Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Exploit Based On Leaked Windows Code Released

simoniker posted more than 10 years ago | from the nda-never-signed dept.

Security 952

mischief writes "A post to Bugtraq from SecurityTracker.com reports an Internet Explorer 5 exploit that has been released based on the Win2K code leak: 'It is reported that a remote user can create a specially crafted bitmap file that, when loaded by IE, will trigger an integer overflow and execute arbitrary code.' Only affects IE 5 apparently, but still - it didn't take long!"

cancel ×

952 comments

Sorry! There are no comments related to the filter you selected.

oh snap (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8295355)

im masturbating!

fp (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8295357)

i got first post and you didn't

Re:fp (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8295369)

No you didn't, fag.

Why don't you take the time to think out a somewhat intelligent reply?

Re:fp (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8295382)

WRONG, DOUCHEBAG! I WIN! [slashdot.org]

Put that in your pipe and smoke it, cock gobbler!

Open Source More Secure... maybe not (5, Insightful)

LostCluster (625375) | more than 10 years ago | (#8295365)

Oops... we just gave MS a chance to say keeping the source secret keeps flaws like this secret as well. :)

Re:Open Source More Secure... maybe not (5, Insightful)

Anonymous Coward | more than 10 years ago | (#8295377)

> Oops... we just gave MS a chance to say keeping the source secret keeps flaws
> like this secret as well. :)

Yeah, but if Windows were truly open source then there's not chance it'll just be sat on for six months...

Re:Open Source More Secure... maybe not (5, Funny)

The Unabageler (669502) | more than 10 years ago | (#8295386)

OTOH M$ should thank the code thiefs for expediting their QA process :-)

Re:Open Source More Secure... maybe not (5, Funny)

1010011010 (53039) | more than 10 years ago | (#8295495)

Finally, Microsoft's "Trustworthy Computing" exercise begins in earnest.

Hehe

It may not of been a secret to everyone (5, Insightful)

Anonymous Coward | more than 10 years ago | (#8295398)

Just to those that couldn't get access to the source code. Some people with access before may have known about this for a while. Not that we'll ever know.

Re:Open Source More Secure... maybe not (5, Insightful)

aborchers (471342) | more than 10 years ago | (#8295411)

Funny, yes, but in the interest of full disclosure it's worth noting for the credulous that this code was perhaps only vulnerable because it had not been open for audit before.

In other words, had the source code for IE been OSS from day one, then the bug might very well have been found and fixed before the application was widely distributed.

Re:Open Source More Secure... maybe not (4, Insightful)

LostCluster (625375) | more than 10 years ago | (#8295579)

On the other hand, this bug existed in IE5 all along, but was not discovered until the code was leaked. Now, IE6, which is not at risk, has far surpassed the at-risk version in usage.

But the question is... (4, Insightful)

Xeth (614132) | more than 10 years ago | (#8295427)

...if the code was open from the start, how long would this flaw have lasted?

Re:Open Source More Secure... maybe not (2, Insightful)

Anonymous Coward | more than 10 years ago | (#8295439)

Finding flaws in IE5 from the source code is like a novelty. I'd rather people work on breaking IE5 than breaking IE6. Their code will never be secure, regardless of who has the source.

Microsoft wants us to upgrade to XP (3, Insightful)

Anonymous Coward | more than 10 years ago | (#8295444)

Microsoft code must be so ridden with bugs to create a exploit in just a week.
Or maybe it is a ploy by microsoft to force users to upgrade to XP

Re:Open Source More Secure... maybe not (-1, Redundant)

Lobsang (255003) | more than 10 years ago | (#8295483)

On the contrary. If the source code for windows NT was open to the public, this hole would have been patched a long time ago, possibly even before an exploit. But of course, I'm just stating the obvious here...

Re:Open Source More Secure... maybe not (3, Interesting)

mattdm (1931) | more than 10 years ago | (#8295540)

That's exactly the point -- it's impossible to keep source code secret, as this proves.

