RE: [Full-Disclosure] Windows 2000 Source Leak Verified. Get ready for the havoc.

From: Aditya, ALD [Aditya Lalit Deshmukh] (aditya.deshmukh_at_online.gateway.technolabs.net)
Date: 02/16/04

  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Windows 2000 Source Leak Verified. Get ready for the havoc."
    To: <Valdis.Kletnieks@vt.edu>, "Lee" <cheekypeople@sec33.com>
    Date: Mon, 16 Feb 2004 10:08:49 +0530
    
    

    off topic, just some random thoughts

    maybe ms will "release" the next batch of 1/3 code in some time for "peer review" so that they can remove all the bugs and security holes before the next release of windows - long horn is that it ?

    as per ms windows is more secure because it has closed source now... so with the source in the open windows is not secure any more.

    are we going to see mass dumping of windows machines due to this ?

    -aditya

    > -----Original Message-----
    > From: full-disclosure-admin@lists.netsys.com
    > [mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of
    > Valdis.Kletnieks@vt.edu
    > Sent: Monday, February 16, 2004 4:28 AM
    > To: Lee
    > Cc: ald2003@users.sourceforge.net; dotsecure@hushmail.com;
    > full-disclosure@lists.netsys.com; bugtraq@securityfocus.com
    > Subject: Re: [Full-Disclosure] Windows 2000 Source Leak Verified. Get
    > ready for the havoc.
    >
    >
    > On Sat, 14 Feb 2004 16:42:39 GMT, Lee <cheekypeople@sec33.com> said:
    > > again its 1/100 of standardd MS code for a OS, lets get a grip
    > please... and
    > > I think I see the company who let the source get loose come out and say
    >
    > Most earlier estimates of the Win2K source were about 45M lines
    > of code (I think
    > the "40 gig" being tossed around is the size of the
    > source-control-system database).
    > And I've seen the number 12.5M lines of code escaped. That's
    > closer to 1/3 than
    > to 1/100.
    >
    > And remember that there's a synergistic effect - when you have
    > THAT big of a chunk
    > of the source, you can start making a lot more educated guesses
    > about what the
    > other 2/3 are...
    >

    ________________________________________________________________________
    Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Windows 2000 Source Leak Verified. Get ready for the havoc."

    Relevant Pages

    • Re: Any Way to Run Windows 2000 From Read-Only CD?
      ... Your point regarding infecting the computer during runtime when the disk is ... Now, regarding UNIX versus Windows, I try to have a balanced view. ... administrator can isolate those and secure them. ...
      (microsoft.public.windows.server.security)
    • Re: The Myth of the secure Mac
      ... >>> secure than Home. ... Though this really has nothing to do with security. ... >>> I, on the other hand, was speaking about overall Windows security, not ... I do believe that Microsoft could adjust their prices for the ...
      (comp.sys.mac.advocacy)
    • Re: migrating from Win2K to XP?
      ... > secure since not too many users are out there and perhaps not too many ... magically install themselves on anyone's computer. ... reliable and up-to-date antivirus software, ... Multibooting with Windows 2000 and Windows XP ...
      (microsoft.public.windowsxp.basics)
    • Re: The Myth of the secure Mac
      ... OEM Windows XP Home goes for a bit under $100. ... >> secure than Home. ... Though this really has nothing to do with security. ... Microsoft counts on third-party developers to provide more ...
      (comp.sys.mac.advocacy)
    • Re: Privilege-escalation attacks on NT-based Windows are unfixable
      ... Whereas this is a systemic design flaw in the Windows API. ... >applications and if necessary fix them or to get Microsoft to fix the API. ... The OS does not require secure processes to open windows on the user's ... of the more naively-written services that interact with the desktop: ...
      (comp.security.misc)