Forgot your password?
typodupeerror
Microsoft

Microsoft Warning Leaked Code Traders 833

Posted by CmdrTaco
from the thats-a-bit-creapy dept.
An anonymous reader writes "Broadand Reports notes that Microsoft is now sending snail mail warnings to downloaders of the leaked source code. They're also apparently working in conjunction with several un-named peer to peer vendors to send out legal warnings to any users who search for the leaked code. The notice on Microsoft's website has been updated to reflect the new warnings."
This discussion has been archived. No new comments can be posted.

Microsoft Warning Leaked Code Traders

Comments Filter:
  • Traders or Traitors? (Score:5, Interesting)

    by monstroyer (748389) * <devnull@slashdot.org> on Thursday February 19, 2004 @04:38PM (#8331302) Homepage Journal
    [tin_foil_hat]

    I think the title should have read "MS Warns Leaked Code TRAITORS" considering that the code probably got leaked from one of their own.

    From the MS Notice page:

    Customers running Windows XP Service Pack 1 or Windows Server 2003 who have installed all of the latest updates are not impacted

    In other words: "Dear companies running on W2K, please pay for upgrades ASAP. We would like more money. Thanks."

    [/tin_foil_hat]
  • Leaked on Purpose? (Score:2, Interesting)

    by Anonymous Coward on Thursday February 19, 2004 @04:41PM (#8331358)
    Well, now that Win 2K is not "SAFE" anymore, please get ready to shell out money for Longhorn...
  • Warnings? (Score:5, Interesting)

    by Xeed (308294) on Thursday February 19, 2004 @04:42PM (#8331377) Journal
    I thought the thing to do nowadays was to sue the pants off downloaders. Is M$ trying to play good guy warning downloaders rather than suing them?
  • How did it leak? (Score:3, Interesting)

    by Zo0ok (209803) on Thursday February 19, 2004 @04:44PM (#8331406) Homepage
    Subsequent investigation has shown this was not the result of any breach of Microsoft's corporate network or internal security, nor is it related to Microsoft's Shared Source Initiative or its Government Security Program

    How did it leak?

  • by W2k (540424) <wilhelm.svenselius@gma i l .com> on Thursday February 19, 2004 @04:45PM (#8331425) Homepage Journal
    ah well. it's kinda scary that even the largest/richest software co in the world can't stop the spread of their IP, and that it takes only one person.

    Not scary at all. I'd say it is a good thing that not even one of the most powerful forces on this planet can stop information from spreading across the web. Information wants to be free, remember?
  • I'm skeptical (Score:5, Interesting)

    by Doesn't_Comment_Code (692510) on Thursday February 19, 2004 @04:45PM (#8331431)
    While it may be illegal to steal source code that is privately held. I don't know that it is illegal to view it once it has been released. Perhaps someone has a more educated viewpoint. But this seems like a scare tactic without much legal standing.
  • by Anonymous Coward on Thursday February 19, 2004 @04:46PM (#8331451)
    Why should they even bother. If they can identify the people to send them mail, then those people are not smart enough to do any harm. The smart/dangerous ones will get the code anonymously. And they wouldn't be afraid of Microsoft 'getting' them.

  • Public patches? (Score:2, Interesting)

    by luckytroll (68214) on Thursday February 19, 2004 @04:46PM (#8331457) Homepage
    Now that the source is out there, I wonder how long it will take for anonymous hackers to start submitting fixes to M$ for problems in the code that havent been detected yet. How long until independent
    patches are available to make it more secure from Big Brother, and more stable.

    Is this the beginning of the Kazaa-Lite-ing of windows?
  • by Lovepump (58591) on Thursday February 19, 2004 @04:47PM (#8331460)
    ... or just using the P2P networks, PeerGuardian can help. I reject about 250 requests per day on the Emule network from tracking companies. Here's about 40 minutes worth:

    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:49:19)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:50:00)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:50:42)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:56:11)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:56:55)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:57:37)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:59:00)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 17:59:44)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:00:26)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:08:53)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:09:35)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:10:16)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:18:51)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:19:34)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:20:14)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:28:40)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:29:24)
    Connection Rejected: 12.222.39.72 - Communications Resources PGIPDB (02-19-2004 @ 18:30:06)

    You can get it from Methlabs.org. Windows only as far as I know.

