Windows Source Hack Released
by Frogger · in General Discussion · 02/13/2004 (3:56 pm) · 14 replies
Today, some hackers got hold of some parts of the windows source code! should make virus outbreaks go even higher now...
#2
Sad world we live in.
02/13/2004 (4:47 pm)
Sad thing about virus outbreaks is that the "hackers" seem to think they are sticking it to Mircosoft when in reality all they are sticking it to people like my mom who got her PC trashed by a virus. Sad world we live in.
#3
having holes in your os Is the problem.
getting them fixed Should be priority.
to say that just cause it there, doesnt mean someone should attack it, it not smart..
you Really dont wanna leave yourself open to something you dont know about.
I think if there is a problem it should be Exposed and Fixed.
if the manufacturer cannot do it.. Someone Has too.
there should be a Security Standard company Responsable for ensuring this product is safe.
and once a product this complex is released it should be under constant scrutiny from such a company.
and I dont mean the overall operation and Black Box testing.
Sometimes, it is best to know all components of the system
and study them together for "issues" and of course Microsoft is capable of this to a certian level.
but it is obviously not working.
it's been ten years and all products have security issues.
So to have the code put in the safe hands of the public.
it Will be scrutinized for vantage points in the object relation ships.
and as they get found they will be used, which sucks.. but lets put this part back to the Manufacturer and whoever lets them sell thier unsafe untested product, that Screams Lies about how indepth all the security features are to keep it safe.
No where do they say with thier security comments that yes we do get broken into all the time.
at any rate this is a good thing cause now the problems will be known to not one or two .. or five.
but Many and as they come and this will bring a wave of solutions.
and hopefully at the same time people will realize why and how safe open source can be for everyone involved.
This is a training exercise.
lets see how it unfolds.
02/13/2004 (4:59 pm)
Bah, you all maybe have the wrong perspective.having holes in your os Is the problem.
getting them fixed Should be priority.
to say that just cause it there, doesnt mean someone should attack it, it not smart..
you Really dont wanna leave yourself open to something you dont know about.
I think if there is a problem it should be Exposed and Fixed.
if the manufacturer cannot do it.. Someone Has too.
there should be a Security Standard company Responsable for ensuring this product is safe.
and once a product this complex is released it should be under constant scrutiny from such a company.
and I dont mean the overall operation and Black Box testing.
Sometimes, it is best to know all components of the system
and study them together for "issues" and of course Microsoft is capable of this to a certian level.
but it is obviously not working.
it's been ten years and all products have security issues.
So to have the code put in the safe hands of the public.
it Will be scrutinized for vantage points in the object relation ships.
and as they get found they will be used, which sucks.. but lets put this part back to the Manufacturer and whoever lets them sell thier unsafe untested product, that Screams Lies about how indepth all the security features are to keep it safe.
No where do they say with thier security comments that yes we do get broken into all the time.
at any rate this is a good thing cause now the problems will be known to not one or two .. or five.
but Many and as they come and this will bring a wave of solutions.
and hopefully at the same time people will realize why and how safe open source can be for everyone involved.
This is a training exercise.
lets see how it unfolds.
#4
Microsoft has probably the largest, most experienced, and most well-organized QA division in the world. The number I heard was that they have 2 QA people for every programmer. They really do take it seriously, in spite of armchair quarterbacking on the part of Microsoft haters everywhere. But no matter how many QA people you have working how many hours for you, or how many peer reviews you have, that can't compare to millions of users relentlessly hammering on your software and thousands of black-hats trying to find exploits.
I could provide you with a nice BIG list of security holes in all kinds of popular open-source products... in fact, you can go on out to www.securityfocus.com and find that out for yourself. The list would be a heck of a lot bigger if it wasn't for the relative OBSCURITY of some of these projects. Open Source is a wonderful thing, but if you think it makes you more secure, you are living in a fool's paradise.
