Interesting People mailing list archives
more on Release of Windows Coding Is a New Worry for Microsoft
From: Dave Farber <dave () farber net>
Date: Sat, 14 Feb 2004 08:43:13 -0500
Delivered-To: dfarber+ () ux13 sp cs cmu edu Date: Sat, 14 Feb 2004 08:31:13 -0500 From: Bob Drzyzgula <bob () drzyzgula org> Subject: Re: [IP] Release of Windows Coding Is a New Worry for Microsoft To: Dave Farber <dave () farber net> Dave, A slightly different spin on this. --Bob Drzyzgula http://www.washingtonpost.com/wp-dyn/articles/A40843-2004Feb13.html | Tech Experts Downplay Theft of Windows Code | | By Mike Musgrove | Washington Post Staff Writer | Saturday, February 14, 2004; Page E01 | | Computer security experts continued to debate | yesterday the significance of the theft and Internet | posting of portions of Microsoft Corp.'s software | coding for the Windows operating system earlier | this week. | | Though two computer files containing some of the | raw programming used for Windows 2000 and NT 4.0 | were still being downloaded from hacker Web sites | yesterday, the early consensus among computer | engineers who study security is that the incident | may be more of a public relations embarrassment than | a looming security crisis for the software maker and | its customers. | | "It's certainly a big deal for Microsoft," said Bruce | Schneier, founder of Counterpane Internet Security | Inc. "But, as a security guy, I have a hard time | convincing myself we are going to see lots and lots | of vulnerabilities as a result of this." | | Schneier said he thinks it unlikely the incident would | lead to a major uptick in security incidents. "Finding | vulnerabilities in Microsoft code is so easy anyway," | he said. | | Microsoft said it has contacted the FBI about | the release. The company has suffered a number of | security-related embarrassments over the past several | months; the theft this week marked the third security | issue this month. The Redmond, Wash.-based software | giant had previously issued two separate advisories | about flaws in its software and offered users patches | to correct them. | | Marc Maiffret, a former hacker who started a computer | security company, said the wide availability of | portions of the Windows source code may make it | easier for hackers to write malicious software attacks | against parts of the operating system. But, he said, | most of the code that is now being downloaded across | the Web does not appear to reveal the inner workings | of Windows networking or data-sharing protocols -- | which are of the highest interest to hackers. | | "The code that got out isn't the very-important code | that people would've wanted," he said. | | Ken Dunham, director of malicious code at Reston-based | iDefense Inc., said he monitors hacker discussion | groups and chat rooms as part of his job and that | discussions about the stolen source code have gone | "through the roof" since the files surfaced Thursday | afternoon. | | Dunham said that, from preliminary looks, it appears | that the Windows code was stolen 18 months before it | was released to the Internet. He also said that it | looks like hackers may have edited or "played with" | parts of the code before releasing it. | | Though a culprit for the theft and Internet posting | has not been found, some of the lines of programming | contain notes that appear to have been made by | employees of a tech company named Mainsoft Corp. -- | leading some to believe that the files circulating | the Web were stolen from the company. | | The San Jose-based technology company is a Microsoft | partner that has helped make versions of Microsoft | products such as Internet Explorer, Outlook Express | and Windows Media Player run on the Unix operating | system. | | Mainsoft released a statement from its chairman, | J. Michael Gullard, saying that the company would | "cooperate fully with Microsoft and all authorities | in their investigation." | | Microsoft declined to comment on Mainsoft yesterday. A | spokeswoman for the company estimated that Microsoft | has shared parts of its code with 3,000 partner| companies and organizations.
------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Release of Windows Coding Is a New Worry for Microsoft Dave Farber (Feb 14)