Re:Open Source More Secure... maybe not (4, Insightful)

Anonymous Coward | more than 10 years ago | (#8295551)

"Oops... we just gave MS a chance to say keeping the source secret keeps flaws like this secret as well. :)"

Who says it was secret? For all you know, it could have been the cause of that "mysterious intrusion" a few years ago...

Re:Open Source More Secure... maybe not (2, Interesting)

orthogonal (588627) | more than 10 years ago | (#8295576)

Oops... we just gave MS a chance to say keeping the source secret keeps flaws like this secret as well. :)

And you guys moderated this post of mine [slashdot.org] funny.

Bwah-hahah-ha!

Yeah, Ok, I was trying to be funny, but I guess I underestimated the truly innovative quality of Microsoft's incompetence.

huh (2, Insightful)

Tirel (692085) | more than 10 years ago | (#8295366)

Anyway, I took a look, and decided that Microsoft is GAYER THAN AIDS.

When you break the law and possibly expose thousands of users to a root exploit, at least you could be politically correct about.

"GAYER THAN AIDS", what the hell?

I hope they sue him..

Re:huh (5, Informative)

LocoSpitz (175100) | more than 10 years ago | (#8295423)

Do not mod parent down. He's pointing out text found in the article link. That is not flamebait.

Could've at least quotes ATHF (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8295455)

"That's the gayest thing since gay came to gay town."

Text of advisory (4, Informative)

Anonymous Coward | more than 10 years ago | (#8295481)

I downloaded the Microsoft source code. Easy enough. It's a lot
bigger than Linux, but there were a lot of people mirroring it and so
it didn't take long.

Anyway, I took a look, and decided that Microsoft is GAYER THAN AIDS .
For example, in win2k/private/inet/mshtml/src/site/download/imgbmp .cxx:
// Before we read the bits, seek to the correct location in the file
while (_bmfh.bfOffBits > (unsigned)cbRead)
{
BYTE abDummy[1024];
int cbSkip;

cbSkip = _bmfh.bfOffBits - cbRead;

if (cbSkip > 1024)
cbSkip = 1024;

if (!Read(abDummy, cbSkip))
goto Cleanup;

cbRead += cbSkip;
}
.. Rrrrriiiiggghhhttt. Way to go, using a signed integer for an
offset. Now all we have to do is create a BMP with bfOffBits > 2^31,

and we're in. cbSkip goes negative and the Read call clobbers the
stack with our data.

See attached for proof of concept. index.html has [img src=1.bmp]
where 1.bmp contains bfOffBits=0xEEEEEEEE plus 4k of 0x44332211.
Bring it up in IE5 (tested successfully on Win98) and get
EIP=0x44332211.

IE6 is not vulnerable, so I guess I'll get back to work. My Warhol
worm will have to wait a bit... .gta
PROPS TO the Fort and HAVE IT BE YOU.

Re:Text of advisory (4, Interesting)

Bigbowser (746397) | more than 10 years ago | (#8295590)

dumbasses..... but doesn't posting that source code there makeslashdot liable to microsoft's evil wrath?

Re:huh (5, Insightful)

Dalcius (587481) | more than 10 years ago | (#8295529)

You really are going to try and blame this guy for "possibly [exposing] thousands of users to a root exploit"?

There are certainly other ways to go about reporting bugs (not that Microsoft will listen to any of them), but blaming the messenger for pointing out that the castle wall is full of holes is a bit misdirected if you ask me.

Cheers

fp? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#8295367)

fp?

See! (4, Funny)

Anonymous Coward | more than 10 years ago | (#8295372)

More proof that code who's source is open is less secure!

(trigger-fingered mods : thats a joke)

Re:See! (4, Funny)

Lumpy (12016) | more than 10 years ago | (#8295500)

Nahh...

The virus writer used the links to the SECURITY_HOLE refrences in holes.bas module from the VB.NET code that IE is written in.

