Both the NSA and CIA have been in the news way too many times recently when organizations like WikiLeaks and others released stolen software that the organizations would rather remain private. In the case of the spy agencies, that software is their internally developed hacking tools.
Now it is someone else’s turn.
Microsoft has acknowledged that some of their Windows 10 source code has been released into the wild. Not all of it, but a lot.
32 terabytes of installation images, documentation and code for hardware drivers, USB and WiFi code, some kernel code and other source code was leaked and available for download by anyone who had access to the appropriate hacker sites.
Microsoft calls it their Shared Source Kit. It is distributed privately based on contracts which restricts how it is handled. Typically it is provided to hardware manufacturers, selected customers and some researchers. Now it is available to hackers also.
Some of the images contain information that is never released publicly that would definitely help hackers.
It also would allow hackers to look for bugs that they can exploit. That is much easier if you have the source code.
While this is not the end of the world and it does not involve a breach of Microsoft’s network, it is still embarrassing and a security problem for Microsoft.
On the other hand, given the number of businesses that likely have access to the Shared Source Kit, this leak is not completely surprising.
After all, it only takes one of these partners to be hacked for the code to be out in the wild. No one is suggesting that a partner who legally has this code released it into the wild.
What is your level of confidence that your company’s family jewels are really still secret?
Information for this post came from The Register.