  • PR Boom (Score:2, Interesting)

    by Eberlin (570874) on Thursday February 19, 2004 @04:52PM (#8331555) Homepage
    No, not the Doom II port. I'm assuming this follows along the lines of a Microsoft PR implementation. It can't be seen sitting idly as the code gets swapped around. The 250K bounty trick has already been done, and the RIAA seems to be doing well on the "threaten/sue fileswappers" thing so why not jump in?

    We've already come to the agreement that this code shouldn't be seen by anyone who is currently contributing or even could possibly in the future contribute to OSS.

    The only thing MS stands to lose here is an influx of possible exploits caused by bad code. It's not the full source so it's not like it'll compile to something useful (i.e. piracy).

    Maybe they SHOULD go after these folks...but as BGates said recently, hackers are good for MS software because hackers test/break systems, thus making MS improve. Which PR spin will win this one out?
  • by Anonymous Coward on Thursday February 19, 2004 @04:55PM (#8331614)
    I'd venture to say it is much higher then that. Being that I was part of a group that upgraded the DoD from NT 4.0 to Windows 2000 less then 12 months ago. Most of the government is not going to run XP and esp. Win 2003, until long horn is out, being that they usually wait a very long time to make sure "all the bigs are worked out" first.
  • already got one (Score:2, Interesting)

    by Anonymous Coward on Thursday February 19, 2004 @04:57PM (#8331648)
    i got one through my university about it through downloading it through bittorrent. They claimed i was distributing it and demanded they give up where i got it from as well as delete it and stop distributing. I explained i wasnt distributing it and they had no proof that i was only that i was connected to the bittorrent tracker. Oh well
  • Just for searching? (Score:1, Interesting)

    by Anonymous Coward on Thursday February 19, 2004 @04:58PM (#8331651)
    For simply checking if the file is offered, with no proof that a download was ever initiated?

    That tempts me to go searching on Kazaa just to draw it in, and then sue the bastards for harassment.
  • Re:Bad Reasoning (Score:4, Interesting)

    by Erratio (570164) on Thursday February 19, 2004 @05:00PM (#8331701)
    Software will have flaws, or if not "flaws" exactly, incompatibilies. But flaws and security issues are 2 different things. Bugs don't have to lead somewhere. You can't account for every possibility when you write a program, but it's how the integral error handling type functions of your program handles those things you didn't think of, and when you're writing programs for which security is an issue, those problems shouldn't lead anywhere they're not supposed to go.
  • by cant_get_a_good_nick (172131) on Thursday February 19, 2004 @05:01PM (#8331723)
    OK, now that I have my joke out (and I do realize your statement probably a joke as well) there are a few reasons to think this is bad.

    1) If I find a bug that lets me execute code on a windows machine, the average hacker a) tells people about it gets it fixed because he has the best interest of MS and users at heart or b) exploits it for some notoriety or monetary gain. Even if 99% of people choose a), if any choose b), viruses and worms means everyone is affected. Sure, they could patch it, but slow patch adoption rates and slow patch creation rates (look how long the ASN1 patch took to get fixed) means any exploit has a long shelf life.

    2) Somewhat related to 1) above, they said that if they are more secure because they keep the source guarded. It is no longer, people may start thinking it's less secure. Security through obscurity only works if the code is obscured.

    3) From what I hear (haven't seen it) the code looks pretty amateur in places. MS is a huge company, and not a monolith. Some of the code will be low quality. They just plain look bad.
  • by Anonymous Coward on Thursday February 19, 2004 @05:04PM (#8331754)
    That MS had contacted them about my IP address. Downloaded it Sat night, removed it less than 24 hrs later on Sun (I used EMule), next day the ISP phoned saying MS asked them for my details as I was sharing the source. ISP said they would not give them out without a court order.