Ha Ha Only Serious (5, Insightful)

American AC in Paris (230456) | more than 10 years ago | (#8295537)

More proof that code who's source is open is less secure!

You laugh, but I won't be the least bit surprised when this very logic finds its way to the receptive ears of less-than-tech-saavy corporate officers...

"Linux? Good god no, man! Didn't you see what happened when just a bit of the Microsoft source code got leaked? I thought you were up on these things!"

You thought Microsoft were tardy with (2, Insightful)

irn_bru (209849) | more than 10 years ago | (#8295375)

bug-fixes and patches???? When the full force of this hits, you ain't seen nothing yet!

Re:You thought Microsoft were tardy with (3, Informative)

LostCluster (625375) | more than 10 years ago | (#8295404)

There apparently is already a fix for this one installed on many machines. It's called IE6.

Re:You thought Microsoft were tardy with (4, Funny)

lacrymology.com (583077) | more than 10 years ago | (#8295431)

"It's called IE6"

Weird... I would have sworn that it was called Windows XP.
-m

Re:You thought Microsoft were tardy with (5, Funny)

cgranade (702534) | more than 10 years ago | (#8295449)

And here I was thinking it was called Mozilla [mozilla.org] .

Re:You thought Microsoft were tardy with (5, Funny)

Lifewish (724999) | more than 10 years ago | (#8295451)

Mine's called "Linux". Seems to fix a whole host of problems.

Re:You thought Microsoft were tardy with (4, Interesting)

justMichael (606509) | more than 10 years ago | (#8295521)

According to my logs 20 - 30%* of the people browsing with IE are still using 5.x.

I know, UAs get faked all the time...

* Depends on which site you look at.

so THATS why it was leaked (5, Funny)

SlashDread (38969) | more than 10 years ago | (#8295376)

to fix it...

"/Dread"

Re:so THATS why it was leaked (2, Interesting)

Anonymous Coward | more than 10 years ago | (#8295503)

exactly, it almost seems they intentionally released it so that the crackers can take a crack at finding new exploits so MS can fix them... they seem to understand the benefits of open source, but want to take advantage of it while still keeping things closed.

or, one of the offshore programmers was stuck trying to fix a bug and posted a question to a board somewhere and put the code up so people could help fix it.

nyeh.

Leaked Source Code . . . (-1, Troll)

Anonymous Coward | more than 10 years ago | (#8295379)

Leaked source code. . . What is it all about? Is it good or is it whack?

Is it good or bad (1, Interesting)

PhilippeT (697931) | more than 10 years ago | (#8295387)

that the source was released? In a way it's good bugs will be identified. In another it's bad bugs will be exploited way faster.

Re:Is it good or bad (1, Insightful)

tomstdenis (446163) | more than 10 years ago | (#8295456)

You sir are a moron. It's bad that the source got out. It means "clean house" implementations of similar technologies could fall to the MSFT whoredom.

Tom

Re:Is it good or bad (4, Insightful)

Lifewish (724999) | more than 10 years ago | (#8295501)

My feeling is that, in the context of preventing attacks, it's bad. With linux, discovery almost immediately leads to a fix cos it's the same volunteer community does the finding and the fixing, but Microsoft doesn't let the Bugtraqs of this world help. It's going to buckle under the strain of too many bugs at once.

Of course, from the point of view of converting everyone to Linux, this can only be a good thing :)

Funny comment by the bugtraq submitter (0, Flamebait)

Paladine97 (467512) | more than 10 years ago | (#8295388)

If you read the bugtraq article, notice how the poster claims:

Anyway, I took a look, and decided that Microsoft is GAYER THAN AIDS.

Re:Funny comment by the bugtraq submitter (5, Funny)

Anonymous Coward | more than 10 years ago | (#8295433)

This means that the exploit is so obvious that even a 14 year old can figure it out.

Re:Funny comment by the bugtraq submitter (-1, Offtopic)

LocoSpitz (175100) | more than 10 years ago | (#8295473)

Don't mod parent down. Pointing out text found in the article's link is not trolling, and it is not flamebait.

