Forgot your password?
typodupeerror
Microsoft

Microsoft Warning Leaked Code Traders 833

Posted by CmdrTaco
from the thats-a-bit-creapy dept.
An anonymous reader writes "Broadand Reports notes that Microsoft is now sending snail mail warnings to downloaders of the leaked source code. They're also apparently working in conjunction with several un-named peer to peer vendors to send out legal warnings to any users who search for the leaked code. The notice on Microsoft's website has been updated to reflect the new warnings."
This discussion has been archived. No new comments can be posted.

Microsoft Warning Leaked Code Traders

Comments Filter:
  • Re:How did it leak? (Score:2, Informative)

    by Ymiris (733964) on Thursday February 19, 2004 @04:49PM (#8331500) Journal
    Through an affiliate of Microsoft, that had it on a linux box non the less.
  • by Fishstick (150821) on Thursday February 19, 2004 @04:49PM (#8331501) Journal
    On Monday, February 16, Microsoft began investigating a reported exploit on versions of Internet Explorer allegedly discovered by an individual studying the leaked source code. This exploit is a known issue that Microsoft had discovered internally and addressed with the latest release of Internet Explorer -- Internet Explorer 6.0 Service Pack 1.

    Um, don't usually like to argue semantics, but what was discovered was a security vulnerability (bug) in the code, not an "exploit".

    Devising and revealing a method to take advantage of this problem (a virus, worm, bitmap) is an "exploit", right?
  • Re:silly question (Score:5, Informative)

    by GerritHoll (70088) <gerrit@nl.linux.org> on Thursday February 19, 2004 @04:52PM (#8331554) Homepage
    Most p2p network have search facilities. The search is done on a server, and the server is able to (and probably already does) log who searches for what. A server hosting a torrent can do the same, but since those are more often volunteers themselves, they probably won't.

    Now that the source code is leaked, MS will probably get a lot safer, with all those hackers and crackers exploiting their bugs and thus revealing them ;-)

  • by Anonymous Coward on Thursday February 19, 2004 @04:58PM (#8331656)
    Download these two via eDonkey:

    (Remove the spaces in the links.)

    ed2k://|file|windows_2000_source_code.zip|213748 20 7|34bb9f3a3e8d3e0c4490a96ec30b9f3c|/

    And:

    ed2k://|file|windows_nt_4_source_code.zip|241131 48 3|afcb4b1fd05ed574e2ee77618222621d|/
  • by EoRaptor (4083) on Thursday February 19, 2004 @05:04PM (#8331762)
    Copyrights might have been extended by Congress, but they can still lapse if they aren't defended comensurate to their value.

    Thus, Microsoft has no choice but to make the best effort it can to track and notify people who have acquired its source code without a license. If they didn't, they risk a court case where a defendent could say that Microsoft failed to protect and enforce thier copyright, and the court would have a very good chance of saying the material had thus moved into the public domain.

    This has happened in the past, and will again. Microsoft isn't chasing anyone down to prosecute them, it's unlikely they've been monetarily impacted by any single downloader, but they must vigorously defend their copyright and trade secrets, or they lose them.

  • Re:I'm skeptical (Score:3, Informative)

    by Doesn't_Comment_Code (692510) on Thursday February 19, 2004 @05:09PM (#8331849)
    Since its a copyrighted work, you can't use it without a license. So compiling it (good luck) and using/distributing it would be way out of line.

    Your example is a crime because you included hacking into a computer to do the stealing. Just like whoever stole/leaked the MS code committed a crime.

    What we're talking about is more like picking up and reading the Harry Potter book that someone stole from a bookstore and left on the table. The reading part is not criminal, the stealing part is.

    Furthermore, a books main purpose is to be read. A program's main purpose is to execute. I know that is knitpicking. But I wouldn't consider it copyright infringement to use a book I didn't own the rights to to prop up a table, or a CD I didn't own as a coaster.
  • by Doobian Coedifier (316239) on Thursday February 19, 2004 @05:11PM (#8331888)
    When the news of the leak broke, I jumped on edonkey and downloaded it. Got this email via my ISP a couple days later, I've since deleted the code (it's not that interesting to me anyway. Bunch of BSD code in there tho...)


