Full Disclosure mailing list archives
RE: W2K source "leaked"?
From: "Drew Copley" <dcopley () eeye com>
Date: Fri, 13 Feb 2004 10:53:44 -0800
-----Original Message----- From: Joe Quigley [mailto:joe.quigley () forum com] Sent: Friday, February 13, 2004 9:00 AM To: Drew Copley; Gadi Evron; bugtraq () securityfocus com Cc: full-disclosure () lists netsys com Subject: RE: W2K source "leaked"? Drew Copley once said:We should prepare for this now.Anyone care to comment how we can prepare for this?? Except for moving from the Windows platform, I don't see how we can. Please do not take this as knock against Drew and his opinion. It most certainly isn't. I really would like to hear others thoughts on this. Thanks in advance.
What is knocking my opinion? I just said there is a problem. There are a lot of potential solutions. And, it isn't a Windows only problem. Some solutions are class based anomaly detection, kernel level hooking (systrace), hardware and software protection against exploit code like dll rebasing or secure compilers, etc, etc. A lot of companies have already been protecting their clients against new vulnerabilities. This isn't a new issue at all. But, I don't think a lot of people really think about it as they should.
-----Original Message----- From: Gadi Evron [mailto:ge () egotistical reprehensible net] Sent: Thursday, February 12, 2004 1:49 PM To: bugtraq () securityfocus com Cc: full-disclosure () lists netsys com; Thor Larholm Subject: W2K source "leaked"? A couple of days ago a friend of mine drew my attention tothe sourcemaking rounds on the encrypted p2p networks, I was hoping it would take a bit longer for it to be "out", but that was just day-dreaming. Thor Larholm just gave me this URL, as you can notice, the server is busy: http://www.neowin.net/comments.php?id=17509 I never believed in 0-days. "New" or more to the point un-known-to-the-public exploits and vulnerabilities exist and are being used. In my opinion "0-days" virtually don't exist. It's usuallyeither somevulnerability that is long known and a COP or a worm is created. Or exploits that will nearly never see the "public" but exist and are used by few individuals.. but now... I don't know. How often does a brand new exploit come out without priorwarning and"attack" the net? *If* this really is the.. _real_ source code for W2K (andaccording tothe article NT4 as well).... we'll see what happens next. People didn't need help finding vulnerabilities in Windowsbefore, butit just became a whole lot easier and a lot less demandingon the "m4d#4x0r 5k111z".This assumption reveals a lot about the merits of open source, doesn't it. Why should any of this be surprising to anyone? Haven't we all seen how screeners make it onto the net, even screeners sent to eighty something old Oscar judges? So, of course someone leaked this. It would have happened sooner or later. As for your comments on zero day, I have some strong opinions on that: First, I recall two massive zero day exploits being used last year. One in IE being used by spammers and one in IIS. We should expect this trend to advance exponentially, I would think, just considering the amount of people coming online, the natural progression of security, the infiltration time required for the market to meet the demand and such other natural factors. Read: organized crime, corrupt governments and corporations and such... have yet to really understand the unorthodox ways of bugfinding or the power of the field. But that they will... That is simply a force of nature. It is inevitable. We should prepare for this now. But, like most events similar to this in history, we won't. Or, we won't do a very good job of it. Maybe others are more optimistic.I can't really say that the article is right and the source was "leaked" or "stolen". The source is being sold/given (?) for yearsnow to EDU'sand commercial companies for research purposes (not to mention China..). I suppose foul play is always possible. Can anyone confirm this is the real source code? How about a press release? :) Gadi Evron
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE: W2K source "leaked"?, (continued)
- Re: RE: W2K source "leaked"? cdowns (Feb 13)
- Re: RE: W2K source "leaked"? Bernie, CTA (Feb 13)
- Re: RE: W2K source "leaked"? Valdis . Kletnieks (Feb 13)
- Re: RE: W2K source "leaked"? ypwhich (Feb 13)
- Re: RE: W2K source "leaked"? madsaxon (Feb 13)
- Re: RE: W2K source "leaked"? Sebastian Dietz (Feb 13)
- RE: Re: W2K source "leaked"? Otero, Hernan (EDS) (Feb 13)
- RE: RE: W2K source "leaked"? John . Airey (Feb 13)
- RE: RE: W2K source "leaked"? Nick Jacobsen (Feb 13)
- Re: W2K source "leaked"? SMORRIS (Feb 13)
- RE: W2K source "leaked"? Drew Copley (Feb 13)
- RE: RE: W2K source "leaked"? Schmehl, Paul L (Feb 13)
- RE: RE: W2K source "leaked"? Tobias Weisserth (Feb 13)
- Re: RE: W2K source "leaked"? Valdis . Kletnieks (Feb 13)
- RE: RE: W2K source "leaked"? Paul Schmehl (Feb 13)
- Re: RE: W2K source "leaked"? Valdis . Kletnieks (Feb 13)
- RE: RE: W2K source "leaked"? Tobias Weisserth (Feb 13)
- RE: Re: W2K source "leaked"? Nick FitzGerald (Feb 14)
