Bugtraq mailing list archives
Re: W2K source "leaked"?
From: "Ho Chaw Ming" <chawming () pacific net sg>
Date: Tue, 17 Feb 2004 03:59:47 +0800
Well. the code doesn't exactly compile. A leak is a leak, and source isn't exactly like binaries. You can see trojans if they exist. ----- Original Message ----- From: <LordInfidel () directionweb com> To: <bugtraq () securityfocus com> Sent: Saturday, February 14, 2004 1:47 AM Subject: RE: W2K source "leaked"? Just a thought: Has anyone given any consideration that maybe this source is trojanized? It's obviously pirated, since MS probably did not release it to the general public. (At least they have not made a public announcement to that effect, unless I am mistaken and that is always a possibility) Not to mention, how are you going to guarantee it's validity? I can bet there are no official MS MD5 checksums to verify against what is contained in the package. Maybe we should step back for a second and take a closer look, apply some rational reasoning, rather then getting caught up in the hype. JMO LordInfidel -----Original Message----- From: Víctor [mailto:ixnay () infonegocio com] Sent: Thursday, February 12, 2004 7:47 PM To: tlarholm () pivx com Cc: ge () egotistical reprehensible net; bugtraq () securityfocus com; full-disclosure () lists netsys com Subject: Re: W2K source "leaked"? Check this out http://heim.ifi.uio.no/~mortehu/files.txt This seem the dir of the Windows source code, I dont know if it a hoax. And here is a torrent where it seem to be the source http://www.skittlebrau.org/ring0_src.tar.bz2.torrent This is all the information I have until now Regards On Thu, 12 Feb 2004 13:59:22 -0800 <tlarholm () pivx com> wrote:
This is not the first time that people have reported leaked copies of Windows source code. In 2000, Wired News reported that the source code for Whistler (now Windows XP) had been leaked, though they never confirmed it. http://www.wired.com/news/business/0,1367,35135,00.html WinBeta is also reporting on the new leak http://www.winbeta.org/winbeta/forums/index.php?showtopic=2663&st=0&#ent ry9449 0-day exploits being used on Microsofts network, foul play by privileged partners or a hoax? Let's see what Microsoft reports. Regards Thor Larholm Senior Security Researcher PivX Solutions 24 Corporate Plaza #180 Newport Beach, CA 92660 http://www.pivx.com thor () pivx com Phone: +1 (949) 231-8496 PGP: 0x5A276569 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569 PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of Qwik-Fix <http://www.qwik-fix.net> -----Original Message----- From: Gadi Evron [mailto:ge () egotistical reprehensible net] Sent: Thursday, February 12, 2004 1:49 PM To: bugtraq () securityfocus com Cc: full-disclosure () lists netsys com; Thor Larholm Subject: W2K source "leaked"? A couple of days ago a friend of mine drew my attention to the source making rounds on the encrypted p2p networks, I was hoping it would take a bit longer for it to be "out", but that was just day-dreaming. Thor Larholm just gave me this URL, as you can notice, the server is busy: http://www.neowin.net/comments.php?id=17509 I never believed in 0-days. "New" or more to the point un-known-to-the-public exploits and vulnerabilities exist and are being used. In my opinion "0-days" virtually don't exist. It's usually either some vulnerability that is long known and a COP or a worm is created. Or exploits that will nearly never see the "public" but exist and are used by few individuals.. but now... I don't know. How often does a brand new exploit come out without prior warning and "attack" the net? *If* this really is the.. _real_ source code for W2K (and according to the article NT4 as well).... we'll see what happens next. People didn't need help finding vulnerabilities in Windows before, but it just became a whole lot easier and a lot less demanding on the "m4d #4x0r 5k111z". I can't really say that the article is right and the source was "leaked" or "stolen". The source is being sold/given (?) for years now to EDU's and commercial companies for research purposes (not to mention China..). I suppose foul play is always possible. Can anyone confirm this is the real source code? How about a press release? :) Gadi Evron
-- ============================ it's so easy to forget me
Current thread:
- Re: W2K source "leaked"?, (continued)
- Re: W2K source "leaked"? Zhenkai Liang (Feb 13)
- RE: [inbox] W2K source "leaked"? Curt Purdy (Feb 16)
- RE: W2K source "leaked"? tlarholm (Feb 12)
- Re: W2K source "leaked"? Víctor (Feb 13)
- Re: W2K source "leaked"? Víctor (Feb 13)
- Re: W2K source "leaked"? Byron Copeland (Feb 16)
- RE: W2K source "leaked"? Drew Copley (Feb 13)
- Re: W2K source "leaked"? telec (Feb 13)
- RE: W2K source "leaked"? tlarholm (Feb 13)
- RE: W2K source "leaked"? LordInfidel (Feb 16)
- Re: W2K source "leaked"? Ho Chaw Ming (Feb 16)
- Re: [work] Re: W2K source "leaked"? opticfiber (Feb 17)
- Re: W2K source "leaked"? Ho Chaw Ming (Feb 16)