About Us | Contact Us
View Cart

When You Accidentally Go Open Source

By Vigilize | Monday, July 24, 2017 - Leave a Comment

32 TB of Windows 10-related source code is now available, for better or for worse…


An article review.


ServIcons_ITAudit_01Releasing the source code for a project has been a common practice among some developers for decades now–proponents say allowing any interested parties to view the code makes for safer systems, preventing sneaky back doors and unintentional bugs alike.

Microsoft however has historically not embraced this kind of philosophy, preferring to keep the source code to their products closed to preserve secrecy…until this month, when a 32 TB archive of Windows 10 source code was uploaded to a site specializing in beta versions of old software. The archive was quickly pulled, however we all know nothing is truly ever gone once it has been uploaded to the internet, so it can be assumed this source code is now out in the wild.

In addition to Microsoft’s “Shared Source Kit,” internal testing builds of Windows 10 containing special debugging tools were included in the leak, allowing interested parties to perform testing on the operating system that otherwise would not be possible.

While the impact of this leak is hard to predict in advance, the availability of this code will certainly be of interest to security professionals and hackers alike. For example, code can be examined directly for cases where an error may allow for security privileges to be escalated, or where rare confluences of events could lead to unexpected behavior that can then be exploited. Typically such incidents must be stumbled upon through trial and error, but having the source code available gives interested parties a road map of sorts, allowing them to zero-in on areas of interest.

The upside to this news is that plenty of white hat, or ethical, hackers will be pouring over this same code–and their disclosure of any vulnerabilities that they may find could lead to Microsoft issuing security fixes for flaws before they’re found in the wild. With the code available, there wouldn’t even be anything to stop an enterprising programmer from making their own fixes…except for Microsoft’s legal department, of course.


Original article by Chris Williams.


same_strip_012513


 

Latest News
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    Many organizations still fail to consider the unique risks posed by cloud computing… An article review. Last month thousands of Western Digital MyCloud device owners learned about the risks of cloud-based solutions the hard way: their data had been wiped remotely due to a flaw in the internet-facing component of their external hard drives. While […]
    infotex does not use Kaseya… We are protecting our Clients! Another blog post meant to inspire thought about IT Governance . . . . To all infotex managed security service Clients: As you may be aware there was a large ransomware attack recently that leveraged a remote management tool called Kaseya that is used by many […]
    While we’re not a news service, we often use current events to comment on trends and our services. This blog is intended to get people thinking about topics and trends in Technology Risk Management, through our article reviews, as well as through original blog articles about current events and our MSSP services (such as our […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS Dan Hadaway and Sara Fultz co-wrote an article in the Spring 2021 issue of the Ohio Record, the Official Magazine of the Ohio Bankers League.  Find out on page 20 and 21 of the magazine how tabletop testing strengthens bank cybersecurity. You can read the article here! […]
    You’ve heard it from every MSSP you’ve met: the definition of a SIEM is in the eye of the beholder. But at infotex, we are not talking about the database – an asset whose definition is continuously evolving. We’re talking about the way three teams collaborate in an overall Technology Risk Monitoring process. And whether […]
    After the large number of high-profile breaches in the recent months, it is easy to become disconcerted about how to prevent such things from happening to your Bank. The answer to preventing a breach is a very complex one. infotex will explore this with you! The heightened level of awareness and extra protective tendencies that […]
    A follow-up on Dan’s 2008 Password Manifesto On the NIST Publication on Digital Identity Guidelines Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . In June 2017, NIST released a special publication on digital identity, NIST SP 800-63, that is starting to get the attention […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office. Interested in one of ours […]
    Over Seven Billion Usernames Have Been Leaked in Breaches Since 2011… An article review. An unfortunate fact of modern life seems to be the inevitable announcement of new data breaches, and if you’ve lost track of how many breaches you’ve had to perform a risk assessment on you’re probably not alone…but just how much personal […]