lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <00c101c3f6f1$beabb0a0$89753e98@corp.emc.com>
From: exibar at thelair.com (Exibar)
Subject: InfoSec sleuths beware ...

I would have to venture a guess that Microsoft would only distribute the
source code on protected and controlled CD's.  Possiblely burned in house
for the few authorized 3rd parties that are allowed to have the source.  I
remember reading that the whole of the source comes to 45 - 50 Gig in
size... that's a whole lot of CD's.

   I would think that a more controllable environment would be a laptop that
must phone home every 5 minutes of activity or gets securely wiped.  Better
yet, an encrypted laptop where access to the sourcecode is limited to 5
minutes and then you must FOB authenticate back into it.  After 30 minutes
of activity and no FOB re-entry you must call back to Microsoft for a new
software FOB.  After one hour of activity and no FOB authentication the
whole laptop becomes irreversibly encrypted and must be sent back to
Microsoft to be re-built.

   Ok maybe that's TOO secure :-)

  Exibar

----- Original Message ----- 
From: "Dave Horsfall" <dave@...sfall.org>
To: <full-disclosure@...ts.netsys.com>
Sent: Thursday, February 19, 2004 12:14 PM
Subject: Re: [Full-Disclosure] InfoSec sleuths beware ...


> On Thu, 19 Feb 2004, Exibar wrote:
>
> >   Seriously though, the leak was a "boo-boo" by one of Microsoft's
> > partners, I'm sure.  I'm sure that someone got their hand slapped pretty
> > hard for this blunder and I'm also sure that Microsoft will see that it
> > won't happen again and I seriously doubt that the source leak will cause
> > any sleepless nights.....  People make mistakes, they deal with it, and
> > move on with life....
>
> Am I the only one to have noticed that the unzipped contents neatly fit on
> a CD?  Not arguing one way or the other, but it does suggest a possible
> vector.  Accidental?  I doubt it.
>
> -- Dave
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