FBI on the Windows Source Code Theft 504
Chris Gondek writes "There are various articles about the Stolen Windows Source Code, but today it is confirmed that an FBI task force hunted for a cyber-criminal who posted on the internet source code for Windows which says 'I can confirm that the Northwest Cybercrime Task Force was investigating, FBI spokeswoman Robbie Burroughs said. The posted program is part of the source codes, or blueprints, for Windows 2000 and Windows NT 4.0, according to the company.' "
Simple question (Score:5, Interesting)
Comment removed (Score:4, Interesting)
Re:Simple question (Score:5, Interesting)
Although, they seemed to clamp down pretty hard on the DOS 6 distributors a few years ago - a few people still have the source to that, but you can't seem to find it out there any more!
Interesting note... (Score:3, Interesting)
Re:Scapegoat (Score:5, Interesting)
Blueprints? (Score:4, Interesting)
The BBCs Bill Thompson says in a recent article [bbc.co.uk]:
"In the coverage of the release of the Windows source code we've seen journalists try to describe what it is that has been posted to websites around the net, but those who didn't descend into cliche seemed only able to use the most misleading metaphors.
Perhaps the most common is to describe the source code as a "blueprint", presumably because we've all seen movies in which architects pore over blueprints of buildings under attack, or because middle-class readers all have the blueprints of their extensions carefully filed away.
But source code isn't the blueprint: it is the thing itself. The source is the set of instructions given to the computer that, when executed, cause the behaviour we see on screen."
Comment removed (Score:1, Interesting)
I don't know if this is true (Score:3, Interesting)
As one have already said here, the best thing to do is to stay away from that file.
Re:well... (Score:1, Interesting)
Not so much fuss about Debian or SF break ins (Score:5, Interesting)
You'd think the FBI had some sort of pro-corporate bias!
MSHTML was in the .tar and Winsock (Score:5, Interesting)
MSHTML.dll for those that don't know is the heart of Internet Explorer , (iexplore.exe is just a wrapper for mshtml) prepare for some exciting browser exploits , Winsock should ensure there is plenty of fun to be had with windows networking sockets
and don't forget MSPaint was in the source tree so Adobe had better watch out
Pure Public Relations (Score:5, Interesting)
"The announcement of the leak came on the same day Microsoft pushed in Washington for tougher anti-counterfeit legislation in the United States and worldwide, saying pervasive pirating of computer software was hurting the industry."
Given that any number of companies and computer professionals have access to Windows source for various reasons, it's not unreasonable to think that occasionally chunks of it appear in the wild.
And certainly a lack of source code hasn't slowed down the virus and worm industry.
Consequently I have to assume that this story is just a way for Microsoft to build support for even more draconian anti-piracy and DRM laws.
As a post-script - the original post and magazine link should be modded +5 funny at best. It's really quite pathetic.
Re:Blueprints? (Score:3, Interesting)
I agree whole heartedly with Bill Thompsons call for greater computer literacy but in the interim can anyone come up with a better way to explain what source is to someone who doesn't care how a computer is programmed but is worried hackers are going to get control of their computer after hearing the news reports.
Re:heh... (Score:2, Interesting)
Re:Scapegoat (Score:5, Interesting)
In summary, the media reports the catch and the outlandish - without bothering to follow through with what actually happens. The problem is solved from their end (to paraphrase office space).
The article is complete crap (Score:5, Interesting)
Counterfeiters don't want the source code, they just copy the binaries and maybe a hack to circumvent registration.
"Computer activists" even less so -- copying Windows code would poison any GPL project.
In any case, Microsoft's code allows the company to keep its near-monopoly on computer operating systems, for the same reason Coca-Cola guards its secret formula.
True; but the reason Coke and MS have near monopolies is because of marketing, not innate superiority of their products (Pepsi wins most blind taste tests; Macs win all usability tests).
In parts of Asia and the former Soviet Union piracy rates approach 90 per cent, they said. As a result, the US software industry loses $US13 billion ($A16.52 billion) a year for counterfeiting and other forms of software piracy.
Debatable; but irrelevant anyway.
The US Congress is considering legislation designed to close a number of legal loopholes often allowing counterfeiters to get away with their activities, specifically prohibiting trafficking in genuine authentication components.
Again, the idea that this will make piracy more prevalent -- it will have no affect at all on MS warez.
Microsoft doesn't know how the source was released (Score:5, Interesting)
--CTH
Piracy != lost profit (Score:5, Interesting)
It amazes me just how much emphasis is placed on financial losses due to piracy. Just because people are using pirated versions of software does not mean they would have bought it anyway! The figure qouted is a "best case scenario" projection of what could have been new sales, but the companies are not actually losing that amount from money they have already earned.
