[Full-Disclosure] W2K source "leaked"?

From: Gadi Evron (ge_at_egotistical.reprehensible.net)
Date: 02/12/04

  • Next message: tlarholm_at_pivx.com: "[Full-Disclosure] RE: W2K source "leaked"?"
    To: bugtraq@securityfocus.com
    Date: Thu, 12 Feb 2004 23:48:52 +0200
    
    

    A couple of days ago a friend of mine drew my attention to the source
    making rounds on the encrypted p2p networks, I was hoping it would take
    a bit longer for it to be "out", but that was just day-dreaming.

    Thor Larholm just gave me this URL, as you can notice, the server is busy:
    http://www.neowin.net/comments.php?id=17509

    I never believed in 0-days. "New" or more to the point
    un-known-to-the-public exploits and vulnerabilities exist and are being
    used.
    In my opinion "0-days" virtually don't exist. It's usually either some
    vulnerability that is long known and a COP or a worm is created. Or
    exploits that will nearly never see the "public" but exist and are used
    by few individuals.. but now... I don't know.

    How often does a brand new exploit come out without prior warning and
    "attack" the net?

    *If* this really is the.. _real_ source code for W2K (and according to
    the article NT4 as well).... we'll see what happens next.

    People didn't need help finding vulnerabilities in Windows before, but
    it just became a whole lot easier and a lot less demanding on the "m4d
    #4x0r 5k111z".

    I can't really say that the article is right and the source was "leaked"
    or "stolen". The source is being sold/given (?) for years now to EDU's
    and commercial companies for research purposes (not to mention China..).
    I suppose foul play is always possible.

    Can anyone confirm this is the real source code? How about a press
    release? :)

            Gadi Evron

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: tlarholm_at_pivx.com: "[Full-Disclosure] RE: W2K source "leaked"?"

    Relevant Pages

    • W2K source "leaked"?
      ... making rounds on the encrypted p2p networks, I was hoping it would take ... un-known-to-the-public exploits and vulnerabilities exist and are being ... the article NT4 as well).... ...
      (Bugtraq)
    • W2K source "leaked"?
      ... making rounds on the encrypted p2p networks, I was hoping it would take ... un-known-to-the-public exploits and vulnerabilities exist and are being ... the article NT4 as well).... ...
      (Full-Disclosure)
    • [Full-disclosure] Fwd: Regarding your comment on FD
      ... upcoming website and business venture in relation to security. ... vulnerabilities found by me. ... corporate networks, rather than the consumer. ... of sites featuring vulnerabilities on consumer networks, products, but ...
      (Full-Disclosure)
    • Re: Vulnerability Scanning large networks
      ... Nessus is for unix and free, and one of best. ... >> and Accounts, password vulnerabilities, publishing extensions, and more." ... >> limited to only scanning Windows NT networks for vulnerabilities. ...
      (Security-Basics)
    • [Full-Disclosure] Re: W2K source "leaked"?
      ... Operating Systems Administrator ... Server Operations and Support Center ... un-known-to-the-public exploits and vulnerabilities exist and are being ... the article NT4 as well).... ...
      (Full-Disclosure)