Vindows?
-
Seems like a group of Russian and/or Asian hackers has had access to the sourcecode for Windows and Office for a 'couple of months. Oh oh. I don't know about you guys, but this scares the crap out of me. Ed Worsfold get's credit for the Subject line :) ComputerWorld article
-
Seems like a group of Russian and/or Asian hackers has had access to the sourcecode for Windows and Office for a 'couple of months. Oh oh. I don't know about you guys, but this scares the crap out of me. Ed Worsfold get's credit for the Subject line :) ComputerWorld article
> Oh oh. I don't know about you guys, but this scares the > crap out of me. Why?
-
> Oh oh. I don't know about you guys, but this scares the > crap out of me. Why?
How much of the Windows or dot-net sourcecode do you think they may have modified? With a 3 month period of time to think about what they might want to accomplish with the access they had, they could certainly have devised some pretty elegant ways to work in backdoors, trojans, or even in fact simple bugs if they wanted. These guys obviously weren't simply tempted to do a Format and run job. I don't envy our friends at Microsoft right now, I bet they are doing line-by-line code reviews of massive quantities of code, windiffing everything they've written in the last 3+ months, and trying to figure out what may have been compromised
-
How much of the Windows or dot-net sourcecode do you think they may have modified? With a 3 month period of time to think about what they might want to accomplish with the access they had, they could certainly have devised some pretty elegant ways to work in backdoors, trojans, or even in fact simple bugs if they wanted. These guys obviously weren't simply tempted to do a Format and run job. I don't envy our friends at Microsoft right now, I bet they are doing line-by-line code reviews of massive quantities of code, windiffing everything they've written in the last 3+ months, and trying to figure out what may have been compromised
I think it's highly unlikely that anyone modified the general code base. In any organization worth it's salt with Configuration Management policies, it takes many levels of authorization to get changes committed, and any decent organization uses physical paperwork for at least part of it. Code is first checked in at some level, then it must be approved by a team manager, then that code must be approved by a systems architect, etc... They would have to have been extremely clever to get around all these without raising red flags ("Hey bill, I approved that code you submitted to me." "What code, fred? I haven't submitted any code in weeks"... you get the idea).
-
I think it's highly unlikely that anyone modified the general code base. In any organization worth it's salt with Configuration Management policies, it takes many levels of authorization to get changes committed, and any decent organization uses physical paperwork for at least part of it. Code is first checked in at some level, then it must be approved by a team manager, then that code must be approved by a systems architect, etc... They would have to have been extremely clever to get around all these without raising red flags ("Hey bill, I approved that code you submitted to me." "What code, fred? I haven't submitted any code in weeks"... you get the idea).
"In any organization worth it's salt..." What's this got to do with Microsoft? :-)