Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
TJ, watch you a$$, BIG BRO WATCHING NOW,and if its written,they will find it lol
hey, as an iraqi citizen, i have my constitutional rights, which the administration will defend for me with the full might of the u.s. military ...
okay, no politics, but nobody is here right now.
now this must be reaching a new level of 'chutzpah':
Richard Perle, a chief proponent of last year's U.S. invasion of Iraq, yesterday called for the chiefs of the Central Intelligence Agency and the U.S. Defence Intelligence Agency to step down because of their faulty conclusions that Saddam Hussein possessed mass-killing weapons.
San Fran should be aptly renamed Sodom and Gomorrah
well, they can have sodom, but i believe los angeles has a claim on 'gomorrah'.
speaking of japan:
http://www.asahi.com/english/opinion/TKY200402180127.html
POINT OF VIEW/ Susumu Saito: Looks can be deceiving with U.S. economy
Fashionable nowadays is the news that the U.S. economy has rebounded strongly since 2000 from the shock of the bursting of the stock ``bubbles.'' U.S. Federal Reserve Board Chairman Alan Greenspan proudly praised the resilience of the U.S. economy in his self-congratulatory testimony to the U.S. Congress last week.
Indeed, the Fed has been apparently preoccupied with its own determination not to repeat the mistakes of its Japanese counterpart in the 1990s following the cave-in of Japan's asset-inflated economy. To wit, Japanese policymakers at that time acted too late and with too little in the way of monetary and fiscal policy to counter the contractional economic forces.
So, readers might get the impression that the U.S. monetary and fiscal authorities have acted swiftly to avoid the Japanese mistake and that the U.S. economy must have performed significantly better for the past four years than the Japanese economy did in the first four years of the 1990s.
Firing off monetary silver bullets
The Fed wasted no time in firing off its monetary silver bullets. In January 2001, only a year after the stock market began its steep slide, the Fed started cutting the federal funds rate from a high of 6.50 percent down to 1.00 percent by June 2003. In two and a half years, the federal funds rate fell by 5.50 percent to 1.00 percent, where it has remained.
Compared to the Fed, the Bank of Japan indeed acted very slowly in lowering the discount rate in the 1990s. Also, the Japanese central bank began to lower its policy interest rate in the second year after the bubble started to burst. On July 1, 1991, the BOJ cut the discount rate by 50 basis points to 5.50 percent from the high of 6.00 percent, which had lasted since August 1990. However, it was only in the sixth year of the 1990s, in April 1995, when the discount rate finally fell to 1.00 percent.
Also, the U.S. fiscal authorities appear to have acted more swiftly and forcefully than their Japanese counterparts in the comparable period after the bursting of the stock bubbles.
The American budget balance (federal, state and local) has swung from a ``surplus'' of $268.7 billion (29.557 trillion yen) in the first quarter of 2000 to a ``deficit'' of about $500 billion in the fourth quarter of 2003. For the past four years, the total swing in the budgetary position has amounted to more than $760 billion, or 6.8 percent of gross domestic product in the final quarter of 2003.
Likewise, Japan's budgetary position on a comparable basis with the United States swung from a ``surplus'' of 9 trillion yen in 1990 to a ``deficit'' of 8 trillion yen in 1993. But the total swing of 17 trillion yen in the budgetary position from 1990 to 1993 amounted to only 3.5 percent of GDP in 1993.
The problem is that the response of the American economy, despite the massive doses of monetary and fiscal medecine, has not been so impressive as the U.S. policymakers would have us believe.
Most readers might be surprised to hear that the U.S. economy actually lagged behind the Japanese economy in the first three and a half years after their respective stock bubbles burst.
From the first quarter of 1990 to the second quarter of 1993, Japan's GDP expanded 13.8 percent in nominal terms and 7.3 percent in real terms. During the comparable period from the first quarter of 2000 to the second quarter of 2003, America's GDP grew only 12.6 percent in nominal terms and 6.1 percent in real terms. In the early part of this period, the U.S. economy indeed lagged far behind the Japanese economy. Only in the second half of the fourth year after the stock market reversal did the U.S. economy begin-and then only marginally-to outperform the Japanese economy.
Then, after a temporary economic standstill in 1993, the delayed doses of monetary and fiscal medicine began to mend the Japanese economy all through 1997 as briskly as the recent pace of the U.S. economy.