02/13/2004 (5:50 pm)
I work for a security company. We have a running joke that Microsoft keeps us in business. But the truth of the matter is --- ANY operating system or software that had such a big ol' bullseye painted on them as Microsoft would be riddled with just as many holes, if not more. Microsoft has probably the largest, most experienced, and most well-organized QA division in the world. The number I heard was that they have 2 QA people for every programmer. They really do take it seriously, in spite of armchair quarterbacking on the part of Microsoft haters everywhere. But no matter how many QA people you have working how many hours for you, or how many peer reviews you have, that can't compare to millions of users relentlessly hammering on your software and thousands of black-hats trying to find exploits.
I could provide you with a nice BIG list of security holes in all kinds of popular open-source products... in fact, you can go on out to www.securityfocus.com and find that out for yourself. The list would be a heck of a lot bigger if it wasn't for the relative OBSCURITY of some of these projects. Open Source is a wonderful thing, but if you think it makes you more secure, you are living in a fool's paradise.
#5
Unfortunately, that doesn't work with computers, although if I knew for sure someone was making viruses and/ or hacking, I'd introduce their face to the closest wall.
So, basically Badguy is right, fix the holes and pray.
But, if virus makers and hackers are caught, they should get something like a 20 year minimum sentence, that might just deter some of them, but obviously not all of them. It sucks that some people enjoy causing misfortune on so many others.
02/13/2004 (5:57 pm)
I totally disagree, just because someone can do something, should they? If I caught someone breaking into my house when I was home, I'd send them to hell with my .357. I did find a guy who bragged about breaking into my house years ago, and smahed every window on his Mustang, then I told him I was the one, and if he was smart, he would leave town, and now he lives up north.Unfortunately, that doesn't work with computers, although if I knew for sure someone was making viruses and/ or hacking, I'd introduce their face to the closest wall.
So, basically Badguy is right, fix the holes and pray.
But, if virus makers and hackers are caught, they should get something like a 20 year minimum sentence, that might just deter some of them, but obviously not all of them. It sucks that some people enjoy causing misfortune on so many others.
#6
see it's like this..
I didn't say Open Source Products are the most secure..
nor did I state that Open Source Products are Bullet Proof.
I did on the other hand insinuate that with Open Source Development you are more likely to discover problems and solutions.
as well I also stated that they had the power to develope secure products thru means of quality assurance methods.
I also stated that thier system has many problems as proven by the simpler problems thier software has produced.
It really reads from you that they are doing a good enough job.
I reiterate my belief that another process has to be in place to control and administrate thier operations.
for one simple reason.
the government and the people are using a product of thiers.
the vigurous testing our food and drugs are a good example of what needs to be in place for software of this caliber.
if you dont agree?
that is fine.
to call me an "armchair quarterback" is insulting at best.
we dont need to share my thoughts of someone who would tell me that microsoft has done a fine job developing a secure solution to humanities needs of computers, and finish up with stating we can only dream of a secure open source solution..
02/13/2004 (6:32 pm)
To say Open Source does not provide a path to better security is living in a fool's paradise.see it's like this..
I didn't say Open Source Products are the most secure..
nor did I state that Open Source Products are Bullet Proof.
I did on the other hand insinuate that with Open Source Development you are more likely to discover problems and solutions.
as well I also stated that they had the power to develope secure products thru means of quality assurance methods.
I also stated that thier system has many problems as proven by the simpler problems thier software has produced.
It really reads from you that they are doing a good enough job.
I reiterate my belief that another process has to be in place to control and administrate thier operations.
for one simple reason.
the government and the people are using a product of thiers.
the vigurous testing our food and drugs are a good example of what needs to be in place for software of this caliber.
if you dont agree?
that is fine.
to call me an "armchair quarterback" is insulting at best.
we dont need to share my thoughts of someone who would tell me that microsoft has done a fine job developing a secure solution to humanities needs of computers, and finish up with stating we can only dream of a secure open source solution..
#7
Do you really want keep your indie game from being released because it has to get an "FDA" type approval? Its software that will be used by people and maybe someone in the goverment. Do you want to pay for that?
Do you release all your source code so others can find your bugs? If so please post the links here so all of use can download all your code an ensure its safe for people to use. If you don't do that, then your words of wisdom fall somewhat short on why Microsoft should do that.
