Say "No, Thanks" to Offers of Illegal MS Source Code
The Wall Street Journal reported today [October 27, 2000 -- Ed.] that Microsoft and the FBI are investigating an intrusion in which unknown attackers had access to Microsoft source code for three months. Although nothing purporting to be Microsoft source code copied in the intrusion has surfaced yet, any such code poses a legal risk to people who read it and to any free software project that accepts contributions from those people.
"Anybody who wishes to be involved in free software should have nothing to do with anything claiming to be Microsoft source code released without license or in any informal way," said Eben Moglen, general counsel of the Free Software Foundation and professor of law and legal history at Columbia University. Microsoft, he said, would be in a position to seek damages from anyone trafficking in misappropriated trade secrets, which can include merely reading the Microsoft code and then contributing to a free project.
If offered any code that implements Microsoft-like APIs, or uses Microsoft's file formats or protocols, the FSF will go beyond its normal legal paperwork to make sure that the contributor has not had contact with Microsoft's proprietary information. "We would certainly take additional measures to prove the absence of any relationship between developers and Microsoft's trade secrets," Moglen said.
Free software developers are already careful to keep themselves insulated from any contact with proprietary information. Jeremy Allison, one of the lead developers on the Samba project, said that his response to one anonymous offer of Windows NT source code was, "You're offering to end my career. Thanks but no thanks." And the Samba team, he said, will refuse to work with anyone who has seen Microsoft's proprietary code. "Anything we do has to be completely legal," he said. "There are plenty of people who can work on it who haven't seen Microsoft source code." His advice to anyone planning to write free software in the future is, "Stay away from [proprietary Microsoft source code] at all costs."
News reports blamed the Microsoft intrusion on aTrojan Horse program that installs when a Windows user opens an e-mail attachment in Microsoft Outlook.
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems
Join editor Bill Childers and Bit9's Paul Riegle on April 27 at 12pm Central to learn how to keep your Linux systems secure.
Free to Linux Journal readers.Register Now!
|Security Hardening with Ansible||Aug 18, 2014|
|Monitoring Android Traffic with Wireshark||Aug 14, 2014|
|IndieBox: for Gamers Who Miss Boxes!||Aug 13, 2014|
|Non-Linux FOSS: a Virtualized Cisco Infrastructure?||Aug 11, 2014|
|Linux Security Threats on the Rise||Aug 08, 2014|
|Android Candy: Oyster—Netflix for Books!||Aug 07, 2014|
- Security Hardening with Ansible
- NSA: Linux Journal is an "extremist forum" and its readers get flagged for extra surveillance
- Monitoring Android Traffic with Wireshark
- Tech Tip: Really Simple HTTP Server with Python
- IndieBox: for Gamers Who Miss Boxes!
- RSS Feeds
- [<Megashare>] Watch Mrs Brown's Boys Movie Online Full Movie HD 2014
- Linux Security Threats on the Rise
- Cooking with Linux - Serious Cool, Sysadmin Style!
- Linux Systems Administrator