The challenges facing the U.S. economy are at least twofold. One is that the U.S. economy has already used up an even larger dose of monetary and fiscal medicine over the past four years than the Japanese economy did during the first seven years of the 1990s. Another is that the U.S. economy cannot finance its economic expansion with its own internal resources, as has been exemplified by the ballooning current account deficit. This is unlike the Japanese economy, which retained a sizable current account surplus even in 1996, the seventh year after the bubble burst.
First of all, it's doubtful whether the American public is prepared to incur indefinitely larger and larger budget deficits to finance a further expansion of the U.S. economy in the current form. Tax cuts have benefited the wealthy, but the expansion of jobs has been almost nonexistent.
Secondly, the Fed is quite unlikely to raise interest rates despite the ballooning current account deficit and a falling dollar if its primary focus remains the continued growth of the U.S. economy.
All the contradictions arising from U.S. monetary and fiscal policy appear to be masked temporarily by massive interventions to support the dollar, primarily by the Japanese central bank, and to a lesser extent by the other Asian central banks.
Such operations in the currency market have amounted to larger and larger purchases of the U.S. deficit bonds.
The problems arising from such ad hoc measures are multiple.
First, the trans-Pacific trade imbalance has tipped further, resulting in the buildup of massive countervailing forces to be unleashed later in the currency and other financial markets.
Second, counting on the seemingly insatiable appetite of the American customer, the allocation of economic resources in the Japanese and other Asian economies appears to have been distorted to a larger extent than before.
Behaving like innocent merchants
In this trans-Pacific macroeconomic picture, Japan and the other Asian nations appear to be behaving like innocent merchants willing to sell on credit as much as their customers want. This framework has persisted for the past three decades or so, ever since the United States began to float the dollar in the currency market.
Sensible persons even without business expertise know the ultimate consequences of such relations between merchants and customers.
* * *
The author is director of the Trilateral Institute, Inc. (Sankyoku Keizai Kenkyusho), a private think tank based in Tokyo. His column runs on the third Wednesday of each month. He contributed this article to the Herald Tribune/ Asahi.(IHT/Asahi: February 18,2004) (02/18)
right now, here is the city of angels ...
yikes! 91 octane gas is now $2.15 here in cali ...
I would bet some scientists also have a political agenda.
sure, i wouldn't doubt it. but ...
Together, the two documents accuse the administration of repeatedly censoring and suppressing reports by its own scientists, stacking advisory committees with unqualified political appointees, disbanding government panels that provide unwanted advice, and refusing to seek any independent scientific expertise in some cases.
"Other administrations have, on occasion, engaged in such practices, but not so systematically nor on so wide a front," the statement from the scientists said, adding that they believed the administration had "misrepresented scientific knowledge and misled the public about the implications of its policies."
[...]
The scientists denied that they had political motives in releasing the documents as the 2004 presidential race began to take shape, with Howard Dean dropping out a day after Senator John Kerry narrowly defeated Senator John Edwards on the Wisconsin Democratic primary. The organization's report, Dr. Gottfried said, had taken a year to prepare — much longer than originally planned — and had been released as soon as it was ready.
"I don't see it as a partisan issue at all," said Russell Train, who served as administrator of the Environmental Protection Agency under Presidents Richard M. Nixon and Gerald R. Ford, and who spoke in the conference call in support of the statement. "If it becomes that way I think it's because the White House chooses to make it a partisan issue," Mr. Train said.
interesting. i believe this:
"This is likely why Treasuries weakened as the day went on, as the perception correctly grew that Japan would not be as supportive of the bond market if the dollar continued to rise."
i got "stopped out" of a big chunk of my gold position today, and let it compel me to take other longs with it. right now, i'm pretty much scouting only for short opportunities, or cash, or ... hmmm. i have no idea where there is safety.
but .... along the lines of your article: this is exactly what marc faber has been saying since january: go long the dollar, and short the u.s. markets.
faber:
http://www.gloomboomdoom.com/marketcoms/indexmarketcoms.htm
"glad I'm not the only paranoid whacko around here"
well ya know, i've found this new ability to communicate with my parents on 'distrust of government'. (they were children of the 60's/early 70's).
actually, along these lines (front page, today's ny times):
Scientists Accuse White House of Distorting Facts
By JAMES GLANZ
Published: February 18, 2004
The Bush administration has deliberately and systematically distorted scientific fact in the service of policy goals on the environment, health, biomedical research and nuclear weaponry at home and abroad, a group of about 60 influential scientists, including 20 Nobel laureates, said in a statement issued today. [...]
http://www.nytimes.com/2004/02/18/science/18CND-RESE.html?hp
if ya can manipulate science, just think what you can do with non-science ...
nota bene! re "...which could happen - claims, PPI..."
as i posted here last night, ppi numbers will be delayed indefinitely because of "circumstances beyond their control".
