Windows 10 source code leaked?!

[Gwion101]

Source : https://www.theregister.co.uk/AMP/2017/06/23/windows_10_leak/

Quote

The data – some 32TB of official and non-public installation images and software blueprints that compress down to 8TB – were uploaded to betaarchive.com, the latest load of files provided just earlier this week. It is believed the confidential data in this dump was exfiltrated from Microsoft's in-house systems around March this year.

 

So 32TBs of data has 'reportedly' been leaked online, including internal builds of windows 10 would have never been publicly released.

Obviously this causes concern as it poses a threat to user security, as now malicious hackers have intricate resources to aid in finding harmful exploits.

 

Since it first appeared on BetaArchive.com, administrators have removed / are in the process of removing the none public code, but I'm sure like many things, 'once it gets on the internet, it's never coming off'.

[Seithon]

huh i'll be interested to know what people find in the source code

[DrMacintosh]

Being a Mac user gets better and better every day 

[sazrocks]

Interesting. If this is indeed the windows 10 source, this will probably be a really good and a really bad thing.

[DrMacintosh]

1 minute ago, sazrocks said:

this will probably be a really good

Unlikely that there will be upsides to this, just patches to fix the vulnerabilities people find. 

[sazrocks]

1 minute ago, DrMacintosh said:

Unlikely that there will be upsides to this, just patches to fix the vulnerabilities people find. 

Good as is we can fix the next EternalBlue before it does bad things, and custom windows version will become possible (maybe?). Though IIRC Barnacles said that you need secret sauce compilers to actually compile the source into anything runnable, so that might not be possible, at least for a while.

[Gwion101]

Just now, DrMacintosh said:

Being a Mac user gets better and better every day 

I use both OSX and Windows. Although it may not effect your own computer, exploits with found in windows could be critical in society, need I remind you of wannacry...

 

3 minutes ago, sazrocks said:

Interesting. If this is indeed the windows 10 source, this will probably be a really good and a really bad thing.

The source found is allegedly related to hardware. Quote from article: "The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code."

[sazrocks]

1 minute ago, Gwion101 said:

I use both OSX and Windows. Although it may not effect your own computer, exploits with found in windows could be critical in society, need I remind you of wannacry...

 

The source found is allegedly related to hardware. Quote from article: "The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code."

Oh so not the kernel. That's slightly not as bad.

[SpaceGhostC2C]

41 minutes ago, Gwion101 said:

Obviously this causes concern as it poses a threat to user security, as now malicious hackers have intricate resources to aid in finding harmful exploits.

 

What? Having a disclosed source code "poses a threat to user security" due to "intricate resources" to what?

 

Do you realize Linux is entirely open source, meaning the source code is and has always been publicly available, right?

 

Leaked source code harms Microsoft's intelectual property. It has nothing to do with users' security.

[ChineseChef]

Would have been nice if the full source code leaked.  It would let us take a look under the hood, see what Windows is really doing with all the tracking stuff.  Which would either vindicate MS by showing how they truly are just after service metrics to improve windows.  Or show how they are spying on everything you are doing.  Plus it likely would have shown a light on anything else sketchy or malicious they were doing.  And allow for insane customization potentially.

[Gwion101]

1 minute ago, SpaceGhostC2C said:

What? Having a disclosed source code "poses a threat to user security" due to "intricate resources" to what?

 

Do you realize Linux is entirely open source, meaning the source code is and has always been publicly available, right?

 

Leaked source code harms Microsoft's intelectual property. It has nothing to do with users' security.

I am only quoting the article:-

Quote

Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels.

I am well aware that Linux is open source, but statistically those more likely to expose themselves to vulnerabilities are windows users. Malicious hackers tend to target the less tech-savy, and the efforts to find exploits in linux yield far less that that of windows or even OSX these days.

[DrMacintosh]

10 minutes ago, ChineseChef said:

And allow for insane customization potentially.

not gonna happen

 

You need special compilers to make the source code do anything. Compilers that nobody but MS has. 

[DrMacintosh]

Just now, Gwion101 said:

or even OSX these days.

There has been a satisfying lack of MacOS exploits recently 

[ChineseChef]

Just now, DrMacintosh said:

not gonna happen

 

You need special compilers to make the source code do anything. Compilers that nobody but MS has. 

That said, if you had the complete source code, it would potentially allow you to understand how things are working better, to allow mods to more efficiently do what you want.  And if someone had actually gotten ahold of the full source code, that would provide some insane motivation for others to try and get ahold of the compiler.

[sazrocks]

6 minutes ago, DrMacintosh said:

There has been a satisfying lack of MacOS exploits recently 

I see your point but https://www.bleepingcomputer.com/news/security/stack-clash-vulnerability-grants-root-access-on-linux-and-other-unix-oses/

[SpaceGhostC2C]

3 minutes ago, DrMacintosh said:

You need special compilers to make the source code do anything. Compilers that nobody but MS has. 

 

1 minute ago, ChineseChef said:

That said, if you had the complete source code, it would potentially allow you to understand how things are working better, to allow mods to more efficiently do what you want.  And if someone had actually gotten ahold of the full source code, that would provide some insane motivation for others to try and get ahold of the compiler.

Who even cares about MS compiler? If you had the full source code, you could bring any Windows functionality you want to Linux, for example. No need to recompile the whole monster, but rather salvage what little it has useful  

 

3 minutes ago, Gwion101 said:

I am only quoting the article:-

I am well aware that Linux is open source, but statistically those more likely to expose themselves to vulnerabilities are windows users. Malicious hackers tend to target the less tech-savy, and the efforts to find exploits in linux yield far less that that of windows or even OSX these days.

