This is quite dangerous for people who use Windows. According to Microsoft

"The source code leak could allow hackers to attack machines running some versions of Windows."

More information can be found in the link below

Source Code Leak on Windows
(http://www.cbc.ca/stories/news/2004/02/13/microsoft_sourcecode040213)


Jon

http://news.com.com/2100-7349-5158905.html?part=dht&tag=ntop more on the story here

Here's another follow up story from Netcraft.com about the Windows Source code leak.

Netcraft: Windows Leak: Security Problems of Open Source (http://news.netcraft.com/archives/2004/02/15/windows_leak_security_problems_of_open_source_with out_the_benefits.html)

Although they said that 15 Million lines of code out of the 35 million lines were stolen. There's still a possible threat to those who use Windows 2000 and NT. They never mentioned about Windows 2003 so I guess those who have just recently upgraded will not be affected.

The chart below according to Netcraft Shows that there's been a slight drop on the number of Windows NT and 2000 hostings and Windows 2003 is starting to overtake NT. Looks like the Win 2003 is starting to run at a smooth pace.

Windows Hosting Chart (http://news.netcraft.com/archives/2004/02/12/number_of_sites_running_windows_server_2003_overta kes_nt.html)


Jon

Hi, just a quick question. Is this news legit? Is this just another scheme to force NT and 2000 users to upgrade to 2003? It could be possible? What are your thoughts? Thanks...

Well this is my area of expertise so I thought I would chime in.

The leak is legit. The code was leaked from a company called mainsoft, which has been a continual partner of microsoft. Mainsoft utilizes the code to design linux and unix ports of the IE browser as well as a windows development tool kit.

The code that has been leaked has been used to develop a IE bug for the default install rev ver of IE that comes with 2000. Not much impact yet, but it is just the beginning.

Though many false versions are available on the P2P networks, legit copies are spreading through the security community as well as the FXP boards. We are basically in a race to have the "good guys" publically release the exploits so they can be fixed, vs the "bad guys" who will find exploits and keep them private and wreak havoc.

In response to issue with Windows 2003. Though there is less of a risk to these users, there is still a risk since certain portions are obviously reused. Most notable certain RPC functions and routines.

I hope this answers some of your questions. ;-) finally a topic I can give a good response to.

Just read this article in eweek

http://www.eweek.com/article2/0,4149,1526917,00.asp

Clearly, even with the code out there; there are good reasons to keep your eyes off of it.

In response to issue with Windows 2003. Though there is less of a risk to these users, there is still a risk since certain portions are obviously reused. Most notable certain RPC functions and routines.


I agree with you gsecur. The only thing i'm concern about is. Nations that are a threat to national security. Not that i'm exaggerating about it. Now that some of the code has been stolen, and i'm sure the government uses about 90% of their systems running Windows, there's a risk threat that some systems may be penetrated and some information may be stolen. I hope i'm wrong.

Jon

I agree with you gsecur. The only thing i'm concern about is. Nations that are a threat to national security. Not that i'm exaggerating about it. Now that some of the code has been stolen, and i'm sure the government uses about 90% of their systems running Windows, there's a risk threat that some systems may be penetrated and some information may be stolen. I hope i'm wrong.

I don't find that an exageration at all. Indeed this can pose such a risk. Your estimate of 90% windows utilization I find to be a bit low. I would say 99% of machines utilized by the government are windows 2000, including servers (most notably all email servers). Microsoft has acomplished this by offering some of the steepest discounts to the government. Sprinkled within that batch are some SUN and HP-UX devices as well as a bit of linux ;-)