CastleCops® - Microsoft Searches for Source of Leak

Microsoft Searches for Source of Leak

Opinions on the origin and severity of leaked Windows code vary.
Paul Roberts and Joris Evers, IDG News Service
Friday, February 13, 2004

Microsoft continues to investigate the leak of some of the closely-guarded code underlying its Windows 2000 and Windows NT products. Meanwhile, Mainsoft, a partner company, is responding to allegations that it was the source of the leak.

As computer security experts offered differing opinions on the source and severity of the leak, Microsoft declined to comment on its investigation Friday, but did say its Shared Source Initiative program was not to blame.

There was no breach of either our internal security or any [security] from our shared source initiative, Microsoft spokesperson Tom Pilla says.

Security experts postulated Thursday that the leak may have come from one of the many organizations that signed up for programs under Microsoft's Shared Source Initiative, under which enterprise users, academics and others can get controlled access to select parts of Microsoft's source code.

Source code is computer code in the form of readable lines of text, usually with comments. It can be compiled into programs that can be run but not read. The Windows code on users' PCs is all compiled code.

Reading Between the Lines
Parts of the leaked code reviewed by IDG News Service point to Mainsoft, a San Jose, California-based Microsoft partner. Microsoft has provided Mainsoft with access to its source code for several years. Mainsoft uses the code to enhance graphics for Unix-based CAD/CAM (Computer Aided Design/Computer Aided Modeling) applications, it says.

One example of a reference to Mainsoft is in a file named download.cpp. It contains a statement that the API (Application Program Interface) is not yet implemented by Mainsoft and that it needs an extra check on Unix. Other files also contain similar statements, for use by developers, mixed in with the computer code.

Mainsoft says it takes the matter seriously and will cooperate with the inquiry into the source code leak. Mainsoft recognizes the gravity of the situation. We will cooperate fully with Microsoft and all authorities, says a company spokesperson reading from a prepared statement from Mike Gullard, Mainsoft chairman of the board.

Microsoft's Pilla declines to comment on the Mainsoft link, but says the company is not part of Microsoft's Shared Source Initiative.

No Assumptions
Experts warn not to jump to conclusions and that a mention of Mainsoft in the code does not mean the company is the source of the leak.

It does not prove anything. The code could have been edited and it does not prove that they are the leak, says Ken Dunham, director of malicious code at IDefense in Reston, Virginia.

In fact, while examining the leaked code, IDefense found that it likely was first leaked in mid-2001. Somebody subsequently tampered with it before it was spread on the Internet and the leak became public on Thursday, Dunham says.

We see mixture of clean and somewhat sloppy code that does not look like Microsoft code. It does look like somebody got hold of it and meddled around with it for a while and then it got released into the underground, he says.

Those who have downloaded the source code claim to have a 200MB compressed file that expands into roughly 600MB of code, enough to fit on one CD-ROM. Microsoft has not commented on what source code was leaked, but IDefense and others say it includes parts of the Windows kernel, the core of the operating system.

This puts the blueprints in the hands of the enemy and that is the worst thing you want to do in a war with the attackers on the Internet. Now they will take that code and rip it up, debug it, and exploit it, IDefense's Dunham says.

In the Wrong Hands..................................
More at PCWorld


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 147ppm 1.391s (0.01s) Making cybercriminals unhappy since 2002*