Re: [work] Re: W2K source "leaked"?

[opticfiber <opticfiber () topsight net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I guess when some one writes an exploit/POC based on the source they
reviewed and the POC actully works you can rest assured that the source
is true. If in fact the source did include some sort of trojan device
that matters not; according to various sources, large pieces of the code
are missing which make the remaining code impossible to compile.

OPT
| ----- Original Message -----
| From: <LordInfidel () directionweb com>
| To: <bugtraq () securityfocus com>
| Sent: Saturday, February 14, 2004 1:47 AM
| Subject: RE: W2K source "leaked"?
|
|
| Just a thought:
|
| Has anyone given any consideration that maybe this source is trojanized?
|
| It's obviously pirated, since MS probably did not release it to the
general
| public.
| (At least they have not made a public announcement to that effect,
unless I
| am mistaken
| and that is always a possibility)
|
| Not to mention, how are you going to guarantee it's validity?  I can bet
| there are no
| official MS MD5 checksums to verify against what is contained in the
| package.
|
| Maybe we should step back for a second and take a closer look, apply some
| rational reasoning,  rather then getting caught up in the hype.
|
| JMO
|
| LordInfidel
|
| -----Original Message-----
| From: Víctor [mailto:ixnay () infonegocio com]
| Sent: Thursday, February 12, 2004 7:47 PM
| To: tlarholm () pivx com
| Cc: ge () egotistical reprehensible net; bugtraq () securityfocus com;
| full-disclosure () lists netsys com
| Subject: Re: W2K source "leaked"?
|
|
| Check this out
|
| http://heim.ifi.uio.no/~mortehu/files.txt
|
| This seem the dir of the Windows source code, I dont know if it a hoax.
|
| And here is a torrent where it seem to be the source
| http://www.skittlebrau.org/ring0_src.tar.bz2.torrent
|
| This is all the information I have until now
|
| Regards
|
| On Thu, 12 Feb 2004 13:59:22 -0800
| <tlarholm () pivx com> wrote:
|
|
|>This is not the first time that people have reported leaked copies of
|>Windows source code. In 2000, Wired News reported that the source code
|>for Whistler (now Windows XP) had been leaked, though they never
|>confirmed it.
|>
|>http://www.wired.com/news/business/0,1367,35135,00.html
|>
|>WinBeta is also reporting on the new leak
|>
|>http://www.winbeta.org/winbeta/forums/index.php?showtopic=2663&st=0&#ent
|>ry9449
|>
|>0-day exploits being used on Microsofts network, foul play by privileged
|>partners or a hoax? Let's see what Microsoft reports.
|>
|>
|>
|>Regards
|>
|>Thor Larholm
|>Senior Security Researcher
|>PivX Solutions
|>24 Corporate Plaza #180
|>Newport Beach, CA 92660
|>http://www.pivx.com
|>thor () pivx com
|>Phone: +1 (949) 231-8496
|>PGP: 0x5A276569
|>6BB1 B77F CB62 0D3D 5A82 C65D E1A4 157C 5A27 6569
|>
|>PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
|>Qwik-Fix
|><http://www.qwik-fix.net>
|>
|>
|>-----Original Message-----
|>From: Gadi Evron [mailto:ge () egotistical reprehensible net]
|>Sent: Thursday, February 12, 2004 1:49 PM
|>To: bugtraq () securityfocus com
|>Cc: full-disclosure () lists netsys com; Thor Larholm
|>Subject: W2K source "leaked"?
|>
|>
|>A couple of days ago a friend of mine drew my attention to the source
|>making rounds on the encrypted p2p networks, I was hoping it would take
|>a bit longer for it to be "out", but that was just day-dreaming.
|>
|>Thor Larholm just gave me this URL, as you can notice, the server is
|>busy: http://www.neowin.net/comments.php?id=17509
|>
|>I never believed in 0-days. "New" or more to the point
|>un-known-to-the-public exploits and vulnerabilities exist and are being
|>used.
|>In my opinion "0-days" virtually don't exist. It's usually either some
|>vulnerability that is long known and a COP or a worm is created. Or
|>exploits that will nearly never see the "public" but exist and are used
|>by few individuals.. but now... I don't know.
|>
|>How often does a brand new exploit come out without prior warning and
|>"attack" the net?
|>
|>*If* this really is the.. _real_ source code for W2K (and according to
|>the article NT4 as well).... we'll see what happens next.
|>
|>People didn't need help finding vulnerabilities in Windows before, but
|>it just became a whole lot easier and a lot less demanding on the "m4d
|>#4x0r 5k111z".
|>
|>I can't really say that the article is right and the source was "leaked"
|>
|>or "stolen". The source is being sold/given (?) for years now to EDU's
|>and commercial companies for research purposes (not to mention China..).
|>
|>I suppose foul play is always possible.
|>
|>Can anyone confirm this is the real source code? How about a press
|>release? :)
|>
|>Gadi Evron
|>
|
|
|

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQEVAwUBQDFk1/DZRbtbKLDfAQLK5wf/RHKqxqJ5AXeuwSVl4W5IN2wn64h1xk4o
hJB3WU9ouldM+AqNqIDBswoR5hhFOOG8LjpIadlLwpiz8/dg5+mFL0IuV8EDxDNF
afw2nZoODFwcUibkzH7AM2uwu6e1Vu9dOf7EVuV2XxmyOHPdwPM1CVz2kP9eqXG/
Zi0UHATCfL7EB/4tfpjenwE2L1igYq+r1bgGQCfIQF8nhxB41dP7BIKgK1AtUXbH
LxMzbkADePcnQrzz1T+gS+rCR6IeOyqpZTMERZfXQ3LmyXb3LjQkERPYmHBKEYWJ
79YfsiE5+rMGHNt+m2zQPm7nm2qkegZitpaek8QnrGiLA+57BKMd4g==
=jIXH
-----END PGP SIGNATURE-----