    Microsoft Corporation
    One Microsoft Way Redmond, WA 98052
    14 Feb 2004 18:45:44 GMT
    URGENT/IMMEDIATE ATTENTION REQUIRED VIA ELECTRONIC MAIL
    Re: NOTICE OF POTENTIAL UNLAWFUL DISTRIBUTION OF MICROSOFT SOURCE CODE AT: [my IP address]
    Date of Infringement: Detail below.

    Dear [my ISP]: We have received information that one of your users as identified above by the SITE/URL [my IP address] may have engaged in the unlawful distribution of Microsoft's source code for Windows 2000, and/or Windows NT4, by distributing and offering for download these source code files via a peer-to-peer network. Since you own this IP address, we request that you take appropriate action against the account holder under your Abuse Policy/Terms of Service Agreement. We also kindly request that you forward this notice promptly to the user of the IP address listed above at the time and date stated.

    To the user at [my IP address]: The unauthorized copying and distribution of Microsoft's protected source code is a violation of both civil and criminal copyright and trade secret laws. If you have downloaded and are making the source code available for downloading by others, you are violating Microsoft's rights, and could be subject to severe civil and criminal penalties. Microsoft demands that you immediately (1) cease making Microsoft's source code available or otherwise distributing it, (2) destroy any and all copies you may have in your possession, and (3) provide us any and all information about how you came into possession of this code. Microsoft takes these issues very seriously, and will pursue legal action against individuals who take part in the proliferation of it source code. We look forward to your prompt cooperation. Should you need to contact me, I can be reached at the address above or at someguy@microsoft.com.
    Very truly yours,

    Initial Infringement Timestamp: 14 Feb 2004 05:01:23 GMT
    Recent Infringement Timestamp: 14 Feb 2004 05:01:23 GMT

  • by stratjakt (596332) on Thursday February 19, 2004 @05:13PM (#8331912) Journal
    Plenty of folks have access to Windows source, I know for a fact that these guys [slashdot.org] do, they ship their fault tolerant boxes with a heavily customized version of Windows.

    Plenty of other vendors do, too. Plus plenty of third party developers who work on windows. Not every component in there was developed in house, after all. I remember a time when RealPlayer was part of the package, Real must have had some source back then.

  • by sqlrob (173498) on Thursday February 19, 2004 @05:13PM (#8331916)
    Copyrights might have been extended by Congress, but they can still lapse if they aren't defended comensurate to their value.

    That's trademarks, not copyrights.
  • Not Just P2P (Score:4, Informative)

    by kaschei (701750) on Thursday February 19, 2004 @05:19PM (#8332030)
    I got two calls yesterday from my on-campus network administrator's office asking to speak to my room mate. This is odd because I believe he downloaded it through a DC++ connection, as he seems to avoid bittorrent for some reason. All they asked was that he removed the source from his computer, I don't think there were any other consequences. Anyone else have a similar experience?
  • Re:law (Score:4, Informative)

    by poot_rootbeer (188613) on Thursday February 19, 2004 @05:36PM (#8332289)
    If peoples' ability to disseminate information serves as a message to corporations that their attempts to turn the US into a police state won't work, then I can live with that.

    Orrrrrr you could go through VALID channels and work for reform of intellectual property laws. Because as it stands now, if you trade in MS's intellectual property, it's WELL within their legal rights to come after you.

    If you don't like it, do something about it. Something BESIDES breaking the law anyway because it suits you and hiding behind "civil disobedience".

  • nope, IPtables will probably crap out. Use NF-HIPAC [hipac.org] which is basically a binary tree table instead of a linear one. I use it to classify everything going through my box as either local campus, Internet2, or general internet. I have around 5000 matches and it works great. Also the perl module NetAddr::IP and it's function NetAddr::IP::compactref is your friend; it takes a bunch of IP/masks and simplifies them down. It simplified my 9000 Inet2 networks down to 5000.
  • by sir_cello (634395) on Thursday February 19, 2004 @05:39PM (#8332329)

    Copyright cannot lapse per se, the right is unconditionally granted and there is no concept of abandonment (which you can do with patents and trademarks): however, if a copyright owner didn't take any action against infringements - when it knew that they were happening - it could be a good arguement that the owner has "allowed" an implicit license to come into effect. This is just a common legal principle of estoppel: if you passively consent to something, it becomes difficult to later turn around and retract.

