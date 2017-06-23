32TB of Windows 10 Internal Builds, Core Source Code Leak Online (theregister.co.uk) 60
According to an exclusive report via The Register, "a massive trove of Microsoft's internal Windows operating system builds and chunks of its core source code have leaked online." From the report: The data -- some 32TB of installation images and software blueprints that compress down to 8TB -- were uploaded to betaarchive.com, the latest load of files provided just earlier this week. It is believed the data has been exfiltrated from Microsoft's in-house systems since around March. The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code. Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels. In addition to this, hundreds of top-secret builds of Windows 10 and Windows Server 2016, none of which have been released to the public, have been leaked along with copies of officially released versions.
Seems The Register story may not be accurate, or if you prefer FAKE NEWS!
Re: (Score:3)
"Many eyes makes bugs shallow" is not so much the point...
Rather is having a level playing field for everyone, anyone can see the code, good and bad guys alike.
With closed source *you* probably don't have the code and white hat security researchers probably don't have the code, but you have no idea who else (NSA and similar agencies, criminals etc) does. Chances are with closed source those who do have the code are more likely to have hostile motives.
the source code can make generating the exploit once you have found the vulnerability much easier.
That's an understatement.
But even though code analysis is painful and slow, it doesn't stop the OpenBSD people and others from doing some, historically demonstrating good results for their efforts.
Telemetry (Score:4, Interesting)
A) Plenty of muslims would disagree that you aren't born Muslim... you know, the sorts that would like to kill you.
B) Plenty of Muslims would disagree with the idea that you can just choose to leave... you know, the sorts that would like to kill you, and those who try to leave.
C) 'Muslim' isn't a race. Is a rabid atheist who hates religion racists for wanting to punish Christians?
Too bad (Score:3)
Too bad it STILL won't tell anyone what is actually on a machine when a binary MS-Windows is installed. You still won't know what back doors, spyware, weakened encryption, "telemetry" sharing, and extra code was injected for the governments. And good luck on building something you will be able to actually install and use. This breech is unlikely to help anyone but black hatters, looking for vulnerabilities.
Meanwhile, grab distro Linux sources legally, see anything and everything you desire, and compile it and run it if you like.... it is actually DESIGNED to be compiled by people and groups who use it, if wanted.
