Full Disclosure mailing list archives
Re: Windows 2000 Source code .torrent
From: gabriel rosenkoetter <gr () eclipsed net>
Date: Sat, 14 Feb 2004 13:34:41 -0500
On Fri, Feb 13, 2004 at 03:44:55PM -0500, Mark Renouf wrote:
Click here, then OPEN the file: http://torrent.spyderlake.com/download.php?info_hash=f03fc1e04869294d5644d3c8c5d0fb8f2d26aa59Um, now was that really necessary?
Yeah, because, you know, this isn't full-disclosure or anything. Why would it be appropriate to discuss security vulnerabilities to which the vendor has not yet responded, and yet inappropriate to discuss files that are now in the public domain? (It doesn't matter if they were stolen: the cat's out of the bag. If they were leaked against contract language, that's an argument between MSFT and the leaker.)
Granted, at this point most anyone who bothered to look now has a copy of it, but still... I wouldn't be posting public links.
To what end? So that those in the infosec community who weren't on their favorite p2p or IRC network on Thursday evening don't have the opportunity to see and be prepared for the results of what the black hat community is already using to write new exploits? How could it benefit anyone to keep this secret at this point? The "bad" guys already have this information. The sooner responsible individuals also review the source and notify MSFT, the better. On Fri, Feb 13, 2004 at 07:28:51PM +0100, B3r3n wrote:
I would like to recall 99% of what peer to peer tools are sharing are illegal copies.
Huh? That sentence doesn't even make sense. Copies of what?
Could you please simply indicate us what is the file behind this hash?
I don't think you understand how BitTorrent functions. It's not possible to provide an answer to that question. On Sat, Feb 14, 2004 at 02:44:08AM +0100, Diego Calleja wrote:
Microsoft is obviously going to attack any site doing that. in fact, just look at the previous links given in this list: they've already dissapeared. And their lawyers will call your phone soon, if you own that site.
That's FUD. Earlier sites are far more likely to have stopped carrying these files because of the bandwidth pain they experienced. Posting a torrent publicly is a great way to reduce everyone's bandwidth usage.
Sincerely, I'd try to think in the consequences. Ie, how many time is going to take hackers to start looking for vulnerabilities.
They already are. How about the respectable security folks get the opportunity to do so as well?
How everybody outside the internet is going to ACK making P2P and other things illegal if worms start to appear.
FUD again.
And mainly, what market strategies is going to follow Microsoft with NT, now that it's just *NOT* possible to stop the leak....(ie: now that they fucked up us and everybody has it, why not just open all the code)
What color is the sky where you live? It is, in no way, in Microsoft's best interest for more of their code to become public. It's fine (and easily supportable) that OSS is more secure in the long run because of the greater number of eyes on it. That's true because that source has always been publicly available. Exposing more of MSFT's secure-through-obscurity source will only expose more security problems than anyone could hope to fix quickly enough. -- gabriel rosenkoetter gr () eclipsed net
Attachment:
_bin
Description:
Current thread:
- Windows 2000 Source code .torrent Joel R. Helgeson (Feb 13)
- Re: Windows 2000 Source code .torrent Mark Renouf (Feb 13)
- Re: Windows 2000 Source code .torrent gabriel rosenkoetter (Feb 14)
- Re: Windows 2000 Source code .torrent B3r3n (Feb 13)
- RE: Windows 2000 Source code .torrent Kurt Weiske (Feb 13)
- Re: Windows 2000 Source code .torrent Cael Abal (Feb 13)
- Re: Windows 2000 Source code .torrent CHS (Feb 13)
- Windows NT4 Source code .torrent? indianz (Feb 13)
- Re: Windows 2000 Source code .torrent Diego Calleja (Feb 13)
- Re: Windows 2000 Source code .torrent Mark Renouf (Feb 13)