Re:Not so much fuss about Debian or SF break ins (Score:5, Interesting)
Re:Illegal to download? (Score:3, Interesting)
Re:Not normally pro Microsoft (Score:4, Interesting)
The leak of the code scares the shit out of me. We've had some rather nasty security bits on the net lately and this is not a reassuring development.
will increase the time I have to spend securing my system. although true, my main target in such a suit would MS itself for (1) not securing the code properly (2) recent stories (and past ones) of them sitting on security patches for months on end.
If someone broke into my house and I followed my handbook and best practice about securing my house and it was STILL penetrated I want to go after the security document, not the intruder (the intruder would be handled by the criminal courts, my case is civil and monetary in nature since everytime some BS exploit is released and MS hasn't a patch my company is spending money to monitor and sort things out.
Vary rarely will you see a class-action suit against an individual (I can't recall one, just ones against companies when their neglegence is going to lead to a large cash settlement..... I wonder how the MS lobbyest have protected them from such action)
Re:Not illegal in China,India,Asia,Europe,Scandina (Score:2, Interesting)
Well the defense of U.S. computers does depend a lot on the security of MS-Windows. And Microsoft has said that if the source code were made public then it would compromise the security of Windows.
So...
prepare for the imminent attack?
If you believe what Microsoft said in court, and what the US government said on TV, it might be time to look at buying generators and water filters...
Re:The article is complete crap (Score:3, Interesting)
Yep any p2p can track. (Score:5, Interesting)
But even there they can see your IP. There just is no way to prove it was you that did the request, or was just 'forwarding' the request thru your node....
Really? (Score:1, Interesting)
Local law enforcement has tried getting FBI help on a national crime. No go. Has the FBI become a paid political (read: send your donation here for prompt attention) entity like our congresscritters?
Re:Blueprints? (Score:4, Interesting)
top) go to the kitchen and get me a beer
lower) stand up
walk 12 paces due north
open the refrigerator
remove 1 beer
close the refrigerator
walk 12 paces due south
lower still) contract the following muscle groups until you are standing upright
The point is that we usually give instructions to other people in the first way, sometimes going into the detail of the second way, but never in the third because it would take too long and wouldn't work anyway (How do you describe the complex process of just standing upright? And in a way that applies to all people?)
In the same way, computers are programmed in one of the two first ways and although you can program them in the third way it takes longer and doesn't work for all computers in the same way.
Re:I don't know if this is true (Score:5, Interesting)
I spoke with a gent on the same network reporting the same experience (could be the same guy
It's not FUD. The gent in question also mentioned that his torrent download jumped from about 100K/s to 600K/s at some point through the download, which would lead me to believe that somebody with fat pipes *cough*Microsoft*cough* jumped into the swarm, likely in order to start tracing IP addresses.
I do wonder a bit about that, however, because if Microsoft jumps into the torrent to start nabbing IP's, haven't they also contributed to the dissemination of the source code by participating in its distribution? I'd imagine that it's no more of a problem for them legally than it is to undercover police selling drugs in sting operations. I do wonder if it should be, however...especially considering that they're *not* a law enforcement agency.
Dan
Re:Illegal to download? (Score:1, Interesting)
In this case, if they can find you downloading it, they surely can tell if you used it. If you downloaded it, and deleted it after figuring out what it was, then I feel sure you are clear.
If you have the recipes zip sitting there to look at later, then this could be sticky.
Regardless, simply downloading a file (without any type of intent) would be hard for a court to swallow. If so, you could mail child porn, source code, etc (using a non-descriptive filename) to anyone putting them in legal dires.
Suggestions?
That is the difference (Score:4, Interesting)
...between the real world and the ideal world.
First, get rid of the real bad guys. Once they are guarenteed to be gone, I'll support locking up anyone who enjoys 'testing' security on computers. Until then, they are a lesser evil made tolerable by their effect on the virulence of a greater evil.
On a side note - how often do you think the locks on your doors help you? I have yet to see a residential door that would stop a good shoulder. My old house had a lovely steel door - in a thin wood frame that would split if you looked at it. Windows break if they can't be jimmied. Only once was my house ever entered because I didn't lock the door - and that was a new neighbour who was mortified that she'd entered the wrong house!
