When You Accidentally Go Open Source
32 TB of Windows 10-related source code is now available, for better or for worse…
An article review.
Releasing the source code for a project has been a common practice among some developers for decades now–proponents say allowing any interested parties to view the code makes for safer systems, preventing sneaky back doors and unintentional bugs alike.
Microsoft however has historically not embraced this kind of philosophy, preferring to keep the source code to their products closed to preserve secrecy…until this month, when a 32 TB archive of Windows 10 source code was uploaded to a site specializing in beta versions of old software. The archive was quickly pulled, however we all know nothing is truly ever gone once it has been uploaded to the internet, so it can be assumed this source code is now out in the wild.
In addition to Microsoft’s “Shared Source Kit,” internal testing builds of Windows 10 containing special debugging tools were included in the leak, allowing interested parties to perform testing on the operating system that otherwise would not be possible.
While the impact of this leak is hard to predict in advance, the availability of this code will certainly be of interest to security professionals and hackers alike. For example, code can be examined directly for cases where an error may allow for security privileges to be escalated, or where rare confluences of events could lead to unexpected behavior that can then be exploited. Typically such incidents must be stumbled upon through trial and error, but having the source code available gives interested parties a road map of sorts, allowing them to zero-in on areas of interest.
The upside to this news is that plenty of white hat, or ethical, hackers will be pouring over this same code–and their disclosure of any vulnerabilities that they may find could lead to Microsoft issuing security fixes for flaws before they’re found in the wild. With the code available, there wouldn’t even be anything to stop an enterprising programmer from making their own fixes…except for Microsoft’s legal department, of course.
Original article by Chris Williams.
Leave a comment
We have recently made a significant change to our Incident Response Policy regarding Read more
Even if you haven’t ever used Facebook, your friends and family may have already let Read more
Just in time for the next round of SOC reviews, we’ve reviewed and updated our metric Read more
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more