The bitmap in question... (4, Funny)

lacrymology.com (583077) | more than 10 years ago | (#8295389)

Of course the bitmap is of a penguin! More ammunition for the M$ FUD campaign.
-m

Re:The bitmap in question... (4, Funny)

p4ul13 (560810) | more than 10 years ago | (#8295584)

This [millan.net] seems to be what the BMP would look like.

What the fuck? (4, Funny)

tomstdenis (446163) | more than 10 years ago | (#8295391)

What the fuck in a bitmap renderer could overflow and cause such problems?

Fuck MSFT it's called bounds checking. e.g.

1. load int from char array
2. check int against sizeof(yourbuffer)
3. reject if greater

Not exactly a challenging task. I guess they're too busy adding in all that crapware to actually code at least one thing right.

Tom

Re:What the fuck? (-1, Flamebait)

PhilippeT (697931) | more than 10 years ago | (#8295458)

Tom ever wounder were all the graduates from Algonquin College go?

Thats right straight to code for MS

This would explain alot, from the college whos teachers still think that Novel 5 is the leeding edge of Networking and that Linus started Linux becauze he didn't want to have to buy Unix.

Re:What the fuck? (2, Funny)

tomstdenis (446163) | more than 10 years ago | (#8295593)

char whatoverflow[3];

scanf("%s", whatoverflow);

;-)

Re:What the fuck? (4, Insightful)

millahtime (710421) | more than 10 years ago | (#8295482)

"1. load int from char array
2. check int against sizeof(yourbuffer)
3. reject if greater

Not exactly a challenging task


It all goes to the quality of the coder. This is just plain bad code. I learned how to write something to check these kinds of things in middle school.

Re:What the fuck? (5, Funny)

vontrotsky (667853) | more than 10 years ago | (#8295504)

I think it went more like

1. load int from char array
2. check int against sizeof(yourbuffer)
3. user=root if greater

Re:What the fuck? (5, Funny)

SlashDread (38969) | more than 10 years ago | (#8295589)

In the old days, when I was young system admin, it was called "Monkey Testing".

It went something like this:
You position yourself behind a functional input screen, and start hammering viciously and blindly. The latter is important, the more blind the better, it invokes he Holy Random God. Repeat for 5 minutes. You repeat this for each input screen.
If the screen showed anything similar to "ERROR: OTHER INPUT EXPECTED" it passed.
If it showed anything similar to "OK, 98zxc3v4^DD^C^Z NEW CUSTOMERS ADDED" or failed to read at all due to overly blinkeyness or so, it failed.

I understand MS needs more monkeys.

"/Dread"

well, the source is out there (5, Interesting)

WebMasterJoe (253077) | more than 10 years ago | (#8295394)

Wouldn't it be interesting to see the patch come out later today, from an anonymous source!

Re:well, the source is out there (2, Interesting)

hawkestein (41151) | more than 10 years ago | (#8295547)

How would you know whether or not to trust it? It's not like the patch could be released as source, is it? Not all of us have the code.

And counting (5, Interesting)

millahtime (710421) | more than 10 years ago | (#8295397)

So, what is this... like the 10,000 IE security hole reported in the last couple years. Why write another IE virus? Is there really any challenge left?

Re:And counting (3, Insightful)

Rotting (7243) | more than 10 years ago | (#8295474)

How many issues would be resolved by simply using an alternate browser (mozilla [mozilla.org] for example)? I know this would not fix all of the problems but I am sure it would help some.

Re:And counting (0)

Anonymous Coward | more than 10 years ago | (#8295553)

So, what is this... like the 10,000 IE security hole reported in the last couple years. Why write another IE virus? Is there really any challenge left?

If you're thirteen, then yes.

No Problem (5, Funny)

Jedi1USA (145452) | more than 10 years ago | (#8295407)

Microsoft just needs to get a copy of the leaked code and look it over for potential exploits.