    Im in UK. I havent seen/heard of anyone else getting this (Happend to me on monday) suprised it took till today for it to be brought to light, must admit it makes me somewhat relived to see that their just warning about it, must say I was really $hitting myself at one point. Hell I dont even know C/C++ I was just curious to take a look.
  • by cant_get_a_good_nick (172131) on Thursday February 19, 2004 @05:06PM (#8331807)
    Don't know if you were joking, but some folks really got MS Office war3z letters from the BSA for putting up OpenOffice downloads.
  • Re:Warnings? (Score:5, Interesting)

    by stratjakt (596332) on Thursday February 19, 2004 @05:10PM (#8331874) Journal
    What noone picked up on is MSFT is SNAIL MAILING downloaders.

    No matter the text of the letter, the implication in recieving a snail mail vs. an e-mail is obvious: "WE KNOW WHO YOU ARE AND WHERE YOU LIVE, MOFO!"
  • by steppin_razor_LA (236684) on Thursday February 19, 2004 @05:16PM (#8331972) Homepage Journal
    It looks like they have a fairly extensive IP block list. It shouldn't be too hard to get this list to work w/ IPtables.

    My question -- will IPtables run "okay" with a few thousand block rules?
  • Re:silly question (Score:3, Interesting)

    by GerritHoll (70088) <gerrit@nl.linux.org> on Thursday February 19, 2004 @05:17PM (#8331993) Homepage
    You mean, use a public library, university room or internet cafe with a cd-burner, download what you want to download, burn it and take it home to a computer without internet connection?

    Now, that's luxery!

  • YARITE (Score:2, Interesting)

    by CrystalCut (307381) * on Thursday February 19, 2004 @05:24PM (#8332116) Homepage Journal
    I'm not concerned that people want this code. Hell, I'd grab it and save it as "archived information", like I do with so many other tidbits of things that come out into the open. Can you say WASTE [sourceforge.net]?

    What does concern me is how MS is running after those who are obtaining the leaked code. Is an FBI group standing over every P2P system, and then providing user information to MS? Please! Or is the media running multiple [shortnews.com] reports [internetwk.com] on behalf of MS, about those receiving [informationweek.com] warnings, while in fact this entire affair is a media stunt?

  • by TheGrayArea (632781) <graymc@c[ ]net ['ox.' in gap]> on Thursday February 19, 2004 @05:26PM (#8332150) Homepage
    >>Anyway what's the point in seeing/having it?
    Great point! Building it will be just about impossible, and even if you do get it to build (somehow ...) you won't have anything close to an actual microsoft build. You don't have the internal certificates and you certainly don't have the internal build tools.
    Windows is built using the latest internal versions of the vc compiler and such and for true release builds there are all kinds of post-build "magic" tools (vulcan,lego,etc) run on that code before it really becomes production.
    I can definitely understand some desire to look at this "forbidden" code, but when you really think about it, what the heck would you really do with it?
  • by bluprint (557000) on Thursday February 19, 2004 @05:26PM (#8332154) Homepage
    You've drawn an illogical conclusion. I happen to think IP laws are not needed...but that's certainly a debatable topic. However, nothing about my post implies that I don't pay for software (which I do), or that I don't follow the laws regarding IP, or even (until this post) how I felt about them. I was just commenting on your weak will that causes you to determine your morality according to what other people tell you it should be. You didn't make any statement about IP laws, wether they are justifiable or not etc...just the typical apathetic/sheep-mentality American comment along the lines of "...it's against the law."
  • But... (Score:2, Interesting)

    by 10537 (699839) on Thursday February 19, 2004 @05:31PM (#8332215)
    I own a bought and paid for copy of NT4, 2K, XP, etc., so in a roundabout sort of way the source code is just another copy of what I already have. Ok, so it's in a slightly different form, but why is having WinSock source any different to having the compiled version? Providing I make no commercial or nefarious use of the source, I don't see a problem...
  • Makes you wonder... (Score:4, Interesting)

    by ValourX (677178) on Thursday February 19, 2004 @05:37PM (#8332296) Homepage
    why Microsoft isn't so rabid about stopping the spread of Windows XP and 2000 ISOs on filesharing services...

