Full Disclosure mailing list archives
Re: InfoSec sleuths beware ...
From: "Exibar" <exibar () thelair com>
Date: Thu, 19 Feb 2004 14:07:40 -0000
I would have to venture a guess that Microsoft would only distribute the source code on protected and controlled CD's. Possiblely burned in house for the few authorized 3rd parties that are allowed to have the source. I remember reading that the whole of the source comes to 45 - 50 Gig in size... that's a whole lot of CD's. I would think that a more controllable environment would be a laptop that must phone home every 5 minutes of activity or gets securely wiped. Better yet, an encrypted laptop where access to the sourcecode is limited to 5 minutes and then you must FOB authenticate back into it. After 30 minutes of activity and no FOB re-entry you must call back to Microsoft for a new software FOB. After one hour of activity and no FOB authentication the whole laptop becomes irreversibly encrypted and must be sent back to Microsoft to be re-built. Ok maybe that's TOO secure :-) Exibar ----- Original Message ----- From: "Dave Horsfall" <dave () horsfall org> To: <full-disclosure () lists netsys com> Sent: Thursday, February 19, 2004 12:14 PM Subject: Re: [Full-disclosure] InfoSec sleuths beware ...
On Thu, 19 Feb 2004, Exibar wrote:Seriously though, the leak was a "boo-boo" by one of Microsoft's partners, I'm sure. I'm sure that someone got their hand slapped pretty hard for this blunder and I'm also sure that Microsoft will see that it won't happen again and I seriously doubt that the source leak will cause any sleepless nights..... People make mistakes, they deal with it, and move on with life....Am I the only one to have noticed that the unzipped contents neatly fit on a CD? Not arguing one way or the other, but it does suggest a possible vector. Accidental? I doubt it. -- Dave _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: InfoSec sleuths beware, Microsoft's attorneys may be knocking at your door, (continued)
- Re: InfoSec sleuths beware, Microsoft's attorneys may be knocking at your door Cael Abal (Feb 18)
- Re: InfoSec sleuths beware ... Gregory A. Gilliss (Feb 18)
- Re: InfoSec sleuths beware ... Nancy Kramer (Feb 18)
- RE: InfoSec sleuths beware ... Aditya, ALD [Aditya Lalit Deshmukh] (Feb 19)
- Re: InfoSec sleuths beware ... madsaxon (Feb 18)
- Re: InfoSec sleuths beware ... Byron Copeland (Feb 18)
- Re: InfoSec sleuths beware ... madsaxon (Feb 18)
- Re: InfoSec sleuths beware ... Exibar (Feb 19)
- Re: InfoSec sleuths beware ... Dave Horsfall (Feb 19)
- Re: InfoSec sleuths beware ... Exibar (Feb 19)
- Re: InfoSec sleuths beware ... michael williamson (Feb 19)
- Re: InfoSec sleuths beware ... Calum (Feb 19)
- Re: InfoSec sleuths beware ... Dave Horsfall (Feb 20)
- Re: InfoSec sleuths beware ... Gregory A. Gilliss (Feb 19)