ7| ךOLiH:K␢^ciLWo * O2@7OXl }LQӬf;\:6MWz@~rp߿ߋ ?3 /H?tȕ'η> 2~(^Ax8j %K{{[ Ӹ$nݯ!< Vv{"6(ʊvךS|l:n»d*ju:f-#/~Us{@RCB(lkhF]⑂8h{y~r,zbE7}8EDpvQrBYm#'$&Jjid}ǎ3{#8pkjj55V^ Ru/akjrF-?x$ǍE/]^|M~8.24ó;  /(_7`;LV \sj61R>&sjx3VQjz~zr_ZJӂ,w)]do=05֘0HtL'fbTy  6G󼦘hCe&L8h;b<=VڹjqwzRKo^;G'inVu&rCK9#n@)Ɗ'찔?1:{x-[愫 (2a:$.+JAWKy»r*}/~m#k^bʑf`NΨo)5e1 `8*gj5U KK 2@: xE?=׽nrn-i`I; lx Dx&˂ۈ9S"xք0mÚ3br67kN^( v#D[/d 6C;b<1c|>Oc/R#tQ:.( o%H)YPXP؟e KHB}s v6S,0uA"\2}ܣ0]:  %~6t0^Q1e& > c[7ΥIlDZ||N]ƒ $B1ӜhVxx?o14| =<RXX_1[> MꪂOJ 2,=VR⸹<>[A~guEo HD+^@03:%_Ч6#kws'rڽ&Mrznu^yO7a[kN|SwO'ݫOu粟kx SfyMP0mw %e9ũ.B*r4,xy^/>M83œ0E_CĨҫc9b_)oZ^OV\k)?=VՑt.1]v'f)^X!p7@Q`1D?sMo )n}>e;MjV}QyxQ3Q Q~ כO@͌.w3ʑ[V;O6~N3!>Bg\㬳5:r_'\fC;k(6 sȂ"?0_}^dE}"^fo2Ϡ,P ((̘K ̘..ȟn|fȗ+ 2޿Π11>_?m.1n&w1Mn66~oیon3/$)CAy3ϚWpz~;"9(/R*zUKӌgȳ+F7^˰sk3ce_/ˀOqsum%R+ ]Q%]pۭ]n@+G{1:,y& r hxVydb bye?VPw;]CҤ]z.!{%])W[O'ikr(s<2g)h{42'f[ !3}oAD1KA1_wͣ,e5;H_ehĻOٞ܃~n7}F>n_qL ~iMnڧnw[v<2kӫk+kp'k͠~%sS$N^#usC\ԴZjRsG'׈dr :〈bxӗUUEVro9 VVjb`"! *s>P`26UJ` }9!C;bhǜ[ɖ@=B^?FG'&Tk"/cRA6of)/^( ^"[v&Yc(<)""{ˋTx`L|Jh / q9|L:A^VٍV"Fn<4Nws@O碌CgHY&38S "{o0]6=Ǿw&=B这6%'x-&7:]|#̇.LeCzy;8,[aٴܐX[0Qqm`<ሇ8 }CP=ۺ9l܆,4 ]ݨ3𦬸K5 X 9co֌حY2^|1Oty'0OF<#FOb\װnBaIgLal~s(4>JxcϒW[o,(kQh/!I'kQ~?%qcOaYt WZoT($tPYzt|;6Mï$/_J[a>$N*۹7OXԝ:6Zd7Nk.<ۃcn"6G~;fPxUE'0P)n9wa3[T:>A{ۆ*ع s4cbVHh=)gOo-[@# e`7C2)&Yձ=wO 7g}޴;%:F=٭ 0 p,[f@6A|Joz;(NAeRb0yMvFc ?dtA!b[p@ lџfѮRLnlPP`Olԙj3w6E}2\XGx kyf#ŧ3+ot-(5x*{n·Oek[(| _a[0~Y+JbA,\n2?>Şi3{@ =( opPѵk+WeI$ցi)>(ZF#$c<ӭ典<P0߀~c.vQeN܌1MF.D]hT[)*ʢS6M /ߵSycD]Y>;Ѝ O1ngNb *:a1 g'{y{~kC'>& ;u 2^;FB~eaZϼ:?ʂo/RF$V/(ylHK9m5G0X1'NR't>f cJ\gGۂ~׍ŕcƂˉ.X)Z_MvdzU Z-^ch{X$֬="I깘 #y= f`5>gvC%zh.n&Ա`=bj8Lse$Q3|JKl g τ ixv4<5@T<nȲh1 c'rkI' )}ɦ"NԌaB6br =L$'8 3^߳|*/A,r*r* _xWI"cXM?X ړT+w\ƕYSq|:o\7,{ٗNOwcoh/=n%-EKB^i B"Awl:񪞽?`*XEl`bhP7]sTWVIĽFvݶ3HZW'5X-lu; o]jm٦4*i29Z{) q֫͝"mxTɉY+z[;6Nw6˄M b;d1Բ)N`(