Separately, the Labor Department, citing "unexpected" statistical difficulties in preparing its Producer Price Index for January, said that it has indefinitely postponed release of the data, originally scheduled for Thursday morning. The department's Bureau of Labor Statistics said it was having problems converting some categories to a new classification system and is putting off the release until the problem is solved. Officials said the delay won't affect Friday's scheduled release of the monthly Consumer Price Index.
the conspiracy-theorist in me, of course, takes this to mean that the number is too high to report.
mlsoft,
you wrote:
In edit, I would add that for the Gambit to succeed on a longer term basis, it is not enough for Greenspan and the Fed to keep the markets at current levels -- instead they must continue to push them ever higher. With the markets already at historically absurd valuations, that is going to be an extremely difficult task for them to manage.
well, as someone who agrees with you in general, i'll just add my observation here: i get the impression that a "target" was reached sometime in late summer, and that since then, the moves in the market have been correlated inversely to moves in the us$. why exactly, i dunno. but that's what it looks like ... even down to a day-to-day basis (like today, for example).
Any reason for the CYMI $1.40 spike since noon?
i was watching that myself ... volume seems to have been ~2x average on the down morning ...
however, i'm now short from 43.1
It's now Firefox, keep up :)[\i]
oops. i get confused. it still comes up with the old "phoenix" icon, which makes me think "bird on fire". :-P
I tried the Google tool bar pop-up stopper. It did not work well for me.
the new mozilla browser (i.e. netscape, now firebird) works well.
dollar hanging out near new lows (84.6-8), in spite of reports of japanese intervention. silver looks like it has broken out ...
well, not everyone is happy out there. from stephen roach's latest:
"I fear modern-day central banking is on the brink of systemic failure."
Feb 17, 2004
Global: Central Banking Discredited
Stephen Roach (New York)
http://www.morganstanley.com/GEFdata/digests/latest-digest.html
------------
and on a lighter note, from richard russell (quoting jay leno):
"Iraq is trying to come up with a constitution. Why don't we give 'em ours. We're not using it anymore."
Intel can't totally kill Itanium. They have to try and save a little face.
hmm. i seem to remember itanium (a.k.a. itanic) talk from way back in what, '97? isn't 5+ years enough 'trying to save face'?
And being Intel, they won't be totally compatible with AMD. The software makers will have to continue supporting two similar standards like the do now with MMX and 3DNow.
right, but for the most part - except maybe for very specialized programming - this is hidden inside the OS code and by the compilers. so its pretty much just the compiler writer (which in this case is either msft, intel or gnu, for the most part) who have to worry about it. while, on the other hand, itanic required a whole new compiler technology, since that's where all your optimizations are done.
It looks like somebody at Intel is starting to come to their senses.
with itanic, its probably just the success of the amd 64's. though most folks don't need 64 bits on the desktop, there are still enough who do (e.g. all their own design engineers running cad software).
actually, with amd's release of a 64-bit processor, that would leave intel as the only major cpu manufacturer without a "popular" (desktop, say) processor: ppc, amd64, sparc ... its the 386 all over again.
Since they aren't in the dram memory business, they don't much care what the standard is as long as there is cheap fast memory that can keep up with their CPU's. Having the next standard get tied up in the courts and royalty problems wasn't going to do them any good.
hehe. sounds almost revolutionary, except for the fact that this is what the whole standards process here was supposed to be in the first place. (unlike, say, the gsm/w-cdma nonsense.)
How many people need 3 ghz to do a little word processing and web surfing?
hehe. i'd take one hehe. i was really debating getting an amd-64 a few months ago when my motherboard fried, but i settled on a nice cheap e-machines box for under $600, and took what i saved and put it into a nicd big lcd monitor. really worth it. (although i still want to have *2* lcd monitors. but when the prices come *way* down.)
hunh?
