Internet leak
From Wikipedia, the free encyclopedia
An Internet leak occurs when a party's confidential intellectual property is released to the public on the Internet. Various types of information and data can be, and have been, "leaked" to the Internet, the most common being personal information, computer software and source code, and artistic works such as albums. For example, a musical album is leaked if it has been made available to the public on the Internet before its official release date; this musical material is still intended to be confidential.
Source code leaks are usually caused by misconfiguration of software like CVS or FTP which allow people to get source files by exploiting this, by software bugs, or by employees that have access to the sources of part of them revealing the code in order to harm the company.
There were many cases of source code leaks in the history of software development. For example, in 2003 a cracker exploited a security hole in Microsoft's Outlook to get the complete source of Half-Life 2, which was under development at the time. The complete source was soon available in various file sharing networks. This leak was rumored to be the cause of the game's delay, but later was stated not to be.
Also in 2003, source code to Diebold Election Systems Inc. voting machines has been leaked. Researchers at Johns Hopkins University and Rice University published a damning critique of Diebold's products, based on an analysis of the software. They found, for example, that it would be easy to program a counterfeit voting card to work with the machines and then use it to cast multiple votes inside the voting booth.
Another case involved a partial leak of the source code to Microsoft Windows 2000. Two files containing Microsoft source code were circulating on the Internet. One contains a majority of the NT4 source code and the other contains a fraction of the Windows 2000 source code, reportedly about 15% of the total. This includes some networking code including winsock and inet; as well as some shell code. It was feared that because of the leak, the number of security exploits would increase due to wider scrutinization of the source code.
In 2004 partial (800mb) proprietary source code that drives Cisco Systems' networking hardware was made available in the internet. The site posted two files of source code written in the C programming language, which apparently enables some next-generation Internet Protocol version 6 functionality. News of the latest source code leak appeared on a Russian security site, SecurityLab.ru.
On January 28, 2008, Nintendo's crossover fighting video game Super Smash Bros. Brawl for the Wii console had a major leak having to do with unconfirmed playable characters. The leak was unintentionally started by the Japanese language Wii.com website, which released a video that included small images of not-yet confirmed characters within the game. The website fixed this mistake, but the leak still continued. Websites like YouTube contain screenshots and video gameplay of the unconfirmed characters of the game.
[edit] High-profile Internet leaks
- 3 October 2003 : Half-Life 2 source code
- 13 February 2004 : Microsoft Windows 2000/NT source code
- 21 February 2005 : Paris Hilton's mobile phone address book