    -Jem
  • Re:Warnings? (Score:2, Interesting)

    by mslinux (570958) on Thursday February 19, 2004 @05:41PM (#8332343)
    How do they turn IP addresses into home addresses? Wouldn't ISPs have to do a lot of leg work for them? What about ISPs like Verizon who are keen to protect their user's privacy? What about NAT routers? Sounds like a Pandora's Box to me.
  • by TrollBridge (550878) on Thursday February 19, 2004 @05:41PM (#8332350) Homepage Journal
    Leave it to RMS and Slashdotters who parrot him to equate copyright infringement with the civil rights movement.
  • deja vu (Score:1, Interesting)

    by Anonymous Coward on Thursday February 19, 2004 @05:43PM (#8332372)
    what an irony, 18years and 16days ago, Bill Gates wrote this letter. History repeats itself. mod me down redundant.

    ***

    AN OPEN LETTER TO HOBBYISTS
    By William Henry Gates III

    February 3, 1976

    An Open Letter to Hobbyists

    To me, the most critical thing in the hobby market right now is the lack of good software courses, books and software itself. Without good software and an owner who understands programming, a hobby computer is wasted. Will quality software be written for the hobby market?

    Almost a year ago, Paul Allen and myself, expecting the hobby market to expand, hired Monte Davidoff and developed Altair BASIC. Though the initial work took only two months, the three of us have spent most of the last year documenting, improving and adding features to BASIC. Now we have 4K, 8K, EXTENDED, ROM and DISK BASIC. The value of the computer time we have used exceeds $40,000.

    The feedback we have gotten from the hundreds of people who say they are using BASIC has all been positive. Two surprising things are apparent, however, 1) Most of these "users" never bought BASIC (less than 10% of all Altair owners have bought BASIC), and 2) The amount of royalties we have received from sales to hobbyists makes the time spent on Altair BASIC worth less than $2 an hour.

    Why is this? As the majority of hobbyists must be aware, most of you steal your software. Hardware must be paid for, but software is something to share. Who cares if the people who worked on it get paid?

    Is this fair? One thing you don't do by stealing software is get back at MITS for some problem you may have had. MITS doesn't make money selling software. The royalty paid to us, the manual, the tape and the overhead make it a break-even operation. One thing you do do is prevent good software from being written. Who can afford to do professional work for nothing? What hobbyist can put 3-man years into programming, finding all bugs, documenting his product and distribute for free? The fact is, no one besides us has invested a lot of money in hobby software. We have written 6800 BASIC, and are writing 8080 APL and 6800 APL, but there is very little incentive to make this software available to hobbyists. Most directly, the thing you do is theft.

    What about the guys who re-sell Altair BASIC, aren't they making money on hobby software? Yes, but those who have been reported to us may lose in the end. They are the ones who give hobbyists a bad name, and should be kicked out of any club meeting they show up at.

    I would appreciate letters from any one who wants to pay up, or has a suggestion or comment. Just write to me at 1180 Alvarado SE, #114, Albuquerque, New Mexico, 87108. Nothing would please me more than being able to hire ten programmers and deluge the hobby market with good software.

    Bill Gates
    General Partner, Micro-Soft
  • Which law? (Score:1, Interesting)

    by Anonymous Coward on Thursday February 19, 2004 @05:44PM (#8332388)
    I'm a bit "green" here; however, my skepticism overpowers my ignorance:
    And I ask, "WHICH LAW?"; that is, what law would I be breaking if I do download this leaked source code?
    Is it only a copyright violation, exactly akin to downloading Pirates of the Caribbean (except for the thugs are better-armed...)?
    Would I somehow be found guilty of DMCA violation? I doubt "compilation is an effective encryption process" would fly in court.

