MS shuts down site over XP P2P leak, but keeps on leaking

Must make perfect sense to somebody...

  • alert
  • submit to reddit

High performance access to file storage

Microsoft's temporary closure of Neowin Neowin over a Windows XP Peer to Peer SDK leak has taken on an Alice in Wonderland quality. First, the hole the Microsoft take-down notice was intended to plug is still, as far as we can see, open, and second, one Andrew G Tereschenko has been emailing the world's press claiming responsibility.

People do tip off software companies over the posting warez software, NDA breaches and the like, but telling the world afterwards is a new one on us. First though, the hole itself.

The Register was contacted on Friday by someone claiming to be responsible for the publication on Neowin of the item Microsoft didn't like. He says he found the information via Google, and that he was "a little surprised that MSDN posted the Beta ID to use." Indeed, and who wouldn't be? He passed us a link and the guest ID he'd found on MSDN, and the only other thing we needed to download happily was a Microsoft Passport.

In an uncharacteristic reputable attack The Register used a real one that Microsoft could easily track back to us if it wanted to. But we didn't want the code anyway, we've now deleted it, we were just proving the technology, right? We downloaded using the compromised ID on Friday evening, and we did it again today prior to posting this story. Microsoft has taken out a whole web site (which it now protests it didn't intend to do), yet has apparently done nothing else to stop the code leak that prompted its action.

It all kind of suggests that Microsoft still has quite a lot to learn about joined up security. We'd threaten to post details if Redmond hadn't sorted itself out by, say, tomorrow night, but what's the point? As far as we can make out, if you want to know how to get the code it shouldn't turn out to be wildly difficult. So go check IRC or something, we're not telling you. And don't email. We mean that.

Email brings us on to Andrew. Mr Tereschenko, of TAG Software Research Lab in Odessa, has now sent The Register four emails claiming credit for downing Neowin, and explaining why he thinks he was right to do so. The first email includes a log of IRC exchanges between him ('Lonely') and Neobond of Neowin. From this it appears Tereschenko has a beef against Neowin over what he claims was some form of breach of NDA. He alludes to breaches "on windowsbeta.microsoft.com and betaplace.com All of them was reported to Microsoft and fixed.. You can contact Microsoft for details." This is clearly a threat, and some days later on 7th March he says:

Lonely 07.03.20 21:01 Hi Here, You still owe me a 10 USD for a bet I've proposed
Lonely 07.03.20 21:02 Your site was closed becouse of my activity I've initiated
Lonely 07.03.20 22:58 Hi
Lonely 07.03.20 23:22 It was out of my plans that Microsoft will kill your site entirely :o(

This, and a further email sent on Friday, is headed "NDA violations by neowin.net". The second consists of an automated thank you from piracy@microsoft.com, plus the text of Tereschenko's email to the unit. This says:

"There is a wellknown website in Internet a neowin.net. It provide an information about latest technology, but also it reveal a NDA protected information related to Microsoft Beta programs as well it provide an illegal downloads of Microsoft beta files.

"I would like beta administrative staff check if there is any beta accounts opened to an owners of this site (by name,email or address) and determine if they have a NDA signed/violated.

"In case if such a accounts exists I would Microsoft consider it's termination."

Helpfully, he includes whois information for neowin.net and suggests confiscation of email addresses plus legal action against the site's owners. Email number three was the text of a proposed article explaining the story from his point of view, and a suggestion that we and a couple of other familiar names in the press run it. We do not at this juncture propose to share it with you, but we feel he may well post it at his site, where he's publishing documentation on his side of the case.

The gist, however, would appear to be that he contends that information published by Neowin in an earlier article, "Microsoft Windows Server 2003 for Workstations", must have come from an NDA breach and that it is this that he was complaining about, not P2P. Which leaves one wondering if it's possible that Microsoft didn't notice this leak at all, and it just got caught as collateral damage of the 'cease and desist.'

So Neowin could put it back? No, don't go there... It does seem pretty clear that it was P2P that riled Microsoft.

In our view the above is quite enough of Andrew, possibly too much. Go to his site if you want more. We don't propose to express an opinion on his actions, his take on NDAs (well, apart from observing that we think it's an impressively all-embracing one), or the legality or otherwise of what Neowin publishes. None of this, in our view, is the point.

Neowin at least to some extent, seems to operate on the basis of 'tell us to take it down and we will.' Microsoft is well aware that the Internet is dripping with code leaks, breaches of confidence, NDA violations, and it clearly can't get them all. In point of fact, as much of the software industry seems hell-bent on making more or less everything illegal, you can see how they might not really know where to start.

So you can think of some kind of tacit accommodation existing between companies like Microsoft and sites like Neowin, where both sides view matters on a case-by-case basis, Neowin tests the limits, sometimes gets threatened, backs a way a little. Kind of works, in a world we're all still only starting to get to grips with.

This time however it didn't happen like that. Microsoft may or may not have checked out Neowin in response to Tereschenko's badgering, but it found P2P, not Server 2003. Rather than sending a take-down to Neowin it went for an upstream ISP, and someone seems to have pulled the plugs on the entire site.

This was, a Microsoft rep told Joe, "just a mistake." It is however perfectly legal. So, Neowin was blacked out and lost its live SQL database along the way without any kind of due process, without being informed of the alleged offence, and without any right of appeal. As we say, in the wonderful world we now live in this is now perfectly legal, and could happen to just about any site. And that, we submit, is the point. ®

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
Microsoft: Windows version you probably haven't upgraded to yet is ALREADY OBSOLETE
Pre-Update versions of Windows 8.1 will no longer support patches
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Windows XP still has 27 per cent market share on its deathbed
Windows 7 making some gains on XP Death Day
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
US taxman blows Win XP deadline, must now spend millions on custom support
Gov't IT likened to 'a Model T with a lot of things on top of it'
prev story


Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.