So far I haven't seen any links to source code.
Quote from one of the admins:
> Yes I have no idea where they got the 32TB stuff. We had a big leak of Win10 builds yes, but these were all Windows Insider stuff that were collected over time available to all Windows Insider members at one time or another.
Edit: BA's official statement: https://www.betaarchive.com/forum/viewtopic.php?f=1&t=37283
We've updated the story to explain why things aren't what they seem. Essentially, the files at the heart of the matter were there (we screenshotted them and saved copies of the forum posts) at time of writing, and they were removed later on Friday.
In terms of the 32TB: that's the full decompressed dump of Windows files uploaded to BA. From what I understand, Microsoft hasn't released 32TB of public Insider material, so obviously there's extra sauce in the mix.
That includes, yes, copies of officially released Insider builds plus confidential private stuff that should never have left Microsoft, let alone turned up in BA. We make this clear in the story - I'm starting to feel the headline could have been better to make this clearer rather than grabbing the biggest figure. I am beginning to regret this.
BA can twist and complain all it likes - but stuff that was confidential within Microsoft ended up in their FTP archive (and some is still in there, such as the ARM64 stuff). The next stage of this story will be to uncover how exactly did this material escape Redmond.
C.
Debugging symbols for most of those builds are available on symsrv.
The Windows Mobile Adaption kit (like the OEM Preinstallation Kits, OEM Adaptation Kits) is shared with a similarly sized audience, which used to include self-attested Microsoft Partners. Again, not confidential. Just gated stuff.
The Shared Source stuff is a slight unknown here because it's not clear what was in the ZIP. I presume this was a sampling of materials shared via the Shared Source Initiative (https://www.microsoft.com/en-us/sharedsource/), none of which includes high-value intellectual property, cryptographic code, third-party code, etc. It could still be damaging but Microsoft has clearly calculated the risk here; this stuff is shared with mere community MVPs.
So with all this knowledge, it's hard to digest the "omg more exploits coming" and "Microsoft lost 32TB of private IP" angles in The Register write up. I don't think there's a story here, frankly.
Do you consider windows installation images to be "compressed files" in this context?
They call it their Shared Source Initiative. They want a reason for sharing it with you but I have used, 'I am just curious.' With that excuse, this was a long time ago when I still used Windows, I got the specific code I wanted for Outlook Express.
I "resolved" the issue by dual booting. The second os(prev ubuntu, going to deb) changes something that takes away win ability to automagicly turn on my machine for updates.
The only thing this really gains anyone is it possible some non-public debug symbols might have been left in some builds. Not earth shattering.
Ehh, Panic software had a good post-mortem talking about this potentially happening to them https://panic.com/blog/stolen-source-code/
My favorite takeaway was, "With every day that passes, that stolen source code is more and more out-of-date."
I remember hearing Windows source code leaks in the past (I see articles from 2000 and 2004) and remember hearing about problems with "clean room" implementations of open source SMB implementations.
Yeah, the fundamentals and much of the source code will probably stick around for many, many years. But this has happened before and I don't see why this is any more of a big deal.
Dead man's switch?
At this point avoiding links is pointless as the source code will be essentially public knowledge in matter of days/weeks. Damage control is the only strategy left. The sooner security researchers outside Microsoft can start analyzing and reporting vulnerabilities, the better.
He never actually stated he wanted it for security, just left it easy to imply.
I wonder if that could be used to narrow down who pulled the code during that window.
What were you implying?
2. If microsoft sued wine devs it would be horrible for Microsofts public image. They won't do it.
3. I hope the WINE devs don't listen to you.
This might be a boon for the ReactOS folks, who are trying to implement the NT kernel, except for seeing the Windows source code automatically disqualifies you from being a contributor.
If anything, this could make their legal situation more sticky.
IIRC, they had to go through some trouble to find people for that rewrite who had not looked at Microsoft's source code AND the parts of the Wine/ReactOS source code that needed to be rewritten.
So I am convinced that they will make extra sure not to even get in the position where someone could imply they might have looked at that source code.