    Unless I'm wrong (and please correct me if I am!), the only law being broken here is that of copyright.
    And, is it not true that only the _unauthorised distributor_ of the copyrighted material is punishable? It seems to me that these letters from M$ are probably like "Do not redistribute what you've already got, or we'll _____."
    Unless someone explains otherwise, I'm going to suppose that it's effectively just fine to download the source, as long as I don't share it myself. Of course, this is only an academic exercise to me as I'm WHOLLY uninterested in that particular source code. If I were, I'd probably suggest ++caution.
  • by swillden (191260) * <shawn-ds@willden.org> on Thursday February 19, 2004 @06:05PM (#8332673) Homepage Journal

    Another inch closer to having a lock-hold on the Supreme Court when they finally make the big decisions about the validity of intellectual property!

    Funny, but it's worth pointing out that the USSC is not going to be making any big decisions about the validity of intellectual property... the US Constitution explicitly provides Congress with the right to make IP laws and even provides a brief rationale for them.

    What Congress should be looking at, though, is whether or not the current laws make any sense at all. What is really bizarre to me is this notion that you can keep something secret and yet still have copyright protection on it.

    The original reasoning behind copyright as we know it (as opposed to the true original reasoning, which was about facilitating censorship by the British Crown) was to enable authors to retain limited control of their published works, in order to encourage them to publish. When you publish a book, the content is out there for the world to see and potentially copy; there's no way to publish a book and keep it secret at the same time, so some legal protections are necessary if we want to enable authors to control and profit from their work.

    These "legal protections" are really limitations on what society is allowed to do with the work, in other words, freedoms we choose to give away, and the reason this is a good trade is because (a) it makes more material available now for people to read, learn from and build off of and (b) it ultimately puts more material in the public domain for anyone to use however they see fit when the copyright expires.

    Patents are really the same idea applied to a different space: Getting the details of inventions published for everyone to read theoretically encourages more invention. With patents, there's a *requirement* that the details be published, because unlike a book, it often is possible to keep secret the details of a piece of machinery.

    Even for copyrights, there is and always has been a sort of a requirement to publish -- under current law you cannot sue over copyright unless you have registered your work with the copyright office, and doing that requires you to submit a copy to them, placing it in the public record. Kind of. In the case of code, you only have to submit a few pages from the beginning and the end. The rationale behind copy registration was primarily to establish ownership, not to publish, because when all of this was set up publishing was just a given. Because that was the rationale, when code copyrights came along it was deemed too burdensome to deal with full printouts of the registered code (because they're really, really big) and, of course, the copyright office wouldn't have had any idea what to do with magnetic media.

    So now we've arrived at a situation that cannot have been expected or planned by the designers of the system: You can obtain copyright protection on something that you never published and never have to publish, even when you go to court to enforce your rights. The "trade" is no longer a trade, because society no longer gets to benefit from seeing what it is giving you protection for. There's no requirement that the code *ever* be published, even after the copyright has expired (assuming current copyrights ever will expire).

    In my opinion, it should only be possible to obtain protection for what you publish. If you want to keep your source secret and only publish binaries, fine. You get copyright protection for the binaries and you can use trade secret law to protect your source code -- but remember the caveat in trade secret law that once it's published it's no longer a secret, so you can only go after the person who gave it away the first time.

    On the other hand, if you want the full protection of copyright law applied to your source code, then you have to publish the code, at least before going to court over it. Publish *all* of it. I don't think the US Copyright Office of 2004 will have any trouble at all understanding how to manage data delivered on a stack of DVD-ROMs.