Separately, the Labor Department, citing "unexpected" statistical difficulties in preparing its Producer Price Index for January, said that it has indefinitely postponed release of the data, originally scheduled for Thursday morning. The department's Bureau of Labor Statistics said it was having problems converting some categories to a new classification system and is putting off the release until the problem is solved. Officials said the delay won't affect Friday's scheduled release of the monthly Consumer Price Index.
"Now they have to play catchup with AMD."
which is actually good for the rest of us. x86-64 will kill itanium, and we'll have a new generation of processors that will compatible with amd processors (not to mention older intel processors), keeping prices restrained.
for you, federal reserves from the economist.
The coming storm
Feb 17th 2004
From The Economist Global Agenda
Banks are risking ever more of their own money in search of returns. Have they really learned nothing?
IN THE autumn of 1998, Buttonwood was at a conference organised by Credit Suisse First Boston in—appropriately enough—Monte Carlo, when Allen Wheat, the then head of the investment bank, stood up after dinner and delivered a breathtaking mea culpa. Some sort of apology certainly seemed in order given the huge sums the bank had just lost from extravagant punts on Russia in particular and financial markets in general. The bets went spectacularly wrong after Russia defaulted, financial markets went berserk, and Long-Term Capital Management (LTCM), a very large hedge fund, had to be rescued by its bankers at the behest of the Federal Reserve. CSFB eventually admitted to losses of $1.3 billion, though the bank's official figures and the numbers bandied about by insiders were somewhat at variance. To cut to the chase: had they Mr Wheat's balls, Buttonwood thinks that the bosses of many a big bank will be making a similar speech before the year is out.
The reason is simple: the size of banks' bets is rising rapidly the world over. This is because potential returns have fallen as fast as markets have risen, so banks have had to bet more in order to continue generating huge profits. The present situation “is not dissimilar” to the one that preceded the collapse of LTCM, says Michael Thompson, a strategist at RiskMetrics, a consultancy that specialises in the very risk-management models that banks use. Like LTCM, banks are building up huge positions in the expectation that markets will remain stable. They are, says Mr Thompson, “walking themselves to the edge of the cliff”. This is because—as all past financial crises have shown—the risk-management models they use woefully underestimate the savage effects of big shocks, when everybody is trying to wriggle out of their positions at the same time.
Even the banks themselves admit that they are taking more risk. Though they do not divulge the size of their positions, or in which markets they are concentrated, the degree by which those positions have grown can be gleaned from the risk-management models that all the big banks use (which are released in their financial statements). So-called value-at-risk (VAR) models determine the amount of capital that banks must set aside against their trading positions, and purport to show how many millions of dollars a bank might lose should markets turn against it. If its VAR is rising, a bank is, in effect, taking more trading risk—and VARs have been climbing for just about all of the banks that dabble seriously in financial markets. The VAR at Goldman Sachs, which is known on Wall Street as a hedge fund with an investment-banking business on the side, has more than doubled. One of the bank's senior traders was even told recently that he must take still more risk.
Rest assured that he is far from the only one being told this at Goldman Sachs, or anywhere else for that matter, even though it was only a few years ago that many banks specifically eschewed punting as a good way to make money. Earlier this month UBS, a big Swiss bank, said that “with markets and investor sentiment starting to improve” it would gradually increase credit and trading risks. Even the likes of Citigroup, which stopped explicitly trading for its own account a few years back, and HSBC, a bank that used to think of trading as rather common, both announced recently that they too are increasing the amount of trading they do with their own money. Having previously scaled back its own trading, CSFB is also now increasing the amount of money it devotes to trading, though it claims that it will no longer “bet the ranch”. Allied Irish Banks, which you might have thought had had more than its fair share of trading fiascos, having lost nearly $700m thanks to activities of John Rusnak, one of its foreign-exchange traders, is trying to hire another 20 traders in Dublin.
VAR crash
Of itself, VAR is not the best guide to the huge size of banks' current positions. In simple terms, these models assess the amount of risk that a bank is taking by looking at the volatility of the assets it holds and the correlation between them (the less correlation the better). In that way, banks can see how much they might lose were these bets to sour. A cynic would say that such models thus purport to measure an uncertain relationship between lots of uncertainties.