02/13/2004 (6:42 pm)
Badguy,Do you really want keep your indie game from being released because it has to get an "FDA" type approval? Its software that will be used by people and maybe someone in the goverment. Do you want to pay for that?
Do you release all your source code so others can find your bugs? If so please post the links here so all of use can download all your code an ensure its safe for people to use. If you don't do that, then your words of wisdom fall somewhat short on why Microsoft should do that.
#8
if your insane enuff to classify a game with an operating system.
as a hint to the relationship there you can discover that the Operating System controls the Game Process..
so therefore has the Ability to perform administration upon it.
02/13/2004 (7:03 pm)
Heh yea..if your insane enuff to classify a game with an operating system.
as a hint to the relationship there you can discover that the Operating System controls the Game Process..
so therefore has the Ability to perform administration upon it.
#9
Yeah, Government restrictions, approval and beauracracy ALWAYS streamline the process and lead to better products. What fucking planet are you from? These bozos haven't even figured out the internet, digital copyright and censorship. And you expect them to approve an OS?
02/13/2004 (10:04 pm)
Badguy, thats the biggest crock of shit I have ever seen. It must be nice to have some pseudo-bullshit to hide behind. The hypocracy is stunning.Yeah, Government restrictions, approval and beauracracy ALWAYS streamline the process and lead to better products. What fucking planet are you from? These bozos haven't even figured out the internet, digital copyright and censorship. And you expect them to approve an OS?
#10
getting them fixed Should be priority."
Having a hole in the OS has never been a problem. Having people that see it as an excuse to attack is the problem. Honest people don't screw with other peoples stuff.
"to say that just cause it there, doesnt mean someone should attack it, it not smart.."
While that may not be smart, it still doesn't change the fact that it's true. Leaving your car running at the mall while you shop may not be smart, but it doesn't negate the fact that someone taking it is illegal.
"I think if there is a problem it should be Exposed and Fixed."
Which is precisely why REPUTABLE people notify the manufacturer of the flaw and provide full disclosure of their findings. It's the ones that intentionally use the info to do harm that make this a problem. The REAL focus here is not the fact that Microsoft has holes, it's that OBVIOUSLY there are not strict enough laws to deter those that would do harm.
"there should be a Security Standard company Responsable for ensuring this product is safe."
It is safe. Are you aware of anyone that was seriously injured or killed by Windows? Car manufacturers have worked for decades to make their cars safer and safer. And yet with seatbelts, airbags, anti-lock braking, and crash zone engineering the number of auto deaths continues to rise year after year. So are the any safer today than they were 50 years ago?
"it's been ten years and all products have security issues."
That's right. ALL products, not just Microsofts.
"at any rate this is a good thing cause now the problems will be known to not one or two .. or five.
but Many and as they come and this will bring a wave of solutions."
OK, you really believe that? Let me tell you what I believe. If you walk into a store, and steal 10 apples, if you are caught, you will be charged with one count of burglary, and 10 counts of theft of property. But if you release the worlds greatest virus, what will you get? You don't know? EXACTLY. Now lets say that you heard on the news about a guy that was charged with one count of conspiracy to commit computer destruction and 3 million counts of vandalism(one for each computer his virus infected) and was put away for the rest of his life, who do you think would be trying to release the next greatest virus? There is your solution.
"and hopefully at the same time people will realize why and how safe open source can be for everyone involved."
Open source is completely insecure by it's very nature. Open is just that, open. However I will agree that with everyone looking for a solution you are more likely to find one, yet at the same time you are just as likely to find the next hole. And unless everyone is under a stricter set of laws that deter them from using holes for illegal means then you will still have those that will exploit the holes untill someone else discovers its existance and fixes it. There is no such thing as perfect software. Just ask General Electric. Their software caused the greatest blackout in history and yet I don't hear you crying that the government should be investigating their stuff. Tell me, when was the last time Microsoft put 50 million people out of power?
http://www.securityfocus.com/news/8016
"It really reads from you that they are doing a good enough job."
