Re: W2K source "leaked"?

["Ho Chaw Ming" <chawming () pacific net sg>]

Well. the code doesn't exactly compile. A leak is a leak, and source isn't
exactly like binaries. You can see trojans if they exist.

----- Original Message ----- 
From: <LordInfidel () directionweb com>
To: <bugtraq () securityfocus com>
Sent: Saturday, February 14, 2004 1:47 AM
Subject: RE: W2K source "leaked"?


Just a thought:

Has anyone given any consideration that maybe this source is trojanized?

It's obviously pirated, since MS probably did not release it to the general
public.
(At least they have not made a public announcement to that effect, unless I
am mistaken
and that is always a possibility)

Not to mention, how are you going to guarantee it's validity?  I can bet
there are no
official MS MD5 checksums to verify against what is contained in the
package.

Maybe we should step back for a second and take a closer look, apply some
rational reasoning,  rather then getting caught up in the hype.

JMO

LordInfidel

-----Original Message-----
From: Víctor [mailto:ixnay () infonegocio com]
Sent: Thursday, February 12, 2004 7:47 PM
To: tlarholm () pivx com
Cc: ge () egotistical reprehensible net; bugtraq () securityfocus com;
full-disclosure () lists netsys com
Subject: Re: W2K source "leaked"?


Check this out

http://heim.ifi.uio.no/~mortehu/files.txt

This seem the dir of the Windows source code, I dont know if it a hoax.

And here is a torrent where it seem to be the source
http://www.skittlebrau.org/ring0_src.tar.bz2.torrent

This is all the information I have until now

Regards

On Thu, 12 Feb 2004 13:59:22 -0800
<tlarholm () pivx com> wrote:

> This is not the first time that people have reported leaked copies of
> Windows source code. In 2000, Wired News reported that the source code
> for Whistler (now Windows XP) had been leaked, though they never
> confirmed it.
>
> http://www.wired.com/news/business/0,1367,35135,00.html
>
> WinBeta is also reporting on the new leak
>
> http://www.winbeta.org/winbeta/forums/index.php?showtopic=2663&st=0&#ent
> ry9449
>
> 0-day exploits being used on Microsofts network, foul play by privileged
> partners or a hoax? Let's see what Microsoft reports.
>
>
>
> Regards
>
> Thor Larholm
> Senior Security Researcher
> PivX Solutions
> 24 Corporate Plaza #180
> Newport Beach, CA 92660
> http://www.pivx.com
> thor () pivx com
> Phone: +1 (949) 231-8496
> PGP: 0x5A276569
> 6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569
>
> PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
> Qwik-Fix
> <http://www.qwik-fix.net>
>
>
> -----Original Message-----
> From: Gadi Evron [mailto:ge () egotistical reprehensible net]
> Sent: Thursday, February 12, 2004 1:49 PM
> To: bugtraq () securityfocus com
> Cc: full-disclosure () lists netsys com; Thor Larholm
> Subject: W2K source "leaked"?
>
>
> A couple of days ago a friend of mine drew my attention to the source
> making rounds on the encrypted p2p networks, I was hoping it would take
> a bit longer for it to be "out", but that was just day-dreaming.
>
> Thor Larholm just gave me this URL, as you can notice, the server is
> busy: http://www.neowin.net/comments.php?id=17509
>
> I never believed in 0-days. "New" or more to the point
> un-known-to-the-public exploits and vulnerabilities exist and are being
> used.
> In my opinion "0-days" virtually don't exist. It's usually either some
> vulnerability that is long known and a COP or a worm is created. Or
> exploits that will nearly never see the "public" but exist and are used
> by few individuals.. but now... I don't know.
>
> How often does a brand new exploit come out without prior warning and
> "attack" the net?
>
> *If* this really is the.. _real_ source code for W2K (and according to
> the article NT4 as well).... we'll see what happens next.
>
> People didn't need help finding vulnerabilities in Windows before, but
> it just became a whole lot easier and a lot less demanding on the "m4d
> #4x0r 5k111z".
>
> I can't really say that the article is right and the source was "leaked"
>
> or "stolen". The source is being sold/given (?) for years now to EDU's
> and commercial companies for research purposes (not to mention China..).
>
> I suppose foul play is always possible.
>
> Can anyone confirm this is the real source code? How about a press
> release? :)
>
> Gadi Evron


-- 
============================
it's so easy to forget me