  • Re:silly question (Score:1, Informative)

    by Anonymous Coward on Thursday February 19, 2004 @05:42PM (#8332367)
    In many European contries businesses don't have automatically police powers. Besides it's illegal for ISP to reveal details about the clients to anyone else beside police. And police needs to have a good reason before they can ask that.

  • Re:I'm skeptical (Score:3, Informative)

    by itzdandy (183397) <dandenson@@@gmail...com> on Thursday February 19, 2004 @05:46PM (#8332420) Homepage
    It is absolutely illegal to download OR view it. It is proprietary software that was stolen and the company(M$ft) holds this code as private. It is illegal to even view the code with the intent to view it(got that? you could pull up any random webpage and see the code itself but as soon as you realized what you were reading, you would have to close the page or you would infringe on private code.

    This is a bunch of bullshit, people thinking that its just illegal to download, but you can view it all you want.
  • Re:Illegal? (Score:3, Informative)

    by villoks (27306) on Thursday February 19, 2004 @05:57PM (#8332567) Homepage Journal
    It depends.

    If you live in a jurisdiction, which accepts private copying, then you are fine (downloading == making one copy of the work to your hard drive)

    In some counties the source has to be legit (Denmark) or there's no notion of private copying (UK). In these places also downloading is illegal.

  • by Anonymous Coward on Thursday February 19, 2004 @06:07PM (#8332693)
    To generate the blocklist
    http://mldonkey.berlios.de/modules.php? name=Downlo ads&d_op=getit&lid=54
  • Re:I'm skeptical (Score:5, Informative)

    by Anonymous Coward on Thursday February 19, 2004 @06:09PM (#8332738)
    you are completely uninformed. It is illegal to:

    1. Distribute it
    2. Use parts of it as your own

    It is not illegal to:

    1. Possess a copy of it
    2. Read the code
    3. Think about what you have read
    4. Talk about what you have read
  • Re:Good news (Score:1, Informative)

    by Anonymous Coward on Thursday February 19, 2004 @06:51PM (#8333206)
    "Hopefully we get the kernel + binary execution segments so WINE is developed as well as SAMBA."

    If Open Source software developers have to steal code from proprietary software developers in order to make their own software stable, then Linux is already doomed.

  • Re:I'm skeptical (Score:1, Informative)

    by Anonymous Coward on Thursday February 19, 2004 @06:51PM (#8333214)
    Please tell me what law your claim is based on.

    While the people who leaked the source code were probably bound by some NDA-like contract with Microsoft, those of us who have not signed any contracts related to it are bound only by copyright law, which does prohibit the distribution (copying) of the source code, but most definitely not its viewing.

    The copyright laws in different countries vary in whether they interpret downloading as distribution (and thus copyright infringement).

    Making copies of and distributing something you don't have the right to is the only thing that is absolutely and clearly illegal.
  • by JoeBuck (7947) on Thursday February 19, 2004 @08:05PM (#8334087) Homepage

    The leak came from a Microsoft partner, Mainsoft [mainsoft.com]. The partner's access to Microsoft source was given long before Microsoft started their "shared source" program.

    BetaNews has the details [betanews.com].

  • by Anonymous Coward on Thursday February 19, 2004 @08:11PM (#8334151)
    This is an actual notice- sent to a user who clicked on a BitTorrent link posted to the "Full Disclosure" mailing list. FWIW- The user did not download the entire source.
    .....

    J.K. Weston
    Microsoft Corporation
    One Microsoft Way
    Redmond, WA 98052
    jkweston@microsoft.com
    Tel: (425) 703-5529


    ** Feb 2004 **:**:** GMT

    URGENT/IMMEDIATE ATTENTION REQUIRED
    VIA ELECTRONIC MAIL

    XYZ ISP COMPANY
    123 SESAME ST


    Re: NOTICE OF POTENTIAL UNLAWFUL DISTRIBUTION OF MICROSOFT SOURCE CODE AT: ***.***.***.***
    Date of Infringement: Detail below.