  • by Moofie (22272) <lee AT ringofsaturn DOT com> on Thursday February 19, 2004 @06:06PM (#8332688) Homepage
    Encouraging people to break the law is a crime? WHAT? Incitement to riot is a crime. Encouraging people to break the law is free speech.

    As is, by the way, transmitting Microsoft's source code.
  • by DickBreath (207180) on Thursday February 19, 2004 @06:08PM (#8332713) Homepage
    Yeah, released source code is horrible for security. Look at OpenBSD, all those servers just waiting to get hacked in to. Maybe now Microsoft will actually have to, I don't know...eliminate exploits instead of waiting for them to appear, then fixing them after it's too late (if it isn't already).

    Here is the real crux of the problem. You are pointing at the wrong thing.

    It is not whether the source is open and available that makes it insecure or more secure.

    It is whether the soruce was developed as open source. It matters that all those eyeballs were watching while the source was being written. Taking a buggy closed source program and suddenly opening the source simply means that all of the bugs will be discovered, and exploited. Developing a program as open source means that those security problems often don't live long enough to reach a release. Even when they do, they are patched rapidly.

    In fact, it simply may say more about the users or "administrators" than the availability of source. Remember the Bind 8 vulnerability? Remember how many servers run Bind 8? Remember how fast everything was upgraded all over the planet? Remember <Microsoft virus of the week>? Remember how many servers were vulnerable to that? Remember how slowly those vulnerable servers were upgraded? Even when the fix was available before the exploit? Now which of these two widely used software program vulnerabilities caused a huge upheavel affecting society as a whole?
  • by Penguinshit (591885) on Thursday February 19, 2004 @06:18PM (#8332839) Homepage Journal

    From Kuro5hin... [kuro5hin.org]

  • Re:Stomp out IP (Score:1, Interesting)

    by Anonymous Coward on Thursday February 19, 2004 @06:20PM (#8332863)
    You can file complaints with the FBI at their Cybercrimes [fbi.gov] homepage. If the value exceeds a certain amount, they can and will get involved. Don't think that the government won't follow up for you. Not everyone gets results, but it does happen. The Secret Service got involved when I and a few other people got defrauded by an eBay scammer. Don't forget that with such a high-profile crime, the FBI *wants* to get involved. They want to look good, too.
  • by Anonymous Coward on Thursday February 19, 2004 @06:25PM (#8332909)

    From a previous article on this topic:

    File: windows_2000_source_code.zip
    Key: CHK@JANQuMJMYGNWPVWyfwBwyXPsgBwPAwI,LeWue01uUKoEMG Kv54~o6A
    Bytes: 213748207

    CHK@JANQuMJMYGNWPVWyfwBwyXPsgBwPAwI,LeWue01uUKoEMG Kv54~o6A/windows_2000_source_code.zip

    Of course if you don't have Freenet yet (what are you waiting for?) you'd do good to visit http://www.freenetproject.org [freenetproject.org]

  • idea (Score:2, Interesting)

    by diablomonic (754193) on Thursday February 19, 2004 @06:35PM (#8333026)
    Slashdot really needs a semi-permanent copyright lawyer as an editor or something to counter/correct/confirm all us ianal's
  • by GrodinTierce (571882) on Thursday February 19, 2004 @06:56PM (#8333265) Journal
    I'd definitely have to second the parent. I'm in high school, and I know a little C++ (I took the APCS AB exam and got a 5), and I've played around with Linux. Basically, I couldn't really do anything with the source (even if I should ever chance to look upon it) beyond reading the code, and I don't really have any desire to go beyond that anyway.

    Ultimately, like the parent said, it's the taboo that makes it interesting. If Microsoft had just posted the code on its website, I might not even be interested, but all the effort they're exerting has attracted my attention.