Re:Illegal to download? (Score:2, Interesting)
Come to think of it, maybe people should do that. I can just imagine how happy the police would be about all those calls
Re:Tools alone dont assume guilt (Score:2, Interesting)
You say that also to victims of rape or other crimes?
handles? (Score:2, Interesting)
Re:Microsoft doesn't know how the source was relea (Score:2, Interesting)
Re:Simple question (Score:2, Interesting)
Re:Microsoft doesn't know how the source was relea (Score:2, Interesting)
who they issue them to hasn't occured to Microsoft. Their human
resource department must go to extremes to employ morons.
Looking at the src (Score:2, Interesting)
I'm surprised nobody has actually commented on the src here, maybe because they noticed the same thing I did - how good it is.
Coke Minus Cocaine But With Coca Derivatives? (Score:4, Interesting)
As I understand it (sorry I forget where I read this), although cocaine was removed from the formula, Coca-Cola continued to use other flavoring agents from the coca plant for some time (although I gather that today's Coke uses no coca derivatives whatsoever).
So
-kgj
Re:Fun files in the Win2000 source code (Score:2, Interesting)
enterp.bmp - a picture of the USS Enterprise D....i wonder what paramount will think?
Coke Adds ... Something (not sure what) (Score:3, Interesting)
Even with a low-cocaine coca plant, given how much Coca-Cola gets bottled and sold every second of the day, 24/7, around the world
In any case, Coca-Coca has no shortage of scandals [google.com] to deal with, e.g. alleged CIA connections [google.com], screwing Bob Kolody [google.com], etc....
-kgj
DMCA in full effect (Score:5, Interesting)
> Hash: SHA1
>
> J.K. Weston
> Microsoft Corporation
> One Microsoft Way
> Redmond, WA 98052
> jkweston@microsoft.com
> Tel: (425) 703-5529
>
>
>
> URGENT/IMMEDIATE ATTENTION REQUIRED
> VIA ELECTRONIC MAIL
>
> Re: NOTICE OF POTENTIAL UNLAWFUL DISTRIBUTION OF MICROSOFT SOURCE CODE AT:
> xx.xx.xx.xx
> Date of Infringement: Detail below.
>
> Dear xxxxxxxxxx:
>
> We have received information that one of your users as identified above by
> the SITE/URL xxxxxxxxx may have engaged in the unlawful distribution
> of Microsoft's source code for Windows 2000, and/or Windows NT4, by
> distributing and offering for download these source code files via a
> peer-to-peer network.
>
> Since you own this IP address, we request that you take appropriate action
> against the account holder under your Abuse Policy/Terms of Service
> Agreement.
>
> We also kindly request that you forward this notice promptly to the user
> of the IP address listed above at the time and date stated.
>
>
>
> To the user at xx.xx.xx.xx:
>
> The unauthorized copying and distribution of Microsoft's protected source
> code is a violation of both civil and criminal copyright and trade secret
> laws. If you have downloaded and are making the source code available for
> downloading by others, you are violating Microsoft's rights, and could be
> subject to severe civil and criminal penalties.
>
> Microsoft demands that you immediately (1) cease making Microsoft's source
> code available or otherwise distributing it, (2) destroy any and all
> copies you may have in your possession, and (3) provide us any and all
> information about how you came into possession of this code.
>
> Microsoft takes these issues very seriously, and will pursue legal action
> against individuals who take part in the proliferation of it source code.
> We look forward to your prompt cooperation. Should you need to contact
> me, I can be reached at the address above or at jkweston@microsoft.com.
>
> Very truly yours,
> By
> J.K. Weston
Blueprints? (Score:3, Interesting)
Re:Microsoft doesn't know how the source was relea (Score:4, Interesting)
http://www.eweek.com/article2/0,4149,1526831,00
Re:Scapegoat (Score:1, Interesting)
You must have a lot of extra money. Why not just:
1. Buy a wireless NIC at wal-mart.
2. Proceed as you decribed.
3. Throw NIC in fire
Stupid article (Score:4, Interesting)
An FBI task force hunted today for a cyber-criminal who posted on the internet source code for Windows, the jewels of Microsoft's software empire.
It hunted today, huh? Did they ride on horses when hunting? Will they stop hunting tomorrow? BTW, what the hell is "cyber-criminal"? And since when copyright violation is a crime? And didn't that idiot know that Windows is the brand for an OS, thus it's not really plural, so it would be jewel, not jewels.
In jeopardy is Microsoft's near-monopoly on operating systems found on 90 per cent of the world's personal computers.
How exactly is the near-monopoly in jeopardy? And while we are trying to understand the sentence, is the near-monopoly found on 90% of computers or is it the monopoly on Windows (i.e. the OS on 90% of computers)?
"I can confirm that" the Northwest Cybercrime Task Force was investigating, FBI spokeswoman Robbie Burroughs said.