Oh wait. :^)

I'll be first to say it (5, Interesting)

MicroBerto (91055) | more than 10 years ago | (#8295413)

IF this is true, the release of the source is the nail in the coffin for Microsoft.

An exploit this quick? There's going to be some serious happenings going on at Microsoft. Also look for another Longhorn delay sometime due to everything that is found out.

I'm not sure what to think. I'm not happy that when I get back to work this summer, I'm going to spend way too much time fighting these problems/viruses and patching things up. I'm not happy businesses are losing money. I am, however, happy that Microsoft is forced to clean up their act even more, or they are going to lose market share.

Open source isn't 'communistic' -- it's capitalistic. Why? It increases competition.

We have an interesting 6 months ahead of us, folks.

Re:I'll be first to say it (5, Insightful)

KingOfBLASH (620432) | more than 10 years ago | (#8295478)

IF this is true, the release of the source is the nail in the coffin for Microsoft.

Actually I think that, if Microsoft doesn't lose it's customer base to all the exploits found, it's going to make Microsoft stronger. Think about it, right now Microsoft is receiving the same kind of security review that makes OpenSource products so strong in the first place. Granted, it's coming at a very high cost, but their source code will have much fewer bugs when this is over.

Re:I'll be first to say it (0)

jwthompson2 (749521) | more than 10 years ago | (#8295513)

Will they be able to keep the code base clean though or as they add new stuff will it just get all messy again?

Re:I'll be first to say it (4, Insightful)

HardCase (14757) | more than 10 years ago | (#8295510)

IF this is true, the release of the source is the nail in the coffin for Microsoft.


Please...you might as well say that BSD is dead. Nobody is happy about all the ruckus that the whole affair is going to raise, but it's a little early to pronounce Microsoft dead.


-h-

Re:I'll be first to say it (1)

nairnr (314138) | more than 10 years ago | (#8295534)

Then again, this could be a subverse attempt to get the benifits of open source without going open source.

Their QA cycle just got a lot quicker :-)

Re:I'll be first to say it (1)

GoofyBoy (44399) | more than 10 years ago | (#8295545)

Umm.. you aren't the first to say that this might be bad for MS. And there were lot more insightful/interesting comments on this exact issue before.

>An exploit this quick?

Its the first exploit reported. Black hats could have known lots of exploits a long time ago, they just don't report it.

nail in the coffin? (3, Insightful)

sbma44 (694130) | more than 10 years ago | (#8295568)

wtf are you talking about? You should spend less time on slashdot.

From Yahoo Financial: "For the six months ended 12/31/03, revenues rose 13% to $18.37 billion. Net income rose 7% to $4.16 billion. Results reflect increased demand for both desktop and server products, partially offset by a $1.48 billion stock option transfer charge."

Here's [yahoo.com] their financial statement.

You may dislike them. Pretending they're not successful is just ignorant. The source leak is a problem for them, but I doubt it'll have any serious repercussions much beyond this quarter.

MOD PARENT DOWN (0)

Anonymous Coward | more than 10 years ago | (#8295575)

-1 Knee jerk chicken little

Smells (0, Funny)

first.last (751698) | more than 10 years ago | (#8295415)

Smells like bullshit....like the jpeg virus hoax a few years back. IMAGE FILES CANNOT RUN COMMANDS!!!!

Re:Smells (5, Insightful)

Xeth (614132) | more than 10 years ago | (#8295479)

They can if the tool you use to open them is ridiculously poorly designed and permits buffer overflow (i.e. IE).

Re:Smells (5, Informative)

Paladine97 (467512) | more than 10 years ago | (#8295517)

Well it's not really the image file running the commands. It's the browser that is loading the image. The browser reads bad image data and gets overwritten.

It's no hoax.

