Original URL: https://www.theregister.co.uk/2003/03/09/ms_shuts_down_site_over/

MS shuts down site over XP P2P leak, but keeps on leaking

Must make perfect sense to somebody...

By John Lettice

Posted in Software, 9th March 2003 16:45 GMT

Microsoft's temporary closure of Neowin Neowin over a Windows XP Peer to Peer SDK leak has taken on an Alice in Wonderland quality. First, the hole the Microsoft take-down notice was intended to plug is still, as far as we can see, open, and second, one Andrew G Tereschenko has been emailing the world's press claiming responsibility.

People do tip off software companies over the posting warez software, NDA breaches and the like, but telling the world afterwards is a new one on us. First though, the hole itself.

The Register was contacted on Friday by someone claiming to be responsible for the publication on Neowin of the item Microsoft didn't like. He says he found the information via Google, and that he was "a little surprised that MSDN posted the Beta ID to use." Indeed, and who wouldn't be? He passed us a link and the guest ID he'd found on MSDN, and the only other thing we needed to download happily was a Microsoft Passport.

In an uncharacteristic reputable attack The Register used a real one that Microsoft could easily track back to us if it wanted to. But we didn't want the code anyway, we've now deleted it, we were just proving the technology, right? We downloaded using the compromised ID on Friday evening, and we did it again today prior to posting this story. Microsoft has taken out a whole web site (which it now protests it didn't intend to do), yet has apparently done nothing else to stop the code leak that prompted its action.

It all kind of suggests that Microsoft still has quite a lot to learn about joined up security. We'd threaten to post details if Redmond hadn't sorted itself out by, say, tomorrow night, but what's the point? As far as we can make out, if you want to know how to get the code it shouldn't turn out to be wildly difficult. So go check IRC or something, we're not telling you. And don't email. We mean that.

Email brings us on to Andrew. Mr Tereschenko, of TAG Software Research Lab in Odessa, has now sent The Register four emails claiming credit for downing Neowin, and explaining why he thinks he was right to do so. The first email includes a log of IRC exchanges between him ('Lonely') and Neobond of Neowin. From this it appears Tereschenko has a beef against Neowin over what he claims was some form of breach of NDA. He alludes to breaches "on windowsbeta.microsoft.com and betaplace.com All of them was reported to Microsoft and fixed.. You can contact Microsoft for details." This is clearly a threat, and some days later on 7th March he says:

Lonely 07.03.20 21:01 Hi Here, You still owe me a 10 USD for a bet I've proposed
Lonely 07.03.20 21:02 Your site was closed becouse of my activity I've initiated
Lonely 07.03.20 22:58 Hi
Lonely 07.03.20 23:22 It was out of my plans that Microsoft will kill your site entirely :o(

This, and a further email sent on Friday, is headed "NDA violations by neowin.net". The second consists of an automated thank you from piracy@microsoft.com, plus the text of Tereschenko's email to the unit. This says:

"There is a wellknown website in Internet a neowin.net. It provide an information about latest technology, but also it reveal a NDA protected information related to Microsoft Beta programs as well it provide an illegal downloads of Microsoft beta files.

"I would like beta administrative staff check if there is any beta accounts opened to an owners of this site (by name,email or address) and determine if they have a NDA signed/violated.

"In case if such a accounts exists I would Microsoft consider it's termination."

Helpfully, he includes whois information for neowin.net and suggests confiscation of email addresses plus legal action against the site's owners. Email number three was the text of a proposed article explaining the story from his point of view, and a suggestion that we and a couple of other familiar names in the press run it. We do not at this juncture propose to share it with you, but we feel he may well post it at his site, where he's publishing documentation on his side of the case.

The gist, however, would appear to be that he contends that information published by Neowin in an earlier article, "Microsoft Windows Server 2003 for Workstations", must have come from an NDA breach and that it is this that he was complaining about, not P2P. Which leaves one wondering if it's possible that Microsoft didn't notice this leak at all, and it just got caught as collateral damage of the 'cease and desist.'

So Neowin could put it back? No, don't go there... It does seem pretty clear that it was P2P that riled Microsoft.

In our view the above is quite enough of Andrew, possibly too much. Go to his site if you want more. We don't propose to express an opinion on his actions, his take on NDAs (well, apart from observing that we think it's an impressively all-embracing one), or the legality or otherwise of what Neowin publishes. None of this, in our view, is the point.

Neowin at least to some extent, seems to operate on the basis of 'tell us to take it down and we will.' Microsoft is well aware that the Internet is dripping with code leaks, breaches of confidence, NDA violations, and it clearly can't get them all. In point of fact, as much of the software industry seems hell-bent on making more or less everything illegal, you can see how they might not really know where to start.

So you can think of some kind of tacit accommodation existing between companies like Microsoft and sites like Neowin, where both sides view matters on a case-by-case basis, Neowin tests the limits, sometimes gets threatened, backs a way a little. Kind of works, in a world we're all still only starting to get to grips with.

This time however it didn't happen like that. Microsoft may or may not have checked out Neowin in response to Tereschenko's badgering, but it found P2P, not Server 2003. Rather than sending a take-down to Neowin it went for an upstream ISP, and someone seems to have pulled the plugs on the entire site.

This was, a Microsoft rep told Joe, "just a mistake." It is however perfectly legal. So, Neowin was blacked out and lost its live SQL database along the way without any kind of due process, without being informed of the alleged offence, and without any right of appeal. As we say, in the wonderful world we now live in this is now perfectly legal, and could happen to just about any site. And that, we submit, is the point. ®