Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    Experts Ponder Fallout From Windows Code Theft

    Written by

    Dennis Fisher
    Published February 13, 2004
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      A portion of source code from Windows NT 4.0 and Windows 2000 made its way onto the Internet Thursday, sending shockwaves throughout the industry over the potential harm that could be inflicted if the code were to land in the wrong hands and leading to internal and external investigations by Microsoft Corp.

      The sections of code, which amount to a tiny fraction of the entire operating systems instructions, apparently began circulating on peer-to-peer networks in the cracker underground early in the week, sources said. Someone then posted the code to a handful of Web sites, and on Thursday Microsoft officials confirmed the code was legitimate.

      Having even small portions of the Windows 2000 code freely available online is a nightmare scenario for Microsoft. The code is the basis for Windows XP and Windows Server 2003. Although the potential for piracy is lessened somewhat by the fact that the posted code was not a complete copy, concern is mounting that crackers will scour the code in search of unknown vulnerabilities.

      “Vulnerabilities in Windows NT and Windows 2000 will likely be much easier to discover and exploit now that the source code has been leaked to the Internet,” said Ken Dunham, malicious-code manager at iDefense Inc., based in Reston, Va. “There are a lot of implications to this. The situation just got a lot worse, in terms of vulnerabilities. I imagine well be seeing a lot more this year because of this. Theres certainly enough in [the leaked code] to play with.”

      iDefenses Dunham said that the code was spreading quickly in the cracker underground. There were reports that copies of the code were being passed around on underground file-sharing networks.

      But not everyone agrees that potential risks are associated with the leaked code. “Its pretty clear that people are already finding severe vulnerabilities in Windows anyway,” said Chris Wysopal, director of research and development at @Stake Inc., in Cambridge, Mass.

      As of press time no culprit had been named as the source of the leak, but people who examined the code said it contained several references to a Microsoft partner, Mainsoft Corp., of San Jose, Calif., including in one instance the companys e-mail address.

      /zimages/1/28571.gifClick here to read more about the analysis of the source code.

      However, at least one security expert suggested culpability rested elsewhere.

      “Unless someone went to a lot of trouble to do an elaborate frame-up, this looks like it was stolen from [Mainsofts] machine,” said Wysopal. “It seems unlikely that someone would go to all that trouble. Its more likely that they put the code on a misconfigured or insecure machine, and it got broken into.”

      On Friday, Mainsoft Chairman Mike Gullard in a statement offered no insight into the leak but acknowledged the issue. “Mainsoft takes Microsofts and all our customers security matters seriously, and we recognize the gravity of the situation.” Gullard added that Mainsoft will cooperate fully with the investigations.

      Mainsoft has been a partner of Microsoft since 1994 and, like many other partners, has had access to the Windows source code since then. In 2001, Microsoft extended the practice of sharing code with developers with an official program called the Shared Source Initiative. Not surprisingly, partners in the program are bound by strict license agreements.

      Because of the program, observers say there is little doubt Microsoft will move quickly to identify the source of the leak. In fact, following its acknowledgement of the leak, Microsoft officials said Shared Source personnel, not Microsofts security team, are handling the investigations into the code leak.

      A Microsoft spokesman refused to comment on the possible source of the code leak but said that federal law enforcement officials are conducting an investigation and that the company is confident the leak is not the result of a breach of Microsofts own network.

      In its acknowledgement of the leak, Microsoft said the following in a statement:

      “On Thursday, Microsoft became aware that portions of the Microsoft Windows 2000 and Windows NT 4.0 source code were illegally made available on the Internet. Its illegal for third parties to post Microsoft source code, and we take such activity very seriously.

      “We are currently investigating these postings and are working with the appropriate law-enforcement authorities. At this point it does not appear that this is the result of any breach of Microsofts corporate network or internal security. At this time there is no known impact on customers.”

      /zimages/1/28571.gifCheck out eWEEK.coms Security Center at security.eweek.com for security news, views and analysis.

      Dennis Fisher
      Dennis Fisher

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.