Crucially, if markets become less volatile, banks can pile on more positions and still have the same VAR. With the exception of Treasuries, markets have indeed become much less volatile—volatility has roughly halved in many financial markets over the past year-and-a-half; equity markets are now less volatile than they have been for a decade. Roughly speaking, if markets are half as volatile, banks' positions can be twice as large for the same amount of capital. But since VARs have in fact risen, some banks' positions are probably three times what they were in the autumn of 2002.
Or at least the ones they have on their balance sheets. For banks have been increasing their trading exposures in other ways, too. The most notable is via direct investments in hedge funds, often those set up by traders who used to work for the banks themselves. Chemical Bank, now part of J.P. Morgan Chase, started the trend 15 years ago. Now, almost all big banks invest their own capital in hedge funds. Citigroup may have shut down its “proprietary” trading operations five years ago (temporarily, it now transpires) but it invested a few hundred million dollars of its money in a hedge fund set up by those proprietary traders. Earlier this month, Deutsche Bank announced that it was also investing $1 billion in a hedge fund run by its erstwhile traders. J.P. Morgan Chase is thought to be the most generous in doling out its cash, but CSFB, Goldman Sachs, Lehman Brothers and BNP Paribas also invest hundreds of millions of dollars of their shareholders' money in hedge funds.
In total, banks have invested many billions of dollars in such funds. The reason, apart from an understandable desire to invest money with good traders, is that the money invested in this way is counted as an investment, and not as a trading position, so is not included in the banks' own trading books. Most of the money that banks invest has gone into hedge funds that specialise in bonds and other sorts of fixed-income instruments. Like the banks, hedge funds have been leveraging up their exposures to markets.
All of which is splendidly profitable, as long as markets behave themselves. But the strategy puts banks and hedge funds alike at huge risk if markets suffer a severe shock—a far more common occurrence than banks allow for. Their models (and, yes, hedge funds use VAR models as well) assume a certain level of losses for moves of a given magnitude. The problem comes for the tiny number of crises when markets move much more and, to add insult to injury, banks' assumptions about the diversity of their portfolios are shown to be wrong. In other words, the models, says one regulator with a chuckle, are of least use when they are most needed.
By regulatory fiat, when banks' positions sour they must either stump up more capital or reduce their exposures. Invariably, when markets are panicking, they do the latter. Since everyone else is heading for the exits at the same time, these become more than a little crowded, moving prices against those trying to get out, and requiring still more unwinding of positions. It has happened many times before with more or less calamitous consequences.
It could well happen again. There are any number of potential flashpoints: a rout in the dollar, say, or a huge spike in the oil price, or a big emerging market getting into trouble again. If it does happen, the chain reaction could be particularly devastating this time. Banks and hedge funds have increased their exposures most to those markets that they are least able to get out of. Think, if you will, of the extraordinary rise in the price of emerging-market debt and junk bonds. “I used to sleep easy at night with my VAR model,” said Mr Wheat in his speech in Monte Carlo. Suffice to say that he suffered a sleepless night or two when that model was found wanting—and that bank bosses could be in for many a sleepless night this year.
hmm. well dollar down big has generally gone hand in hand with market up ... at least since the summer it has.
:-P
ftse's on a tear. though it looks like the big movers are just vodaphone and reuters.
did anything special happen around 2:30? the dollar dropped pretty sharply then, and has continued down ~0.5
someone the other day was saying that the leak of msft source code wasn't anything serious. here's an example of why that's likely not true. someone's already found a (pretty cool!) exploit, albeit only for explorer 5.0. but its pretty dangerous: it will execute arbitrary code on your computer by loading an image (.bmp) in IE.
Microsoft Internet Explorer Integer Overflow in Processing Bitmap Files Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID: 1009067
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Feb 15 2004
Impact: Execution of arbitrary code via network, User access via network
Exploit Included: Yes
Version(s): 5 (6 is reportedly not vulnerable)
Description: A vulnerability was reported in Microsoft Internet Explorer (IE) version 5. A remote user can execute arbitrary code on the target system.
It is reported that a remote user can create a specially crafted bitmap file that, when loaded by IE, will trigger an integer overflow and execute arbitrary code.
