MS shuts down site over XP P2P leak, but keeps on leaking

Must make perfect sense to somebody...

  • alert
  • submit to reddit

Intelligent flash storage arrays

Microsoft's temporary closure of Neowin Neowin over a Windows XP Peer to Peer SDK leak has taken on an Alice in Wonderland quality. First, the hole the Microsoft take-down notice was intended to plug is still, as far as we can see, open, and second, one Andrew G Tereschenko has been emailing the world's press claiming responsibility.

People do tip off software companies over the posting warez software, NDA breaches and the like, but telling the world afterwards is a new one on us. First though, the hole itself.

The Register was contacted on Friday by someone claiming to be responsible for the publication on Neowin of the item Microsoft didn't like. He says he found the information via Google, and that he was "a little surprised that MSDN posted the Beta ID to use." Indeed, and who wouldn't be? He passed us a link and the guest ID he'd found on MSDN, and the only other thing we needed to download happily was a Microsoft Passport.

In an uncharacteristic reputable attack The Register used a real one that Microsoft could easily track back to us if it wanted to. But we didn't want the code anyway, we've now deleted it, we were just proving the technology, right? We downloaded using the compromised ID on Friday evening, and we did it again today prior to posting this story. Microsoft has taken out a whole web site (which it now protests it didn't intend to do), yet has apparently done nothing else to stop the code leak that prompted its action.

It all kind of suggests that Microsoft still has quite a lot to learn about joined up security. We'd threaten to post details if Redmond hadn't sorted itself out by, say, tomorrow night, but what's the point? As far as we can make out, if you want to know how to get the code it shouldn't turn out to be wildly difficult. So go check IRC or something, we're not telling you. And don't email. We mean that.

Email brings us on to Andrew. Mr Tereschenko, of TAG Software Research Lab in Odessa, has now sent The Register four emails claiming credit for downing Neowin, and explaining why he thinks he was right to do so. The first email includes a log of IRC exchanges between him ('Lonely') and Neobond of Neowin. From this it appears Tereschenko has a beef against Neowin over what he claims was some form of breach of NDA. He alludes to breaches "on windowsbeta.microsoft.com and betaplace.com All of them was reported to Microsoft and fixed.. You can contact Microsoft for details." This is clearly a threat, and some days later on 7th March he says:

Lonely 07.03.20 21:01 Hi Here, You still owe me a 10 USD for a bet I've proposed
Lonely 07.03.20 21:02 Your site was closed becouse of my activity I've initiated
Lonely 07.03.20 22:58 Hi
Lonely 07.03.20 23:22 It was out of my plans that Microsoft will kill your site entirely :o(

This, and a further email sent on Friday, is headed "NDA violations by neowin.net". The second consists of an automated thank you from piracy@microsoft.com, plus the text of Tereschenko's email to the unit. This says:

"There is a wellknown website in Internet a neowin.net. It provide an information about latest technology, but also it reveal a NDA protected information related to Microsoft Beta programs as well it provide an illegal downloads of Microsoft beta files.

"I would like beta administrative staff check if there is any beta accounts opened to an owners of this site (by name,email or address) and determine if they have a NDA signed/violated.

"In case if such a accounts exists I would Microsoft consider it's termination."

Helpfully, he includes whois information for neowin.net and suggests confiscation of email addresses plus legal action against the site's owners. Email number three was the text of a proposed article explaining the story from his point of view, and a suggestion that we and a couple of other familiar names in the press run it. We do not at this juncture propose to share it with you, but we feel he may well post it at his site, where he's publishing documentation on his side of the case.

The gist, however, would appear to be that he contends that information published by Neowin in an earlier article, "Microsoft Windows Server 2003 for Workstations", must have come from an NDA breach and that it is this that he was complaining about, not P2P. Which leaves one wondering if it's possible that Microsoft didn't notice this leak at all, and it just got caught as collateral damage of the 'cease and desist.'

So Neowin could put it back? No, don't go there... It does seem pretty clear that it was P2P that riled Microsoft.

In our view the above is quite enough of Andrew, possibly too much. Go to his site if you want more. We don't propose to express an opinion on his actions, his take on NDAs (well, apart from observing that we think it's an impressively all-embracing one), or the legality or otherwise of what Neowin publishes. None of this, in our view, is the point.

Neowin at least to some extent, seems to operate on the basis of 'tell us to take it down and we will.' Microsoft is well aware that the Internet is dripping with code leaks, breaches of confidence, NDA violations, and it clearly can't get them all. In point of fact, as much of the software industry seems hell-bent on making more or less everything illegal, you can see how they might not really know where to start.

So you can think of some kind of tacit accommodation existing between companies like Microsoft and sites like Neowin, where both sides view matters on a case-by-case basis, Neowin tests the limits, sometimes gets threatened, backs a way a little. Kind of works, in a world we're all still only starting to get to grips with.

This time however it didn't happen like that. Microsoft may or may not have checked out Neowin in response to Tereschenko's badgering, but it found P2P, not Server 2003. Rather than sending a take-down to Neowin it went for an upstream ISP, and someone seems to have pulled the plugs on the entire site.

This was, a Microsoft rep told Joe, "just a mistake." It is however perfectly legal. So, Neowin was blacked out and lost its live SQL database along the way without any kind of due process, without being informed of the alleged offence, and without any right of appeal. As we say, in the wonderful world we now live in this is now perfectly legal, and could happen to just about any site. And that, we submit, is the point. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
Redmond top man Satya Nadella: 'Microsoft LOVES Linux'
Open-source 'love' fairly runneth over at cloud event
Chrome 38's new HTML tag support makes fatties FIT and SKINNIER
First browser to protect networks' bandwith using official spec
Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat
Four new patches for open-source crypto libraries
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.