There are reasons for that. Among others, that open source software is open to millions of eyes that can check for vulnerabilities and fix them. It's harder for Windows to be as secure because vulnerabilities can remain private information for longer, and you can exploit that private information. That's much harder with open source.

A source code disclosure would be good for security.

[DrMacintosh]

1 minute ago, sazrocks said:

I see your point but https://www.bleepingcomputer.com/news/security/stack-clash-vulnerability-grants-root-access-on-linux-and-other-unix-oses/

If a vulnerability requires physical access, like this one does, then its not really a threat to the install base of the OS in question. 

[Misanthrope]

1 hour ago, Gwion101 said:

Source : https://www.theregister.co.uk/AMP/2017/06/23/windows_10_leak/

 

So 32TBs of data has 'reportedly' been leaked online, including internal builds of windows 10 would have never been publicly released.

Obviously this causes concern as it poses a threat to user security, as now malicious hackers have intricate resources to aid in finding harmful exploits.

 

Since it first appeared on BetaArchive.com, administrators have removed / are in the process of removing the none public code, but I'm sure like many things, 'once it gets on the internet, it's never coming off'.

Actually the main concern would not be user security but government entities potentially losing their backdoors and Microsoft themselves losing revenue from up-selling the data they collect.

 

For security the fact that the code is out doesn't makes it inherently less secure: You can have access to every single line of code for Linux and it's still used in enterprise level. It's not perfect and has as many security holes as Microsoft OS servers but they're not inherently worst

[GoodBytes]

Looks like arrests already taking place:

http://www.bbc.com/news/technology-40366823

 

 

[DexterSmythe]

3 minutes ago, GoodBytes said:

Looks like arrests already taking place:

http://www.bbc.com/news/technology-40366823

 

 

That was quick.

[Gwion101]

6 minutes ago, GoodBytes said:

Looks like arrests already taking place:

http://www.bbc.com/news/technology-40366823

This report is from Thursday, they managed to report the arrest was before they reported the leak  I would guess they are related, only time will tell.

[Beskamir]

So does this mean Windows is officially "Opensource"

On a serious note if I was more skilled I'd totally try to make my own version of Windows using this. Obviously for private uses since it'd get me in trouble if I released it publically.

[SteveGrabowski0]

1 hour ago, Seithon said:

huh i'll be interested to know what people find in the source code

   /*
       TOP SECRET Microsoft(c)  Code
       Project: Chicago(tm)
       Projected release-date: Summer 1998
     */
 
      #include "win31.h"
      #include "win95.h"
      #include "evenmore.h"
      #include "oldstuff.h"
      #include "billrulz.h"
      #define INSTALL = HARD
 
      char make_prog_look_big[1600000];
 
      void main()
      {
          while(!CRASHED)
         {
              display_copyright_message();
              display_bill_rules_message();
              do_nothing_loop();
              if (first_time_installation)
              {
                 make_50_megabyte_swapfile();
                 do_nothing_loop();
                 totally_screw_up_HPFS_file_system();
                 search_and_destroy_the_rest_of_OS/2();
                 hang_system();
              }
              write_something(anything);
              display_copyright_message();
              do_nothing_loop();
              do_some_stuff();
              if (still_not_crashed)
              {
                  display_copyright_message();
                  do_nothing_loop();
                  basically_run_windows_3.1();
                  do_nothing_loop();
                  do_nothing_loop();
              }
          }
 
          if (detect_cache())
             disable_cache();
 
          if (fast_cpu())
          {
              set_wait_states(lots);
              set_mouse(speed, very_slow);
              set_mouse(action, jumpy);
              set_mouse(reaction, sometimes);
          }
 
         /* printf("Welcome to Windows 3.11"); */
         /* printf("Welcome to Windows 95"); */
         printf("Welcome to Windows 98");
         if (system_ok())
               {
               bsod(random_err());
               crash(to_dos_prompt);
               }
         else
              system_memory = open("a:\swp0001.swp", O_CREATE);
 
          while(something)
         {
              sleep(5);
              get_user_input();
              sleep(5);
              act_on_user_input();
              sleep(5);
         }
         create_general_protection_fault();
     }
 

Edited June 24, 2017 by GoodBytes
Fixed formating

[GoodBytes]

5 minutes ago, Gwion101 said:

This report is from Thursday, they managed to report the arrest was before they reported the leak  I would guess they are related, only time will tell.

Beta Archive says it is linked. They hacked, released the source code, got visibility after a few days after their arrest,

[GoodBytes]

6 minutes ago, ElfFriend said:

So does this mean Windows is officially "Opensource"

On a serious note if I was more skilled I'd totally try to make my own version of Windows using this. Obviously for private uses since it'd get me in trouble if I released it publically.

Seeing that Microsoft is making more and more things open source, and that eventually everyone will be on Windows 10, so no money coming in from sales, it would indicate that probably Windows will eventually be open source, like Android. Microsoft will make its money, similarly to Android, with the Store, Office, services (Cortana, Bind ads, OneDrive, Skype, Groove Music, etc.), and support. They'll probably sale certified and supported via Windows Update of Windows. And if someone wants to make its own distro.. they can, but of course it can't use Windows Updates, unless the code is the same as the official one, and then it will be Similarly to Android, although you'll face with the same problems, where distros take time to get security updates or even never get them, because it isn't stock Windows.