What? Confirm WHAT??? Or, the quotation marks moved by themselves, never mind...
"Microsoft source code is both copyrighted and protected as a trade secret," the company said in a statement posted on its website today.
At least he managed to copy-paste the quote... I can't understand what "Microsoft source code" is, though...
"As such, it is illegal to post it, make it available to others, download it or use it.
The quote continues, but the ending quotation marks are missing... As for the MS press release [microsoft.com], I really like them saying that it is illegal to make the Windows source code available to others. What did they just do?
The posted program is part of the source codes, or blueprints, for Windows 2000 and Windows NT 4.0, according to the company.
Pluralisation again... Are the source codes similar to cheat codes in any way? The last time I checked it was code. And saying "or blueprints" sounds really stupid. Really. Nobody uses blueprints for software.
Counterfeiters have been trying to get their hands on Windows source code for years. So have computer activists who say that programs could be made to work better with Windows if the source code were public.
Oh, brilliant! I bet counterfeiters didn't knew what they were trying to do all that time. I though they were trying to duplicate CDs MS was openly selling in retail stores, sometimes cracking the copy-protection. Well, now that they got the source code they must be happy and probably will stop counterfeiting.
Microsoft said that its own security had not been breached by whomever did the posting, nor was it released by a series of companies and governments with whom it shares the source code for the purpose of building software to work with Windows.
What the fuck? Let me ponder the absurdity of this sentence for a second. The code neither came directly from MS machines, nor did it come from the series (what series?) of companies and governments who had the code? If I wasn't sure that the journalist is a total moron, I would presume he suspects universities or research institutes, the only remaining category, which was not vindicated.
In any case, Mi
Taxation without Representation (Score:2, Interesting)
See my subject and figure out if it feels familiar.
Re:there is no half of globalization (Score:1, Interesting)
On the other hand, we here in Slovakia are proud to be a better then Russia, even going to EU this year, you know. Probably BayTSP would be really ignored in Russia (or how about Iraq? try contacting your Iraqi friends
Murray Gell-Mann Amnesia effect. (Score:4, Interesting)
Check this out:
http://www.crichton-official.com/speeches/speec
Media carries with it a credibility that is totally undeserved. You have all experienced this, in what I call the Murray Gell-Mann Amnesia effect. (I refer to it by this name because I once discussed it with Murray Gell-Mann, and by dropping a famous name I imply greater importance to myself, and to the effect, than it would otherwise have.)
Briefly stated, the Gell-Mann Amnesia effect is as follows. You open the newspaper to an article on some subject you know well. In Murray's case, physics. In mine, show business. You read the article and see the journalist has absolutely no understanding of either the facts or the issues. Often, the article is so wrong it actually presents the story backward--reversing cause and effect. I call these the "wet streets cause rain" stories. Paper's full of them.
In any case, you read with exasperation or amusement the multiple errors in a story, and then turn the page to national or international affairs, and read as if the rest of the newspaper was somehow more accurate about Palestine than the baloney you just read. You turn the page, and forget what you know.
That is the Gell-Mann Amnesia effect. I'd point out it does not operate in other arenas of life. In ordinary life, if somebody consistently exaggerates or lies to you, you soon discount everything they say. In court, there is the legal doctrine of falsus in uno, falsus in omnibus, which means untruthful in one part, untruthful in all. But when it comes to the media, we believe against evidence that it is probably worth our time to read other parts of the paper. When, in fact, it almost certainly isn't. The only possible explanation for our behavior is amnesia.
Re:Scapegoat (Score:3, Interesting)
The Linux thing is just Microsoft/media twist.
Grep fun with W2k src (Score:1, Interesting)
Not sure if this has already been posted by someone else, but here are some interesting greps on the Win2k source code [nysv.org].
Re:well... (faking ip address) (Score:3, Interesting)
Actually you can fake you IP partially (at least in ethernet). Just pick IP belonging to same local subnet so that trafic gets routed to your subnet and then grab packets with that IP.
Actually, you cannot do that. BT is TCP. The machine with the IP you're borrowing would never allow a TCP handshake to complete. RST RST RST If you used an IP that isn't being used, a good ISP wouldn't allow you out as there is no DHCP/PPPoE "lease".
Unless...
In practice, it's good idea to wait till some machine is down and then use temporarily free IP. This only works 100% if you know exactly when machine/IP will be down (so it cannot see trafic you generated) and if you can change your card's ethernet address to be also correct. One could also scan constantly to check if rightful owner of IP has become online again but in ethernet everyone can see the scanning.
...that's what you were saying here. I'm not being dick, I just don't understand what you meant.