    Dear XYZ ISP CO:

    We have received information that one of your users as identified above by the SITE/URL ***.***.***.*** may have engaged in the un lawful distribution of Microsoft's source code for Windows 2000, and/or Windows NT4, by distributing and offering for download the se source code files via a peer-to-peer network.

    Since you own this IP address, we request that you take appropriate action against the account holder under your Abuse Policy/Ter ms of Service Agreement.

    We also kindly request that you forward this notice promptly to the user of the IP address listed above at the time and date stat ed.


    To the user at ***.***.***.***:

    The unauthorized copying and distribution of Microsoft's protected source code is a violation of both civil and criminal copyrigh t and trade secret laws. If you have downloaded and are making the source code available for downloading by others, you are violat ing Microsoft's rights, and could be subject to severe civil and criminal penalties.

    Microsoft demands that you immediately (1) cease making Microsoft's source code available or otherwise distributing it, (2) destr oy any and all copies you may have in your possession, and (3) provide us any and all information about how you came into possessi on of this code.

    Microsoft takes these issues very seriously, and will pursue legal action against individuals who take part in the proliferation of it source code. We look forward to your prompt cooperation. Should you need to contact me, I can be reached at the address abov e or at jkweston@microsoft.com.

    Very truly yours,


    By
    J.K. Weston


    CaseID: *****

  • Re:I'm skeptical (Score:3, Informative)

    by leerpm (570963) on Thursday February 19, 2004 @08:40PM (#8334454)
    You have no idea how copyright law works do you? The source code is not subject to the same laws as stolen physical goods are. It is copyrighted material. There is no theft of goods here, but you are infringing on Microsoft's copyrights by downloading (and thereby making an unauthorized copy of) the source code. Which by the way is still a serious crime, but it is not theft in the traditional sense.

    By the way, viewing it on a webpage still counts as downloading it because you have to make a copy of the webpage onto your local computer in order to view it.

    Copyright infringement is not the same as theft. And if you believe otherwise you have been drinking too much of the RIAA Kool-aid.
  • by bmajik (96670) <matt@mattevans.org> on Thursday February 19, 2004 @08:48PM (#8334514) Homepage Journal
    There are legitimate ways for people to get windows code that are outside of GSP or Shared source.

    Think about this - the code that was leaked is older than the shared source program. Was shared source the very first time any institution ever got windows code ?

    No.

    I thought the answer on where this code came from was publicly known, and even discussed here ?

    The microsoft statement above, to the best of my knowledge, is correct. (iow what i know doesn't disagree with that statement) If the specific details to back this up aren't widely known, I won't disclose them. IOW, they know how the code got out, and its none of the things you mention. Mostly the distinction is that people have an overbroad interpretation of who the shared source program covers.

  • by Karadryel (644871) on Thursday February 19, 2004 @10:39PM (#8335601)
    If the leak was not caused by a network security breach, a physical security breach, a troubled-employee, or it's code sharing initiatives; how the hell was the code leaked?

    It was Mainsoft. They were licensed to get the code several years back, before the whole shared source business, to port some MS stuff to Unix. Thus it wasn't shared source, wasn't a breach of Microsoft's security, and wasn't a troubled Microsoft employee. Somebody at Mainsoft fucked up.

    Answer this and get a cookie.

    Where's my cookie?

  • by HalliS (668627) <haralds@@@hi...is> on Thursday February 19, 2004 @11:00PM (#8335759) Homepage
    From Mainsoft's website:
    • Statement to the Media Regarding Microsoft Source Code Leak

      Mainsoft has been a Microsoft partner since 1994, when we first entered a source code licensing agreement with Microsoft. Mainsoft takes Microsoft's and all our customers' security matters seriously, and we recognize the gravity of the situation.

      We are cooperating fully with Microsoft and all authorities in their investigation.

      We are unable to issue any further statement or answer questions until we have more information.

      From Mike Gullard, Chairman of the Board, Mainsoft Corporation


    But still, check out their front-page and count how many times the word Linux appears ^_^
  • by Anonymous Coward on Friday February 20, 2004 @01:55AM (#8336964)
    So has it made it onto Usenet yet?

    ohhh yes. [gotdotnet.com]

The clearest way into the Universe is through a forest wilderness. -- John Muir

Working...