[ISN] Source code leak linked to Microsoft partner

From: InfoSec News (isn@private)
Date: Tue Feb 17 2004 - 06:06:58 PST

  • Next message: InfoSec News: "[ISN] Belgian virus writer arrested"

    http://www.nwfusion.com/news/2004/0213mainsoft.html
    
    By John Fontana
    Network World Fusion
    02/13/04
    
    The Windows 2000 source code that was leaked to the Internet 
    originated from a Microsoft partner and not the software giant itself, 
    according to the BetaNews.com Web site. 
    
    In addition, the NTBugtraq Web site is reporting that the Windows NT 
    code leak includes all of NT 4.0 Service Pack 3 and its more than 
    27,000 files. The code does not include Internet Information Server. 
    
    BetaNews, a Windows-focused Web site, reported that the Windows 2000 
    code in the leaked archive was licensed to Mainsoft, which develops 
    tools that allow developers to port Windows applications to Unix. In 
    an ironic twist, the code, which was for Windows 2000 Service Pack 1, 
    allegedly was removed from a Linux computer used by Mainsoft for 
    development, according to the story. 
    
    "All the NT 4.0 Service Pack 3 code is out there now," says Russ 
    Cooper moderator of the NTBugtraq Web site and surgeon general for 
    security firm TruSecure. But he does not think that it represents a 
    monumental security risk. 
    
    "People have been hammering on NT, and I don't think the source codes 
    means that people will find more vulnerabilities. There are 27,000 
    files. Where do you start and what year do you plan to finish? And it 
    is SP3, not 6a," says Cooper. 
    
    In fact, Cooper says the source code leaks don't represent any 
    significant new risk. He says his only concern might be the PKI module 
    that was leaked in the Windows 2000 code. "There, people may find more 
    ways to break the trust model," he says. 
    
    Cooper says network administrators should be "as vigilant as you've 
    always been; this is not a new risk you have to address."
    
    A Microsoft spokesperson would not comment on the BetaNews report on 
    Mainsoft because Microsoft is conducting an ongoing investigation. The 
    investigation includes the FBI. She says partner Mainsoft is not a 
    part of the Shared Source Initiative, which makes portions of source 
    code available to customers, partners and governments. 
    
    "It is important to note that this leak is not a result of a breach in 
    Microsoft's network, security or Shared Source Initiative," says Stacy 
    Drake, a Microsoft corporate public relations manager. 
    
    Mainsoft officials say they are cooperating fully with Microsoft and 
    all authorities in the investigation, but would not confirm if the 
    code leak was linked to them or if they are a member of the Shared 
    Source Initiative. 
    
    "We are unable to issue any further statement or answer questions 
    until we have more information," says Mike Gullard, Mainsoft chairman. 
    "Mainsoft takes Microsoft's and all our customers' security matters 
    seriously, and we recognize the gravity of the situation." 
    
    Mainsoft on its Web site says it has had a strategic partnership with 
    Microsoft since 1994 and has unparalleled access to Windows source 
    code. 
    
    BetaNews reported that it is not known how the 30,195 files escaped 
    Mainsoft, which uses the code for its Visual MainWin product.
    
    NTBugtraq's Cooper confirms that there are three references to 
    Mainsoft as the licensee in the leaked Windows 2000 code, but said 
    there is a possibility that someone could have maliciously inserted 
    the Mainsoft reference in place of the name of the original licensee. 
    Cooper says there are no references to Mainsoft in the Windows NT 4.0 
    code. 
    
    Mainsoft has more than 1.4 million licenses of its software, including 
    Microsoft, Siebel Systems, Computer Associates and IBM/Rational 
    Software. 
    
    BetaNews.com reported that the Windows 2000 code represented only 
    select portions of the Windows source code, which will likely limit 
    the damage that could be done by hackers who gain access to the code. 
    
    Microsoft on Thursday confirmed that some of its secret source code 
    for Windows NT and 2000 had been leaked on the Internet, but the 
    company downplayed the potential security concerns that the code will 
    provide hackers a wide-open avenue to search for and exploit 
    vulnerabilities. Microsoft said the leak represents some 15% of 
    Windows source code. 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Feb 17 2004 - 09:09:22 PST