Re:Smells (5, Informative)

Oscaro (153645) | more than 10 years ago | (#8295560)

Smells like you shoud read some documentation on buffer overflow techinques. Of course image files cannot run commands, but you can do some nice tricks if the program that is loading the file fails to check where the data is loaded. If the data is bigger than the allocated space, you can garble the stack in some funny way and actually craft a picture that gets to be executed (in some parts at least). Of course, doing something other that crashing the process is NOT easy, but...

Re:Smells (0)

Anonymous Coward | more than 10 years ago | (#8295574)

sorry, that smell is you.

if the renderer is so poorly written that it can be attacked with an overflow bug then just guess how mocu other crap-quality code is in microsoft products...

Well I got IE6 (5, Funny)

superpulpsicle (533373) | more than 10 years ago | (#8295420)

So I should be all set for the next 2 days until the next major security flaw is found.

Anyone surprised? (3, Funny)

LearnToSpell (694184) | more than 10 years ago | (#8295424)

Anyone? Come on, there's a million /. readers. Somebody must have thought this wasn't going to happen.

Maybe the once-a-month patching schedule's going to have to be revised though.

Boogle... (2, Funny)

mark_space2001 (570644) | more than 10 years ago | (#8295440)

I guess I should have expected that someone would start posting bug fixes to Windows when I heard that the code was got released, but I'm still surprised that they are finding actual exploits in the code.

I guess all those advertising^W software engineering dollars that MS spent on their security inititive were not^W well spent.

Re:Boogle... (1)

kyndig (579355) | more than 10 years ago | (#8295531)

What's even more concerning is that the exploit affects such an older version of Internet Explorer. This would indicate that the developers have their eyes focused forwards, and do not take into account backwards compatibility or security concerns. MS incorporates their "stuff" too much into their OS to not take into account how it would affect older systems. While you can't even find downloads for Windows 95 or 3.1 these days, I don't doubt that there's an old Win95 box browsing the internet somewhere right now with its 28 baud modem., and most certainly running an IE 5 version.

And awaaayyy we go! (2)

dogas (312359) | more than 10 years ago | (#8295441)

And so it starts. How many of these exploits will be found based upon the source? Tons?

Just how bad is the source that a whole lot of exploits like these can be written? I wonder what this means for MSFT.

Can the same thing happen to linux? Or do exploit authors prefer windows?

Re:And awaaayyy we go! (0)

Anonymous Coward | more than 10 years ago | (#8295562)

Well, in the case of popular open source software most stupid bugs like this have probably been found already. If Linux had been developed behind closed doors to its current size and complexity, and then suddenly released like this, you can bet there would have been a lot of problems found and probably exploited.

Bugs (5, Insightful)

Agent_Number_4 (697721) | more than 10 years ago | (#8295445)

This is just the tip of the ice-berg, just imagine what could be done if the whole code was released, and included source for XP.

I for one am truly alarmed and cannot wait for Microsoft to start the repairs; but then again this is good news for MS programmers looking for OT.

GTA (0, Redundant)

W32.Klez.A (656478) | more than 10 years ago | (#8295450)

From the article:

Date: Sat, 14 Feb 2004 22:08:59 -0800
From:
Subject: [Full-Disclosure] GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution


Someone should remark to Security Tracker to maybe have some discretion when posting their information.

Let the Hacking Begin! (1)

stibles (708899) | more than 10 years ago | (#8295452)

I wonder how many flaws will be exposed in the next week? over the next month? Kinda like a Pandora's Box. "You can't take it back because it's already out there." - Harry, When Harry Met Sally The real question is who is the bigger loser, Microsoft or Diebold? "Who's the big winner here at the casino tonight? Mikey, that's who!" - Trent, Swingers Or the public at large...