  • by Anonymous Coward on Thursday February 19, 2004 @06:59PM (#8333320)
    Hash: SHA1

    J.K. Weston
    Microsoft Corporation
    One Microsoft Way
    Redmond, WA 98052
    jkweston@microsoft.com
    Tel: (425) 703-5529

    16 Feb 2004 12:11:33 GMT

    URGENT/IMMEDIATE ATTENTION REQUIRED
    VIA ELECTRONIC MAIL

    *

    Re: NOTICE OF POTENTIAL UNLAWFUL DISTRIBUTION OF MICROSOFT SOURCE CODE AT: *
    Date of Infringement: Detail below.

    Dear *:

    We have received information that one of your users as identified above by the SITE/URL * may have engaged in the unlawful distribution of Microsoft's source code for Windows 2000, and/or Windows NT4, by distributing and offering for download these source code files via a peer-to-peer network.

    Since you own this IP address, we request that you take appropriate action against the account holder under your Abuse Policy/Terms of Service Agreement.

    We also kindly request that you forward this notice promptly to the user of the IP address listed above at the time and date stated.

    To the user at *:

    The unauthorized copying and distribution of Microsoft's protected source code is a violation of both civil and criminal copyright and trade secret laws. If you have downloaded and are making the source code available for downloading by others, you are violating Microsoft's rights, and could be subject to severe civil and criminal penalties.

    Microsoft demands that you immediately (1) cease making Microsoft's source code available or otherwise distributing it, (2) destroy any and all copies you may have in your possession, and (3) provide us any and all information about how you came into possession of this code.

    Microsoft takes these issues very seriously, and will pursue legal action against individuals who take part in the proliferation of it source code. We look forward to your prompt cooperation. Should you need to contact me, I can be reached at the address above or at jkweston@microsoft.com.

    Very truly yours,

    By
    J.K. Weston

    CaseID: *

    Infringers IP Address: *
    Initial Infringement Timestamp: 16 Feb 2004 06:36:03 GMT
    Recent Infringement Timestamp: 16 Feb 2004 06:36:03 GMT
    Notice ID: *
  • by Anonymous Brave Guy (457657) on Thursday February 19, 2004 @07:03PM (#8333368)
    Don't mess with Microsoft, they have the money and the power to track you down, even on Internet and through P2P networks. And they will, this is just an example and a warning.

    Right, just like the **AA have been doing. I'm betting they have a comparable amount of money, and they're certainly willing to use legal muscle, but look where that's got them...

    A more interesting spin I didn't see anybody mention yet is that if, as P2P music-sharing advocates constantly claim, it's legal to download and only illegal to distribute under US copyright law, then Microsoft's claims are unfounded (and probably incorrect legal advice -- oops). Alternatively, the P2P music-sharing advocates have been talking a crock all along, and are about to see a rather unfortunate legal precedent set from a surprising direction. Any takers?

  • Re:THAT IS PERFECT. (Score:1, Interesting)

    by Anonymous Coward on Thursday February 19, 2004 @07:11PM (#8333459)
    or how about a virus that takes advantage of a hole / exploit IN the leaked source code .. and the payload of that worm/virus is to make millions of "windows source code" requests accross multiple p2p networks ...

    This would mean MS could not differentiant a legitimate source code seeker vs. someone who is infected.

    It'd be a thing of beauty that MS would have their own hands tied, due to their own poor code quality.

  • Is a search illegal? (Score:3, Interesting)

    by nurb432 (527695) on Thursday February 19, 2004 @07:40PM (#8333819) Homepage Journal
    Where does it say that a search is illegal.. Regardless of what i search for..

    Possession of information is illegal in some cases.. Distribution is illegal in other cases.. But *searching*?

    Screw them...

    only scary part is that some p2p people are willing to cooperate with a entity that has NO LEGAL POWERS...
  • by Alioth (221270) <no@spam> on Thursday February 19, 2004 @07:48PM (#8333915) Journal

    it's kinda scary that even the largest/richest software co in the world can't stop the spread of their IP, and that it takes only one person.

    No it's not scary at all. It's not even surprising. The only thing about this that's surprising is that it hasn't happened sooner.