The author states that this flaw was found by reviewing the recently leaked Microsoft Windows source code. The flaw reportedly resides in 'win2k/private/inet/mshtml/src/site/download/imgbmp.cxx'.
The report indicates that IE 5 is affected but that IE 6 is not affected.
A demonstration exploit is provided in the Source Message [it is Base64 encoded].
NTT Develops Stamp-Size 1GB Hologram Memory
February 16, 2004 (TOKYO) -- Nippon Telegraph and Telephone Corp (NTT) announced on Feb 12 that it has developed a prototype of a new high-capacity memory storage device, designed with a multi-layered waveguide structure and based on thin-film holography.
http://neasia.nikkeibp.com/wcs/leaf?CID=onair/asabt/news/290920
whoops. you're late :-P
tell her that's what the lobster was for ...
hehe. i guess not too many really investigate ancient anatomy. but the spleen used to be the "seat of emotions", the way we talk of "the heart" nowadays. (how fitting, for valentine's day.) except that it was typically the darker, more violent ones.
and this is what u get from reading the footnotes on shakespear plays. (well, endnotes.)
Word SPLEEN (SPLEEN) n.
Definition --n. 1. a. One of the largest lymphoid structures in human
beings, a visceral organ composed of a white pulp of lymphatic
nodules and tissue and a red pulp of venous sinusoids in a
framework of fibrous partitions lying on the left side below the
diaphragm, functioning as a blood filter and to store blood. b.
A homologous organ or tissue in other vertebrates. 2. Obs. a.
The seat of emotions or passions. b. A whim; caprice. 3.
Archaic. Melancholy. 4. Ill temper.
spleeny --adj.
Etymology ME splene < OFr. esplen < Lat. splen < Gk splen.
Domain Everyday conversation
I suspect the next salvo will target state pension and retirement funds.
its kinda odd. i remember during the last 3 years, there would be these rallies in the fall when everyone would write that it was "pension fund rebalacing", by buying stocks to keep a fixed allocation. wouldn't they have been doing just the opposite during this year's rally?
hmmm. 64-bit isn't going to buy you much on the desktop until you need more than 2GB memory. performance will actually lag equivalent 32-bit machines. (that and, unless you're running linux, the version of windows you'd be buying has to be the server version which is considerably more expensive .... at least it was a couple months ago.) that's part of the reason that my own recent purchase was a 32-bit amd machine, rather than the 64. (that, and that i could get 2GHz for cheap
weekend readings.
marc faber. "be contrarian: long the dollar and short the u.s. markets"
http://www.ameinfo.com/news/Detailed/34444.html
stephen roach: outsourcing again.
http://www.morganstanley.com/GEFdata/digests/latest-digest.html#anchor0
bbc. case in point: outsourcing medical treatment.
http://news.bbc.co.uk/2/hi/south_asia/3467105.stm
trinq climbing fast
well, that "ppt" bit wasn't quite about the existence of a conspiracy/plan, but rather about the prevalance of the belief that the markets are safe and risk-free until after the election. which is pretty much true: i mean, i noted that a couple weeks ago right after the last barrons' roundtable came out, since that was a common theme (although there not tied to elections as much as just '04 vs '05).
nice exercise in pattern matching:
http://www.financialsense.com/Market/wrapup.htm
dow 1930's vs nasdaq. joan crawford vs michael jackson.
hmm. so is this a wedge or a strong trend ... ?
http://www.washingtonpost.com/wp-srv/politics/daily/graphics/bush_approval_021204.html
re doesn't matter (msft code leak).
some have access, but that's under various nda's. true, its not like anyone is going to be able to engineer a windows competitor from this - those already exist anyway, and its just easier to break the binary ...
the danger is from security: e.g. now you can go and dredge the code for fixed size buffers and find out how big they are, etc, potential stack overflows, whatever.
(in contrast, note that linux code has been accessible for a long time. however, because of that, its been made more bulletproof over years.)
Microsoft Confirms Windows Code Leak
By Brian Krebs
washingtonpost.com Staff Writer
Thursday, February 12, 2004; 10:38 PM
Microsoft Corp. on Thursday confirmed that the source code for two versions of its Windows operating system has been leaked, a security breach that could give hackers important intelligence about how to exploit flaws in software run by most of the world's computers.