Leak a good thing for MS (5, Insightful)

kyndig (579355) | more than 10 years ago | (#8295459)

It was only 15% of the source code which leaked out, yet it will show MS in the weeks to come just how the Open Source community operates. I forsee them working over time to provide updates to the numerious vulnerabilities which will arise due to the leaked code. This here is just one example. There were some what, 3 million lines of code in the leaked source. It is just a matter of time. Hopefully folks will report the vulnerabilities which they find, opposed to exploiting them.

let the games begin (0, Redundant)

joeldg (518249) | more than 10 years ago | (#8295469)

all I can say is let the games begin..
who cares how/why it got it out..

it is out..

and every guy out there looking for the latest 'sploit' will be oggling the code to find just what happens in 'that one key segment' that has been slowing them down..

Soooo glad I am all linux..

Dear Mr. Gayer Than Aids (0)

Anonymous Coward | more than 10 years ago | (#8295471)

How can a virus be gay? Just shows it doesn't take a genius to find an integer overflow in source.

Outbreak and email renderer (4, Insightful)

secondsun (195377) | more than 10 years ago | (#8295489)

If you were to embed myDoom after the overflow area in the bitmap then when outlook opened the file using ie's render could one have my doom that didn't even need to have the end user open the file? It would just execute replicate, then piss people all to hell? For that matter could I include the windows equivalent of rm -rf / ?

A quick look at the source code (5, Interesting)

Jacco de Leeuw (4646) | more than 10 years ago | (#8295493)

Kuroshin [kuro5hin.org] has an article about the source code:

"In short, there is nothing really surprising in this leak. Microsoft does not steal open-source code. Their older code is flaky, their modern code excellent. Their programmers are skilled and enthusiastic. Problems are generally due to a trade-off of current quality against vast hardware, software and backward compatibility."

But this IE exploit shows that the author was wrong on at least one account:

"The security risks from this code appear to be low. Microsoft do appear to be checking for buffer overruns in the obvious places. The amount of networking code here is small enough for Microsoft to easily check for any vulnerabilities that might be revealed: it's the big applications that pose more of a risk. This code is also nearly four years old: any obvious problems should be patched by now".

MS's answer (2, Redundant)

PatrickThomson (712694) | more than 10 years ago | (#8295502)

You know what MS's solution to all these bugs will be - upgrade to XP...

Outlook (5, Insightful)

eth00 (612841) | more than 10 years ago | (#8295511)

So does that mean that all the users that use outlook could also fall prey to this? Send out spam with image and if the outlook user has auto preview on, which they probably do they now can be exploited by whatever code. That would be an interesting concept that would lead to alot of trouble. Sure IE5 is old...but lots of people still use it.

Get the source code from Freenet (2, Interesting)

Anonymous Coward | more than 10 years ago | (#8295515)

If you are running Freenet's unstable branch [freenetproject.org] , you can download it from here [127.0.0.1] . Its about 200MB and will take a few hours to download (Freenet is averaging about 30k/sec these days). I grabbed it and it looks like the real thing.

Gone.. But Never Forgotten (5, Funny)

halo8 (445515) | more than 10 years ago | (#8295518)

a specially crafted bitmap file

Good thing all thoes Goatse pictures where in .jpeg .gif and .tiff

The lessons learned (5, Insightful)

PierceLabs (549351) | more than 10 years ago | (#8295519)

No system is 100% secure be it Windows or Linux.

When people have access to the source they can more readily find exploitable mechanisms in your code. This is a GOOD thing because you want to know that your system is exploitable, how it is exploitable, and (which is the case in many open projects) how to prevent that exploit.

Any form of content (not just scripts and ActiveX controls) can be used to exploit a weakness in a system. A security strategy that involves simply filtering content is a weak one.

The open source community can be a powerful friend to any organization willing to take the chance on their code being available to others.

Tad Sad. (5, Interesting)

His name cannot be s (16831) | more than 10 years ago | (#8295525)

I'm a bit confused.

I mean, I've been doing C for almost 20 years. One of the first lessons I learned --And not for 'security' so much as crash free programs-- was not to do such things.

I mean, holy crap, it's too damn simple to see the bug. What kindof idiots do they have working at MS?

"The Very Best Kind" :p

Ignore it! (4, Insightful)

stuffduff (681819) | more than 10 years ago | (#8295526)

I think the best thing we can do is to just ignore the code. That's right, I said IGNORE IT!

