|
13 Feb 2004, 09:16
|
#1
|
Rawr rawr
Join Date: Dec 2000
Location: Upside down
Posts: 5,300
|
MS Windows source accessed by hackers
http://www.washingtonpost.com/wp-dyn...2004Feb12.html
Poor sods.
I hope this doesn't increase the number of exploits we are going to see in worms.
__________________
"Yay"
Last edited by Structural Integrity; 13 Feb 2004 at 09:52.
|
|
|
13 Feb 2004, 09:28
|
#2
|
-=Murderous Plush Toy=-
Join Date: Nov 2001
Posts: 971
|
Re: MS Windows source accessed by hackers
they only possess the source code for MS Paint
__________________
-Lucky #plush
__________________
Does anyone actually play this anymore?
|
|
|
13 Feb 2004, 09:54
|
#3
|
Rawr rawr
Join Date: Dec 2000
Location: Upside down
Posts: 5,300
|
Re: MS Windows source accessed by hackers
link editted... 't was an older reference, now got an article from the Washington Post.
__________________
"Yay"
|
|
|
13 Feb 2004, 12:05
|
#4
|
Let battle commence
Join Date: Feb 2002
Location: England
Posts: 732
|
Re: MS Windows source accessed by hackers
it could be good at the same time as being disaterous thou... it might make MS realise how many security problems there is, thus we might eventually get a secure OS from them (we can hope)
from the other side of the coin, it also might reveal a bit more about the inner workings of windows things to *nix, and enable better support for NTFS, better wine capabilities etc (ofc, the developers would have to be VERY careful not to break IP laws etc)
__________________
Mit
http://tim.igoe.me.uk - Development Blog
Whats on TV now - UK TV Guide
<Mendosa> mit is a cute cudlly toy that will be in the shops by christmas
<mig-work> ur now my eternal fav pa god
<Squiz> i name thee, Sir Mit
<Zeus> u my friend are a true gamer I knew u were
|
|
|
13 Feb 2004, 15:28
|
#5
|
Street Tramp
Join Date: Apr 2000
Location: Street Gutter
Posts: 341
|
Re: MS Windows source accessed by hackers
Quote:
Originally Posted by Mit
ofc, the developers would have to be VERY careful not to break IP laws etc
|
If they even look at it, it could cause a load of SCO type litigation.
__________________
Chimney Pots.
|
|
|
16 Feb 2004, 11:41
|
#6
|
Friendly geek of GD :-/
Join Date: Nov 2000
Location: On my metal roid
Posts: 923
|
Windows 2k source leaked
You might have heard it, rumors seem pretty much confirmed: Windows NT and 2000 sourcecode has leaked.
Microsoft made an officialy statement admitting this. It seems a company called "Mainsoft" (that licensed windows or anything) were using an outdated FTP (wuftp?) version on a linux server, and the code leaked from there...
Apparently around 30,000 files containing about 13ish million lines of code (of a total of maybe 50m) are available via filesharing now (ca 200mb archive).
There are various news sources around (obviously), sorry that I don't provide any links (too lazy / german sources don't help you anyway). I'm sure slashdot etc will help.
There is no documentation apparently, but the identifiers themselves are pretty nice. Also helpful comments are given. The code is C (ANSI), C++, Assembler, containing make-files as well. Additionally I've read somewhere that even some Visual Basic projects were found \o/.
I found a description of the packet somewhere, have no idea though how reliable this is:
Code:
CONTENTS
WinSock32
MSHTML (IE)
RAS
Crypto-API
Winlogon
Open-GL Screensaver
setupapi
Event-Log
NETLOGON
Client components:
accesory (small programs: Notepad, Paint, Clipboard,....)
fontfldr (fonts)
progman (thinking of win3.11...)
snapins (energy managment)
accessib
games
regedit
regedit.nt4 (regedit32)
taskman (taskmanager)
control (basically control panel and profile management)
grptoreg (converter)
tools (minor stuff)
convgrp (16 bit *.grp -> 32 bit *.grp)
inc (compatibility header)
regwiz (registration wizard)
upedit (profile ditor)
cpls (control panel stuff)
lmui (Lan Manager User Interface)
rundll32 (rundll32)
userpri (Unicode workaround)
lz (compression)
runonce (RunOnce wrapper)
migrate (Update?)
security (printer spool, REMOTE-SHELL, NTFS-rights management)
version (?)
dskquota
o2base (helper functions,hardware-interfaces?)
shcompui
winver
encrypt (user management?, ...)
pifmgr (pifmgr)
shole (bookmark (managegement)?)
and a lot of stuff about thread and cpu handling
Wow I'd like to have a look at that, really...
Apparently it's quite funny to do a search for swearing-words, lots of comments are not "cleaned up".
__________________
[ »] Entropy increases! :-/
Last edited by JetLinus; 16 Feb 2004 at 11:48.
|
|
|
16 Feb 2004, 11:47
|
#7
|
Love's Sweet Exile
Join Date: May 2001
Location: Living on a Stair (Now Sword-less)
Posts: 2,371
|
Re: Windows 2k source leaked
And the thread 2 below this isn't enough?
