Monday, July 25, 2011

[ABOUT LEAKS] What I can tell from a simple mistake.

A while ago, Microsoft accidently leaked Tulalip. Some social network experiment that could be

If it was a smoke test, it was both cleverly planned and very silly at the same time.
Why? Because the timing would have been too obvious (15th of July, shortly after the Google+ launch).

Well Microsoft was already working on it since a while as a Google search reveals:

(the search results have already been removed in the meanwhile)

You can see several instances of the same application.
The Google cache shows me that the site was already crawled on the 27th of June 2011

The biggest rookie mistake was to forget to exclude the site from being crawled by using a simple robots.txt
(sorry for the hindsight, such things can happen, I know)
Another reference I found was the use of a free load-test (see here ) performed on the 17th of June 2011 for the domain

And now the pages just show plain and simple a message from (or on behalf of) the dev. team:

Furthermore there is one single very interesting fact:

The domain is the host for a warez page and.. surprisingly also the host of an older version of Microsofts social net.
Hm. Funny... the image-preview shows a different design and the original name of the social network...
Makes sense after the leak was discovered on has also some different footprints here on the web...

Ok ok, whatever... all this isn't so important.
More important is, what we can learn about Microsoft's way of testing and developing products.

Tulalip/Socl is basically a smaller project created by a small dev. group... creative, but not that experienced. I'd say they are mostly fresh from University or school.
If it were a well-funded project, it wouldn't have leaked in that way. They'd have security experts having an eye on the project... making sure that it isn't indexed by the Googlebot.

Furthermore, they'd consider a different way of testing their software than to just use a free load-test somewhere on the web that compromises the security of your project by posting the URL and the results on the web.

Microsoft would have it's own testing software for that...

Too many rookie-mistakes for a well experienced dev-team or a project with a big budget.

Microsoft has most likely multiple small groups working on different projects, all hosting on (I guess some kind of AppEngine made by Microsoft, hosting .net projects)

There are two subdomains I found on, referring to Socl/Tulalip:


I guess one was the testing version and the other one was the dev-version.
So, if someone interested in leaks might want to hunt, the best way to get started is to analyze habits, best practices and procedures of a company or developers.
In this case I guess the hunt wouldn't make much sense as the group seems to be not really "into" or tied to company internal best practices... but, if I'd want to hunt for THEM, I'd try to find every possible subdomain on

It is highly unlikely that they have simply shut down the application. It is more likely that they moved/renamed the instance somehow (this would cause way less trouble than to move it to a completely different server)

My best guess is, that it is still hosted somewhere on I just have to wait for Google to index it again. (if they haven't learned from their mistakes... they are rookies)
The rename from socl to tulalip (even if they had the domain also tells me, that it is not a primary focus of Microsoft. (no money, no lawyers)

The reason why they had to rename it can be found here:

Yep.. Ooops. (dated 4th of July 2011)

Well... now I know where Microsoft might have leaks... I'm watching you.

And my other guess: they might set up a second serverfarm for internal development too... hmm.. we'll see.

BTW... Warez site? WTF? I hope the guy who upped the early build of socl has a very good explanation for that!
I like the design and I hope they don't slash the project just because of some... stupid mistakes.
I probably won't use it... but hey, it looks great :)

No comments:

Post a Comment