Yeah. I looked for it. It's not hard to find. Three letters should get you to a download in 5 - 10 minutes: I R C.

So far this appears to be getting downplayed by the mainstream press. This is a BIG DEAL. "A leak of any portion 'could dramatically increase the probability that new zero-day vulnerabilities will be found,' said Alan Paller, director of research at the SANS Institute, a security training group based in Bethesda." (The Washington Post - Friday, February 13, 2004)

Think about it for a second. 660 MEGABYTES of source code -- That is a lot! The reported size of the complete Windoze 2000 source code is around 40GB, but 660MB is still a CD full of code. So many exploits were found without access to ANY code. Now, a CD worth is floating around out there for anyone to download. Ouch!?

Of course, the open source community will never ever have this problem. Leaked source code... humph!

UPDATE (17 Feb 2004):

It appears an exploit for Internet Explorer 5 (and Outlook Express) based on the leaked Win2K source code has been released. That didn't take long. Luckily, it's for IE5, which, as the Google Zeitgist says, is one of the least uses browsers on the net.



Read on for the Washington Post article.

Slashdot has a nice discussion about this here.

[read more...]