Full Disclosure mailing list archives

Re: InfoSec sleuths beware ...

From: "Exibar" <exibar () thelair com>
Date: Thu, 19 Feb 2004 14:07:40 -0000

I would have to venture a guess that Microsoft would only distribute the
source code on protected and controlled CD's.  Possiblely burned in house
for the few authorized 3rd parties that are allowed to have the source.  I
remember reading that the whole of the source comes to 45 - 50 Gig in
size... that's a whole lot of CD's.

   I would think that a more controllable environment would be a laptop that
must phone home every 5 minutes of activity or gets securely wiped.  Better
yet, an encrypted laptop where access to the sourcecode is limited to 5
minutes and then you must FOB authenticate back into it.  After 30 minutes
of activity and no FOB re-entry you must call back to Microsoft for a new
software FOB.  After one hour of activity and no FOB authentication the
whole laptop becomes irreversibly encrypted and must be sent back to
Microsoft to be re-built.

   Ok maybe that's TOO secure :-)

  Exibar

----- Original Message ----- 
From: "Dave Horsfall" <dave () horsfall org>
To: <full-disclosure () lists netsys com>
Sent: Thursday, February 19, 2004 12:14 PM
Subject: Re: [Full-disclosure] InfoSec sleuths beware ...

On Thu, 19 Feb 2004, Exibar wrote:

  Seriously though, the leak was a "boo-boo" by one of Microsoft's
partners, I'm sure.  I'm sure that someone got their hand slapped pretty
hard for this blunder and I'm also sure that Microsoft will see that it
won't happen again and I seriously doubt that the source leak will cause
any sleepless nights.....  People make mistakes, they deal with it, and
move on with life....


Am I the only one to have noticed that the unzipped contents neatly fit on
a CD?  Not arguing one way or the other, but it does suggest a possible
vector.  Accidental?  I doubt it.

-- Dave

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: InfoSec sleuths beware, Microsoft's attorneys may be knocking at your door, (continued)
- - Re: InfoSec sleuths beware, Microsoft's attorneys may be knocking at your door Cael Abal (Feb 18)
    - Re: InfoSec sleuths beware, Microsoft's attorneys may be knocking at your door Blue Boar (Feb 18)
  - Re: InfoSec sleuths beware ... Gregory A. Gilliss (Feb 18)
    - Re: InfoSec sleuths beware ... Nancy Kramer (Feb 18)
    - RE: InfoSec sleuths beware ... Aditya, ALD [Aditya Lalit Deshmukh] (Feb 19)
    - Re: InfoSec sleuths beware ... madsaxon (Feb 18)
    - Re: InfoSec sleuths beware ... Byron Copeland (Feb 18)
    - Re: InfoSec sleuths beware ... madsaxon (Feb 18)
    - Re: InfoSec sleuths beware ... Exibar (Feb 19)
    - Re: InfoSec sleuths beware ... Dave Horsfall (Feb 19)
    - Re: InfoSec sleuths beware ... Exibar (Feb 19)
    - Re: InfoSec sleuths beware ... michael williamson (Feb 19)
    - Re: InfoSec sleuths beware ... Calum (Feb 19)
    - Re: InfoSec sleuths beware ... Dave Horsfall (Feb 20)
    - Re: InfoSec sleuths beware ... Gregory A. Gilliss (Feb 19)
  - Re: InfoSec sleuths beware, Microsoft's attorneys may be knocking at your door Bernie, CTA (Feb 18)