    There's a lot of talk about 'information wants to be free' which is basically bullshit. Information doesn't actually want anything. It doesn't have the squishy bits made of meat that you need to be able to 'want' something.

    Instead it's a basic property of information - if it's put in the presence of a copying mechanism, it will be copied. And if you're trying to stop it, you've already lost as soon as the information in question gets outside of your organization.
  • by lambent (234167) on Thursday February 19, 2004 @07:58PM (#8334014)
    Oh well, I guess I was wrong. Time to drop the bluff: I make up lies to impress people on /.

    Because obviously you know that running experimental networking services on your computer that require you to punch holes in your firewall, and allowing you to receive hundreds of connections per second, is obviously secure ... because they only know your IP, after all.

  • by nurb432 (527695) on Thursday February 19, 2004 @08:22PM (#8334267) Homepage Journal
    They didnt goto court to supeona the information, how are they getting the home address of people so quickly?

    Is that even legal for them to do ( assuming they didnt get a court order. ... )
  • Don't search? (Score:1, Interesting)

    by Zonekeeper (458060) on Thursday February 19, 2004 @09:04PM (#8334642)
    They want to make illegal to even SEARCH for it? It's not ILLEGAL to search for anything. What jumbo boxcar is Bill hauling his nads in around these days?
  • by KidSock (150684) on Thursday February 19, 2004 @10:34PM (#8335557)
    Don't know if you were joking, but

    It's no joke:

    Subject: [linux-elitists] Microsoft goes after Linux kernel downloaders?
    Date: Mon, 16 Feb 2004 20:15:28 -0600

    I went trolling, and it seems I caught the biggest fish of them all.

    When the story about the MS leak appeared on Slashdot this past week,
    I thought I'd have a bit of fun. A post entitled "Kernel source here,"
    which pointed to a torrent of Linux 2.6.2, was all it took to hook
    about a thousand would-be NT and 2000 source downloaders.

    "You can find the build applications and such with Google already."

    I trickled the torrent out at about 1k/s for the first few hours, then
    let it go full-speed once we'd crossed over 600 active
    participants. Let 'em all have the punchline at once.

    Imagine my surprise when my DSL stops working this morning, I call my
    provider, and I learn that I've been accused of copyright
    infringement. I argued that I was doing absolutely nothing wrong, and
    they turned service back on. After I asked to see the accuser's email,
    they forwarded the below. Sure enough, it's a bona fide valentine from
    MS Legal:

    J.K. Weston
    Microsoft Corporation
    One Microsoft Way
    Redmond, WA 98052
    jkweston@microsoft.com
    Tel: (425) 703-5529

    14 Feb 2004

    URGENT/IMMEDIATE ATTENTION REQUIRED
    VIA ELECTRONIC MAIL

    [My ISP]

    Re: NOTICE OF POTENTIAL UNLAWFUL DISTRIBUTION OF MICROSOFT SOURCE
    CODE AT: [one of my IPs]

    Date of Infringement: Detail below.

    Dear [My ISP]:

    We have received information that one of your users as identified
    above by the SITE/URL [My IP] may have engaged in the unlawful
    distribution of Microsoft's source code for Windows 2000, and/or
    Windows NT4, by distributing and offering for download these source
    code files via a peer-to-peer network.

    Since you own this IP address, we request that you take appropriate
    action against the account holder under your Abuse Policy/Terms of
    Service Agreement.

    The IP they chose wasn't the tracker, it was a system participating as
    a torrent peer. This makes me wonder if there are a thousand other
    P2P Linux 2.6.2 downloaders enjoying MS' Feb 14 love.

    Now, admittedly I was just asking for it by hinting at something that
    might offend the big giant. Still, it took them three or four days to
    issue this letter. In the meantime, shouldn't they have been able to
    find someone capable of cracking open a .tar.bz2? Did nobody raise the
    question of how a leaked CD fits into a 32m file?
    ___________________________________________ ____

COBOL is for morons. -- E.W. Dijkstra

Working...