Whether it's finding exploits, bugs or whatever; anything that anyone does with it will eventually make Microsoft stronger. If it's a security problem they 'll fix it. Maybe Microsoft is trying to capture open source developers and their free services; I don't know.

What I don't want to see is Microsoft making improvements on their product based on this experience. I don't want to see as much as two adjacent assembler instructions from it end up in Linux.

If you want to do something constructive, run the 2.6 kernel and start making the supporting software more secure. Don't waste your time supporting losers like Microsoft who demand your money up front and then deliver whatever crap they feel like.

Just ignore it!

Business plan (3, Funny)

loconet (415875) | more than 10 years ago | (#8295548)

<conspiracy theory>
1. Fake a source code leak of some of the shittiest code in your projects
2. Act surprised
3. Wait for people to look at code and publish found holes, getting free QA resulting in major savings
4. Create Patch before major damages
5. Sue person who found hole
6. ...??
7. Double PROFIT!
</conspiracy theory>

Code review (3, Insightful)

sfmarco (113003) | more than 10 years ago | (#8295564)

Is there any better way of Code Review by 'leaking' the source to the outside world. Seems MS likes this open-source model, but they need a back door to get to these benefits.

It would be a bit hard to admit:
"uhh, yes we do embrace open-source, but our business model is to protect our intelectual property", "recently our business model has been adapted to incorporate also the intelectual property of 3rd parties, also known as hackers", "the only way to do this legally is to put the FBI out on those folks what ensures that the code review can be reworded as 'theft' and will face the highest criminal punishment", "you know it's all terrorism and that kind of stuff", "It's terrorism on the American Capitalistic Marketing Model", "And we're going to nuke those hackers",
Probably without the approval of the United Nation

all who have looked are tainted? (0, Interesting)

Anonymous Coward | more than 10 years ago | (#8295580)

I haven't looked at the code published in the exploit description. It is MS code and if I had looked all future work by me would be compromised. I will demonstrate in court that I closed my eyes just before looking at the code. I can't tell you what's in there, but there must be some M$ IP.

You haven't looked, have you?

Funny thing. I can easily envision people stamping out T-shirts with pieces of the MS Windows source in them. Would I be tainted if I incidentally stumbled across one in the street? Would that person be potientially held liable by all programmers or future programmers he/she meets?

This shows that open source is more secure (1, Insightful)

Anonymous Coward | more than 10 years ago | (#8295586)

Contrary to what a lot of people will be saying, the fact that there is allready an exploit now that the code has leaked doesn't show that open source is a security risk. The opposite is true. It simply proofs, that the code being out in the open allows for risks to be found and fixed. So it's actually showing the benefits of open source.

Of course it is a totally different story if you are a hated monopoly and the main proponent of security by obscurity.

Longhorn now postponed until 2010 ? (0)

Anonymous Coward | more than 10 years ago | (#8295592)

With their brain bank putting out these fires i don't see them completing any "innovations" for quite some time.

Microsoft learns a lesson today (4, Interesting)

Laconian (578463) | more than 10 years ago | (#8295594)

..that the "many eyes" tenet of open source really DOES work!

occurances of " Don't Care " in MS code (5, Funny)

Anonymous Coward | more than 10 years ago | (#8295595)

i wanted to post this in the first MS leak story, but oh well, here it is now.

$ grep -ir " don't care " /win2k/* | wc -l
332

check it yourself

XBox rules!! (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8295596)

first post!!! you lame assholes... I can post first because my XBox is a american product and my pride in my great country and my great XBox accelerate everything...

If only they would make games for that bitch... IAve played Metroid Prime and it ruled... I hope M$ will buy those japanese bastards and port Metroid to my great american console system!!!

GUESS MS SHOULD HAVE WRITTEN WINBLOWS IN INDIA (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#8295597)

American programmers just can't cut it
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>