Skip to main content
CNN.com International
The Web    CNN.com      Powered by
 
 
 
 
 
 
 
 
 
 
 
 
 
ON TV
 
 
 
 
 
 
 
Technology

Profanity, partner's name hidden in leaked Microsoft code

By Jeordan Legon
CNN


Story Tools

SOURCE CODE
Programs are written by software developers using programming languages. This source code allows computers to understand and run software. The translation of the source code by the machine is known as compiling.
YOUR E-MAIL ALERTS
Microsoft Corporation
Computer Software
Computer Security
Hackers

(CNN) -- Eager to get their hands on Microsoft's secrets, a frenzy of Internet file sharing followed the leak of source code for the popular Windows NT and Windows 2000 software.

The chunks of code -- riddled with hidden notes and profanity -- were posted on numerous file-sharing networks Friday. And message boards buzzed with anti-Microsoft comments, including "I hope they hack the hell out of it" and "I'm so glad I have a Mac."

It still was unclear how the security breach would impact millions of computers using the world's largest software maker's products. Microsoft quickly said there were no reports of the breach affecting customers as FBI agents tried to track down suspects.

But security experts said the compromised files -- by some estimates, about 15 percent of the code used to write the programs -- could arm hackers and virus writers with new weapons to launch more effective cyber attacks. Software pirates could potentially use the data to build better bootleg copies of Microsoft's programs. And the company's reputation -- already battered by critics of its security -- took another hit.

"It makes it easier" on hackers, said Ken Dunham, Malicious Code Intelligence Director for security firm iDefense. "Instead of trying blindly to get in, now you can just go in, see the lines of code, run it, test it."

Dunham and others spent hours looking for clues in the code, a mix of assembler, C and C++ programming languages. The leaked Windows 2000 code contained 30,915 files and a whopping 13.5 million lines of code, he said. And the Windows NT breach had 95,103 files and 28 million lines. Both were available as zip files being exchanged readily on the Internet, Dunham said.

"You have a mixture of good code and junk that doesn't make sense," he said. "It looks like someone was playing around with it."

It's not clear whether numerous profanities that are written into the code -- invisible to front-end users of the programs -- were put there by Microsoft developers or those who got their hands on the files after them.

Experts looking at the leaked Windows code said they found several mentions of San Jose, California-based software maker Mainsoft. The Microsoft partner got access to the source code in 1994 to build applications that allow Windows programs to run on UNIX servers.

In a short statement released Friday afternoon, Mainsoft chairman Mike Gullard said the firm "will cooperate fully with Microsoft and all authorities in their investigation."

He declined to offer details. Microsoft would not say whether its detective work pointed to Mainsoft.

"Our investigation has shown that this was not a result of any breach of our corporate network or internal security," Microsoft spokesman Stacy Drake said.

Developers looking at the code said it appeared to come from a "core dump" file generated by one of Mainsoft's Linux-run machines, said Nate Mook, editor of BetaNews.com. Core dump files are created when a computer crashes to temporarily store unsaved data in the machine's hard drive.

But Dunham said that while Mainsoft's name appeared in the code at least three times, hackers could have added the information to throw off investigators.

The list of possible culprits could be long because Microsoft shares pieces of its source code with many governments, universities and large corporate clients.

Microsoft's Shared Source Initiative was launched last year in part to combat competition from Linux software, which is often less expensive and makes all its code public, allowing companies more customization.

Drake said Microsoft's detective work cleared the Shared Source Initiative as the cause of the breach.

Despite concerns that such source sharing could lead to more leaks, the program is vital to grow the business, Wilfried Grommen, general manager for Microsoft's business strategy for Europe, Middle East and Africa, told Reuters on Friday.

"I don't think that this kind of shared source usage can be scaled back," he said. "It's become an essential part of our business practices. Governments want it for trust and transparency. Businesses want it for security."


Story Tools
Click Here to try 4 Free Trial Issues of Time! cover
Top Stories
Burgers, lattes and CD burners
Top Stories
EU 'crisis' after summit failure

CNN US
On CNN TV E-mail Services CNN Mobile CNN AvantGo CNNtext Ad info Preferences
SEARCH
   The Web    CNN.com     
Powered by
© 2005 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines. Contact us.
external link
All external sites will open in a new browser.
CNN.com does not endorse external sites.
 Premium content icon Denotes premium content.