"Today we became aware that incomplete portions of Windows 2000 and NT 4.0 source code was illegally made available on the Internet," said Microsoft spokesman Tom Pilla. "It's illegal for third parties to post Microsoft source code and we take that activity very seriously."
Pilla said the company does not know how much of the operating system code was compromised, but he said Microsoft believes it was not a complete version of either operating system.
There was no indication that the code was stolen through a breach of the Redmond, Wash.-based company's internal network, Pilla said. He said the FBI is investigating the matter.
Computer security experts said the release of Windows source code could pose a significant threat to Internet security, depending on what portion of the code was leaked.
A leak of any portion of the Windows code "could dramatically increase the probability that new zero-day vulnerabilities will be found," said Alan Paller, director of research the SANS Institute, a security training group based in Bethesda, Md.
"Zero day" exploits are highly effective attacks that occur when hackers discover a way to exploit a security vulnerability before or at the same time as a software maker learns of the flaw. Attackers can then use this information to launch a virus or worm that exploits the security hole before a patch can be released to fix the problem.
Thor Larholm, senior security researcher at Newport Beach, Calif.-based PivX Solutions, said the Windows source code file being traded on the Internet appears to be roughly 660 megabytes in size, about the size of one CD-ROM's worth of data. That is far short of the estimated 40 gigabytes of data that makes up the entire 40 million lines of code in the Windows operating system.
Even a partial leak "is a potentially very serious problem for Microsoft," Larholm said. "Just look at the vulnerabilities that are discovered by people who didn't have access to the source code."
Howard Schmidt, former head of security at Microsoft, said he was less concerned about the security implications of the leak than its potential threat to Microsoft's intellectual property.
"From a security standpoint, this is sort of like capturing a 1956 Russian fighter jet," he said. "Everyone has been beating on Windows 2000 and NT for a long time, and any flaws that may be found have likely been fixed long ago. Frankly, I'd be more worried that someone was going to use this as a base for developing software or another operating system based on Microsoft's proprietary code."
Schmidt left Microsoft in December 2001 to work as a cyber-security official in the Bush administration. He is currently chief security officer at online auction giant eBay.
Microsoft closely guards the computer code that comprises the company's operating system. But Microsoft does license portions of its programming code to security researchers and more than 50 universities under its "Shared Source Initiative."
Microsoft last year said it would began sharing complete copies of its source code with governments around the world that want to validate the security of the software before deploying it in national defense and other sensitive areas. Microsoft signed an agreement in 2003 that lets the Australian government inspect the source code of Windows 2000, Windows XP and Windows Server 2003. Other counties, including India, are exploring similar arrangements.
Unlike open-source software like the widely used Linux operating system, the code comprising Microsoft's Windows software is not open for public inspection. Linux users are encouraged to participate in an open, continuous cycle of modifications and upgrades that its proponents say results in systems that are more secure and reliable than those powered by proprietary code like Windows.
msft, from neowin:
Neowin has learned of shocking and potentially devastating news. It would appear that two packages are circulating on the internet, one being the source code to Windows 2000, and the other being the source code to Windows NT. At this time, it is hard to establish whether or not full code has leaked, and this will undoubtedly remain the situation until an attempt is made to compile them. Microsoft are currently unavailable for comment surrounding this leak so we have no official response from them at the time of writing.
This leak is a shock not only to Neowin, but to the wider IT industry. The ramifications of this leak are far reaching and devastating. This reporter does not wish to be sensationalist, but the number of industries and critical systems that are based around these technologies that could be damaged by new exploits found in this source code is something that doesn't bare thinking about.
We ask that for the wider benefit of the IT community that members and readers support Microsoft by forwarding anything they know about the leak to the Microsoft's Anti-Piracy department.
Please do not post any links/screenshots/hints or anything to do with the source code outbreak. Discussion is allowed but we will not condone people spreading this source code.
Japan is the only market that still looks attractive. Has lagged global markets greatly the last few months and should catch up before long.
but, do you think it'll do so while they're still maintaining this policy of holding down the yen? (yes, us$ is going down too, but japanese are buying them and with them buying us securities ...)
"Thanks TJ on the SUNW. 'Course I have no idea what it means...lol"
i think it just means: reports of sunw's demise have been exaggerated
alot happening with sunw on the tech front. e.g.
http://www.theregister.co.uk/