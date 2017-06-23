Follow Slashdot stories on Twitter

 


According to an exclusive report via The Register, "a massive trove of Microsoft's internal Windows operating system builds and chunks of its core source code have leaked online." From the report: The data -- some 32TB of installation images and software blueprints that compress down to 8TB -- were uploaded to betaarchive.com, the latest load of files provided just earlier this week. It is believed the data has been exfiltrated from Microsoft's in-house systems since around March. The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code. Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels. In addition to this, hundreds of top-secret builds of Windows 10 and Windows Server 2016, none of which have been released to the public, have been leaked along with copies of officially released versions.

  • Telemetry (Score:4, Interesting)

    by OtisSnerd ( 600854 ) on Friday June 23, 2017 @10:13PM (#54679579)
    Maybe now we'll be able to find out what the telemetry actually sends back to MS and the three-letter agencies. It would also be nice for some to develop a way to completely kill it.

    by markdavis ( 642305 ) on Friday June 23, 2017 @10:38PM (#54679703)

    Too bad it STILL won't tell anyone what is actually on a machine when a binary MS-Windows is installed. You still won't know what back doors, spyware, weakened encryption, "telemetry" sharing, and extra code was injected for the governments. And good luck on building something you will be able to actually install and use. This breech is unlikely to help anyone but black hatters, looking for vulnerabilities.

    Meanwhile, grab distro Linux sources legally, see anything and everything you desire, and compile it and run it if you like.... it is actually DESIGNED to be compiled by people and groups who use it, if wanted.

  • This just in: it appears that many terabytes of Linux and GNU source code have also been leaked to the internet. Anyone who has this information can scour it for security vulnerabilities.
    ... of the time the most religious manager at our Dallas office (nice guy, too) made me take a goddam trip to meet with him because he came in early and went to the network printer to get his stuff and his stack of papers included photos of nekkid wimmins.

    He told me to look at the logs and tell him who printed the porn.

    I informed the guy that with over 500 users who could choose any printer on any floor, that was not going to happen.

    He was upset and frustrated and asked me why I couldn't help.

    I told him that messages and logs related to printers were designed to aid in troubleshooting tech problems -- not to address personnel misconduct.

    --

    That's the answer here, as well.

    No amount of infosec is going to stop determined employees.

    For reference, see Manning, Snowden, and Winner.

      Then you should have redesigned the network such that the printers were not directly accessible to users, and they had to funnel data through a central print server which *does* log what was printed and by whom. Aside from the reason given (likely a severe violation of the company code of conduct), you get other benefits too like keeping (usually horrendously insecure) printers away from the user network, being able to tell who's printing copies of company data that might have leaked out, and keeping track

  • Some of the Windows code was released. It was downplayed. But everyone had a good laugh at the notes which were left in it like (language cleaned up and paraphrasing.): My personal favorite..."Why was this section added?" - "Because someone is doing something way above our pay grade." - "Take this out! It could be exploited" - "It's been two years, why is this still here?" - "This was put in for a reason. Don't take it out again." - "I removed it because It could be exploited!" - "I don't give a m***er f**

  • In other news, thousands of programmers appear to have gone blind and insane while screaming, "The Spaghetti! The Horror! It burns my eyes!"