__________________
--SYMM--
Ba Ba Ti Ki Di Do
|
|
|
16 Feb 2004, 11:56
|
#8
|
Friendly geek of GD :-/
Join Date: Nov 2000
Location: On my metal roid
Posts: 923
|
Re: Windows 2k source leaked
Quote:
Originally Posted by SYMM
And the thread 2 below this isn't enough?
|
Sorry... Can't believe how I didn't see this . Internet @ work wasn't working THAT well, I could just claim it was the fault of some cashing system... Hopefully this doesn't get deleted (merged would be ok I guess).
Got some more information (not by myself):
In util.cpp you get:
Code:
// the ****ing alpha cpp compiler seems to **** up the goddam type
"LPITEMIDLIST", so to work
// around the ****ing peice of shit compiler we pass the last param
as an void *instead of a LPITEMIDLIST
There is another file called killer.c
Code:
#include <stdio.h>
#include <windows.h>
Spin()
{
int i;
for (i=0;1;i++) {
Sleep(i*7500);
}
}
void
main(void)
{
DWORD ThreadId;
HANDLE Thread;
int i;
int failcount;
failcount = 0;
for (i = 0;; i++) {
Thread = CreateThread(NULL,
0,
(LPTHREAD_START_ROUTINE)Spin,
NULL,
0,
&ThreadId
);
if ( (i/50)*50 == i ) {
printf("%d threads created\n", i);
}
if (!Thread) {
failcount++;
printf("%d threads created before %d failure\n",
i,failcount);
Sleep(5000);
if ( failcount < 10 ) {
i--;
goto again;
}
break;
}
else {
CloseHandle(Thread);
}
again:;
}
}
Heyyy, WHAT a playground this windows is. Big box of surprises \o/
__________________
[ »] Entropy increases! :-/
|
|
|
16 Feb 2004, 18:04
|
#9
|
Rawr rawr
Join Date: Dec 2000
Location: Upside down
Posts: 5,300
|
Re: Windows 2k source leaked
WTF?
So they have a file that creates a load of threads until it start failing to create threads.
The comment is teh funny.
And what's up with the indenting? Did you do that or is it really such a mess?
__________________
"Yay"
|
|
|
16 Feb 2004, 23:26
|
#10
|
Friendly geek of GD :-/
Join Date: Nov 2000
Location: On my metal roid
Posts: 923
|
Re: Windows 2k source leaked
Well, this function does indeed seem to test how many threads "windows (or whatever) can take". But the filename "killer.c" and printf commands let you assume it was only used for internal testing. Btw, have they not heard of "if i mod 50 == 0 then"?
I didn't do the indenting, got this as I said from some other news sources, I think it got unformatted somewhere on the way. Apparently people say the code seems pretty good readable (I've read something like "better than linux kernel" I think [because linux source uses more abbreviations or whatever]).
Also I've read that people cleaned up the linux source by removing / editing all comments with "****" in them. But if you do a search for "suck", you'll still find funny stuff...
__________________
[ »] Entropy increases! :-/
|
|
|
16 Feb 2004, 23:49
|
#11
|
Ball
Join Date: Oct 2001
Posts: 4,410
|
Re: MS Windows source accessed by hackers
merged
|
|
|
17 Feb 2004, 03:38
|
#12
|
Registered User
Join Date: Jun 2000
Posts: 8,476
|
Re: Windows 2k source leaked
Quote:
Originally Posted by JetLinus
goto again;
}
break;
}
else {
CloseHandle(Thread);
}
again:;
}
|
...
|
|
|
17 Feb 2004, 08:35
|
#13
|
Rawr rawr
Join Date: Dec 2000
Location: Upside down
Posts: 5,300
|
Re: Windows 2k source leaked
Quote:
Originally Posted by Nodrog
...
|
Someone got a weird mind twist there... that's for sure
__________________
"Yay"
|
|
|
17 Feb 2004, 09:50
|
#14
|
Friendly geek of GD :-/
Join Date: Nov 2000
Location: On my metal roid
Posts: 923
|
Re: MS Windows source accessed by hackers
If someone actually got hold of the code AND understands C // Windows that much that he doesn't get lost, I'd be interested in process handling... Especially: How did they manage priorities? How are the shares distributed to the processes, and which parts of the OS can be "locked up" by crashed threads (infinite loops etc). You know... Also if someone is really interested, you might wanna find out to which extend IE and Windows are really connected -- if it's true what MS said: That you cannot "uninstall / remove" IE without "damaging" their OS (at least they claimed this in front of court, didn't they?).
__________________
[ »] Entropy increases! :-/
|
|
|
17 Feb 2004, 10:01
|
#15
|
Friendly geek of GD :-/
Join Date: Nov 2000
Location: On my metal roid
Posts: 923
|
Re: MS Windows source accessed by hackers
And there we are, first (?) security hole found within the source code: -> :eek: <-
Apparently in IE5, there is a signed integer used for an offset in bitmap handling. You can force an overflow (i.e. getting a negative int), producing a buffer overflow. So code contained in the bitmap could be executed (basically).
