Windows 10 source code leaked

Topic

New Reply

Chris Williams at The Register reports that 32TB of Win10 internal builds, including some source code for core processes, is available for download. T
[See the full post at: Windows 10 source code leaked]

Reply | Quote

Replies

If true or not, Microsoft needs to make a public announcement tout suite. Private communications with their top clients over the next few days will not be enough with something as crazy as this.

If true and hackers have the OS source code (and access/security codes) they can build exploits that penetrate firewalls. Enterprise and Industry that have already migrated to Windows 10 will need to batten down the hatches. They have no choice.

Reply | Quote

It would be interesting, if this is real, and if the part of the source code that leaked, could reveal what is collected by M$, Maybe even more ways to block /stop it.

1 user thanked author for this post.

Rock

Reply | Quote

Governments get to look at the source code.

Reply | Quote

Yes, some do.

Some outside developers do, too, as best I can tell.

Reply | Quote

Perhaps the alphabet agencies of various nations developed their exploits from examination of the code, in addition to the usual methods. Have there been any more shadow broker ramblings?

Reply | Quote

From Under pressure, Western tech firms bow to Russian demands to share cyber secrets:

“Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country.”

Reply | Quote

Thank you for the article.

1 user thanked author for this post.

MrBrian

Reply | Quote

I don’t much care for that Penguin-mascot OS, but I have to give it this: If the availability of source code caused problems, then Linux would be a fantasyland playground for viruses and bug-exploitation.

Reply | Quote

Linux has rejected “security by obscurity” from the start, though.  Any code can have undiscovered bugs or unintended behavior in novel conditions that can be exploited to breach the security measures in place; Linux’s open source nature simply makes it a lot easier to discover those bugs, which is the first step in fixing them (and exploiting them).

Windows, though, has long been hidden from view.  Security bugs that would have been discovered and fixed ages ago (under the “all bugs are shallow with enough eyes” theory) in Linux may still exist within the closed-source Windows code, and once that code is made public, there could be some new exploits discovered. While the Linux detractors like to trot out a few well-publicized examples of long-standing Linux security bugs that didn’t prove to be shallow enough, the observation that Linux isn’t, in your words, a “fantasyland playground for viruses and bug-exploitation” shows that there is at least some truth in the philosophy.

In the short term, the leak of source code may mean Windows will be more vulnerable, but as those exploits are discovered and patched, it will end up more secure than it would have been.  Fixed security holes are better than unknown ones any day, since “unknown” status cannot be guaranteed to persist.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

AlexEiffel

Reply | Quote

AFAIK, M$’s Win 10 computers regularly phone home to M$’s servers with users’ private Telemetry & Data which are encrypted by M$ before being collected.
… If hackers have access to M$’s secret encryption keys and the servers, they can create various exploits and opportunities, eg plant ransomware/malware, spy on “valuable” Win 10 users/targets for trade secrets and insider business dealings, etc.

Reply | Quote

Eg … http://www.zdnet.com/article/two-british-men-arrested-over-microsoft-hacking-plot/

Reply | Quote

Statement regarding The Register’s article

Reply | Quote

You are forgetting public key cryptography (aka asymmetric cryptography). They can encrypt it with one key (public) in the source code (or even publicly disclose the key) and decrypt it on their en with their private key that doesn’t ever have to leave the building (aka not in any source code).

Reply | Quote