Win95, Win98, Win2000, WinXP
That is proof that Microsoft is trying to make a better product year after year after year. And they have succeeded. But think of how much better it could be if they weren't being attacked by their own customers. People have had over a decade to study and attack Microsoft code, and the odds are in their favor. Microsoft has an enormous operation to maintain, and they are doing a hell of a lot to protect their product despite the way it may appear.
02/14/2004 (4:38 am)
"having holes in your os Is the problem.getting them fixed Should be priority."
Having a hole in the OS has never been a problem. Having people that see it as an excuse to attack is the problem. Honest people don't screw with other peoples stuff.
"to say that just cause it there, doesnt mean someone should attack it, it not smart.."
While that may not be smart, it still doesn't change the fact that it's true. Leaving your car running at the mall while you shop may not be smart, but it doesn't negate the fact that someone taking it is illegal.
"I think if there is a problem it should be Exposed and Fixed."
Which is precisely why REPUTABLE people notify the manufacturer of the flaw and provide full disclosure of their findings. It's the ones that intentionally use the info to do harm that make this a problem. The REAL focus here is not the fact that Microsoft has holes, it's that OBVIOUSLY there are not strict enough laws to deter those that would do harm.
"there should be a Security Standard company Responsable for ensuring this product is safe."
It is safe. Are you aware of anyone that was seriously injured or killed by Windows? Car manufacturers have worked for decades to make their cars safer and safer. And yet with seatbelts, airbags, anti-lock braking, and crash zone engineering the number of auto deaths continues to rise year after year. So are the any safer today than they were 50 years ago?
"it's been ten years and all products have security issues."
That's right. ALL products, not just Microsofts.
"at any rate this is a good thing cause now the problems will be known to not one or two .. or five.
but Many and as they come and this will bring a wave of solutions."
OK, you really believe that? Let me tell you what I believe. If you walk into a store, and steal 10 apples, if you are caught, you will be charged with one count of burglary, and 10 counts of theft of property. But if you release the worlds greatest virus, what will you get? You don't know? EXACTLY. Now lets say that you heard on the news about a guy that was charged with one count of conspiracy to commit computer destruction and 3 million counts of vandalism(one for each computer his virus infected) and was put away for the rest of his life, who do you think would be trying to release the next greatest virus? There is your solution.
"and hopefully at the same time people will realize why and how safe open source can be for everyone involved."
Open source is completely insecure by it's very nature. Open is just that, open. However I will agree that with everyone looking for a solution you are more likely to find one, yet at the same time you are just as likely to find the next hole. And unless everyone is under a stricter set of laws that deter them from using holes for illegal means then you will still have those that will exploit the holes untill someone else discovers its existance and fixes it. There is no such thing as perfect software. Just ask General Electric. Their software caused the greatest blackout in history and yet I don't hear you crying that the government should be investigating their stuff. Tell me, when was the last time Microsoft put 50 million people out of power?
http://www.securityfocus.com/news/8016
"It really reads from you that they are doing a good enough job."
Win95, Win98, Win2000, WinXP
That is proof that Microsoft is trying to make a better product year after year after year. And they have succeeded. But think of how much better it could be if they weren't being attacked by their own customers. People have had over a decade to study and attack Microsoft code, and the odds are in their favor. Microsoft has an enormous operation to maintain, and they are doing a hell of a lot to protect their product despite the way it may appear.
#11
Are you kidding? Don't buy it. That's control, and you have it. You can simply choose to not support them, and that's all the control you need. There are alternatives and when people feel they have had enough, they'll use them.
"for one simple reason. the government and the people are using a product of thiers."
And the can choose not to use it, and they have. Read the news, entire countries have stopped using Microsoft. The funny part is when the whine about having problems moving to a new platform. As if it's their right to be able to move to another platform easily. Most people forget that they use Microsoft because Microsoft made life easier for all of us.
"the vigurous testing our food and drugs are a good example of what needs to be in place for software of this caliber."
I'll agree to that as soon as I start eating my OS, or as soon as booting up puts my life at risk. Untill then, that's just plain stupid.
"Heh yea..
if your insane enuff to classify a game with an operating system."