Although the author claims it doesn't work in IE6, someone reported Outlook Express 6.0 might crash... Now it starts, stuff in actual data-files, bad times ahead :-/
__________________
[ »] Entropy increases! :-/
|
|
|
18 Feb 2004, 00:45
|
#16
|
Ball
Join Date: Oct 2001
Posts: 4,410
|
Re: Windows 2k source leaked
Quote:
Originally Posted by JetLinus
Btw, have they not heard of "if i mod 50 == 0 then"?
|
It's unfair to criticise someone else's code style if they haven't asked for it. Maybe the modulo operator just slipped the writer's mind, or maybe he doesn't usually write in C. I try really, really hard not to waste time worrying about code style, particularly when it comes to writing tests; clearly he has mastered this skill where I haven't. He's even used two different syntaxes for the exact same for loop for some bizarre reason.
Though since I have picked up pedant-disease: if I had to make one comment it would be that using continue is much nicer than using goto.
Quote:
Originally Posted by JetLinus
If someone actually got hold of the code AND understands C // Windows that much that he doesn't get lost, I'd be interested in process handling... Especially: How did they manage priorities? How are the shares distributed to the processes, and which parts of the OS can be "locked up" by crashed threads (infinite loops etc). You know... Also if someone is really interested, you might wanna find out to which extend IE and Windows are really connected -- if it's true what MS said: That you cannot "uninstall / remove" IE without "damaging" their OS (at least they claimed this in front of court, didn't they?).
|
I'm fairly sure any information about thread priorities and scheduling is publicly available if you wish to struggle through MSDN. The browser-OS integration argument is obviously rubbish. The only hard thing is trying to argue to non-programmers against MS's lies. I don't see how looking through the code will help. I think 98lite (and maybe their 2k/XP version too? though WinCE/XP are sold as more modular anyway) did a lot of good.
|
|
|
18 Feb 2004, 20:06
|
#17
|
Registered User
Join Date: Aug 2000
Posts: 1,967
|
Re: MS Windows source accessed by hackers
Quote:
Originally Posted by JetLinus
And there we are, first (?) security hole found within the source code: -> :eek: <-
Apparently in IE5, there is a signed integer used for an offset in bitmap handling. You can force an overflow (i.e. getting a negative int), producing a buffer overflow. So code contained in the bitmap could be executed (basically).
Although the author claims it doesn't work in IE6, someone reported Outlook Express 6.0 might crash... Now it starts, stuff in actual data-files, bad times ahead :-/
|
Ohhh, its the end of the world. Someone found a bug on a program that has long sense been corrected. Ohh, what a word. What a world.
|
|
|
18 Feb 2004, 21:51
|
#18
|
Friendly geek of GD :-/
Join Date: Nov 2000
Location: On my metal roid
Posts: 923
|
Re: MS Windows source accessed by hackers
Quote:
Originally Posted by Intrepid00
Ohhh, its the end of the world. Someone found a bug on a program that has long sense been corrected. Ohh, what a word. What a world.
|
Yeah, sure, noone never ever nowhere still uses IE 5, how could I forget.
Good thing there aren't thousands (millions?) of people out there who could get "hacked" (and get there credit card details stolen) by a bitmap.
And yes yey punish those bastards for using a computer if they aren't tech professionals.
And credit card details for example shouldn't be stored on a computer anyway, right?
Pffff.
Probably more people out there using IE 5.x than Linux [/me ducks and runs away]
__________________
[ »] Entropy increases! :-/
|
|
|
18 Feb 2004, 22:12
|
#19
|
Registered User
Join Date: Aug 2000
Posts: 1,967
|
Re: MS Windows source accessed by hackers
Quote:
Originally Posted by JetLinus
Yeah, sure, noone never ever nowhere still uses IE 5, how could I forget.
Good thing there aren't thousands (millions?) of people out there who could get "hacked" (and get there credit card details stolen) by a bitmap.
And yes yey punish those bastards for using a computer if they aren't tech professionals.
And credit card details for example shouldn't be stored on a computer anyway, right?
Pffff.
Probably more people out there using IE 5.x than Linux [/me ducks and runs away]
|
In Reponse...
Quote:
It seems a company called "Mainsoft" (that licensed windows or anything) were using an outdated FTP (wuftp?) version on a linux server, and the code leaked from there...
|
Use outdated software, be at risk.
|
|
|
21 Feb 2004, 04:47
|
#20
|
¯¯¯¯¯¯¯¯¯
Join Date: May 2001
Location: Sept 2057
Posts: 1,813
|
Re: MS Windows source accessed by hackers
Quote:
Originally Posted by Mit
enable better support for NTFS
|
Pity the source for ntfs.sys is one of the most notably missing files.
__________________
in my sig i write down all my previous co-ords and alliance positions as if they matter because I'm not important enough to be remembered by nickname alone.
|
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
|
All times are GMT +1. The time now is 18:45.
| |