| gabriel rosenkoetter on 13 Feb 2004 03:05:03 -0000 |
|
I have strong reason to believe that this is, in fact, actual Microsoft source code that is actually in Windows. It isn't very much, though. (About 400 MB total, I understand.) -- gabriel rosenkoetter gr@eclipsed.net ----- Forwarded message from Gadi Evron <ge@egotistical.reprehensible.net> ----- From: Gadi Evron <ge@egotistical.reprehensible.net> Subject: W2K source "leaked"? Date: Thu, 12 Feb 2004 23:48:52 +0200 To: bugtraq@securityfocus.com Cc: full-disclosure@lists.netsys.com, Thor Larholm <thor@pivx.com> Delivered-To: gr@eclipsed.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 X-Accept-Language: en-us, en Errors-To: full-disclosure-admin@lists.netsys.com X-BeenThere: full-disclosure@lists.netsys.com X-Mailman-Version: 2.0.12 Precedence: bulk List-Unsubscribe: <http://lists.netsys.com/mailman/listinfo/full-disclosure>, <mailto:full-disclosure-request@lists.netsys.com?subject=unsubscribe> List-Id: Discussion of security issues <full-disclosure.lists.netsys.com> List-Post: <mailto:full-disclosure@lists.netsys.com> List-Help: <mailto:full-disclosure-request@lists.netsys.com?subject=help> List-Subscribe: <http://lists.netsys.com/mailman/listinfo/full-disclosure>, <mailto:full-disclosure-request@lists.netsys.com?subject=subscribe> List-Archive: <http://lists.netsys.com/pipermail/full-disclosure/> X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on uriel.eclipsed.net X-Spam-Report: * -4.9 BAYES_00 BODY: Bayesian spam probability is 0 to 1% * [score: 0.0000] X-Spam-Status: No, hits=-4.9 required=4.1 tests=BAYES_00 autolearn=ham version=2.60 X-Spam-Level: A couple of days ago a friend of mine drew my attention to the source making rounds on the encrypted p2p networks, I was hoping it would take a bit longer for it to be "out", but that was just day-dreaming. Thor Larholm just gave me this URL, as you can notice, the server is busy: http://www.neowin.net/comments.php?id=17509 I never believed in 0-days. "New" or more to the point un-known-to-the-public exploits and vulnerabilities exist and are being used. In my opinion "0-days" virtually don't exist. It's usually either some vulnerability that is long known and a COP or a worm is created. Or exploits that will nearly never see the "public" but exist and are used by few individuals.. but now... I don't know. How often does a brand new exploit come out without prior warning and "attack" the net? *If* this really is the.. _real_ source code for W2K (and according to the article NT4 as well).... we'll see what happens next. People didn't need help finding vulnerabilities in Windows before, but it just became a whole lot easier and a lot less demanding on the "m4d #4x0r 5k111z". I can't really say that the article is right and the source was "leaked" or "stolen". The source is being sold/given (?) for years now to EDU's and commercial companies for research purposes (not to mention China..). I suppose foul play is always possible. Can anyone confirm this is the real source code? How about a press release? :) Gadi Evron _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ----- End forwarded message ----- Attachment:
pgpan5IdiRwvp.pgp
|
|