Well, you were insane enough to classify an operating system with food and drugs.
02/14/2004 (4:38 am)
"I reiterate my belief that another process has to be in place to control and administrate thier operations."Are you kidding? Don't buy it. That's control, and you have it. You can simply choose to not support them, and that's all the control you need. There are alternatives and when people feel they have had enough, they'll use them.
"for one simple reason. the government and the people are using a product of thiers."
And the can choose not to use it, and they have. Read the news, entire countries have stopped using Microsoft. The funny part is when the whine about having problems moving to a new platform. As if it's their right to be able to move to another platform easily. Most people forget that they use Microsoft because Microsoft made life easier for all of us.
"the vigurous testing our food and drugs are a good example of what needs to be in place for software of this caliber."
I'll agree to that as soon as I start eating my OS, or as soon as booting up puts my life at risk. Untill then, that's just plain stupid.
"Heh yea..
if your insane enuff to classify a game with an operating system."
Well, you were insane enough to classify an operating system with food and drugs.
#12
Guys, (and gals) I agree that hackers are a problem and don't have the right to do what they do. I also agree that open source is a great forum for discovering and patching holes (and holes there will be). I have seen it encourage hackers to turn into very helpful people as their feedback becomes valued.
As for Microsoft, security clearly has not been "job 1" although it has moved well up the cue in recent years. Outlook was not only targeted because it is the most popular email client, it also created more opportunities to exploit than any other client. But I have to conceed that MS has been patching up the holes - I conceed to the point of using Outlook on my Windows drive.
Honestly we need to look at hacking as a national security issue. The GE powergrid comment is a fair one. We don't need hackers taking us down but we do need them to find the holes. This is a hostile world and we have enemies who will gladly use hacking as a weapon against us. I say we need to be on our toes.
02/14/2004 (6:51 am)
@Willbkool - I bet Microsoft wishes they had you on their payroll right now! Just curious, is your 357 a "Python"? I suspect Colt of using the name to subliminaly corner the programmer market. I've even heard rumors the 1911 might be replaced by a model called "Java".Guys, (and gals) I agree that hackers are a problem and don't have the right to do what they do. I also agree that open source is a great forum for discovering and patching holes (and holes there will be). I have seen it encourage hackers to turn into very helpful people as their feedback becomes valued.
As for Microsoft, security clearly has not been "job 1" although it has moved well up the cue in recent years. Outlook was not only targeted because it is the most popular email client, it also created more opportunities to exploit than any other client. But I have to conceed that MS has been patching up the holes - I conceed to the point of using Outlook on my Windows drive.
Honestly we need to look at hacking as a national security issue. The GE powergrid comment is a fair one. We don't need hackers taking us down but we do need them to find the holes. This is a hostile world and we have enemies who will gladly use hacking as a weapon against us. I say we need to be on our toes.
#13
Why are they allowed to run in trusted mode? Well, because many of them are useless without it. How useful would your applications be if they couldn't write to the hard drive to store data? Even games have save slots.
Now guess what? If your game communicates with the outside world in any way --- downloading data, maybe auto-patching, maybe just reading a high score table... it becomes a potential attack vector for hackers / viruses / worms. It happens all the time... to open-source as well as proprietary software.
02/14/2004 (11:43 am)
Quote:Heh yea..Guess what? A great number of security holes come not from the operating system itself, but from the applications running in some kind of trusted mode on their system.
if your insane enuff to classify a game with an operating system.
as a hint to the relationship there you can discover that the Operating System controls the Game Process..
so therefore has the Ability to perform administration upon it.
Why are they allowed to run in trusted mode? Well, because many of them are useless without it. How useful would your applications be if they couldn't write to the hard drive to store data? Even games have save slots.
Now guess what? If your game communicates with the outside world in any way --- downloading data, maybe auto-patching, maybe just reading a high score table... it becomes a potential attack vector for hackers / viruses / worms. It happens all the time... to open-source as well as proprietary software.
#14
02/16/2004 (5:29 am)
Hmmmmm maybe a firewall is a good idea
Torque Owner mm