RE: Russinovich: Inside the WMF 'Backdoor'

["Richard M. Smith" <rms () computerbytesman com>]

Besides Microsoft already has a backdoor into most people's computer.  It's
called "Windows Update".  Other companies with update backdoors include
Apple, Real Networks, HP, adware companies, etc.

Richard 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Blanchard, Michael (InfoSec)
Sent: Thursday, January 19, 2006 1:58 PM
To: Fergie; funsec () linuxbox org
Subject: RE: [funsec] Russinovich: Inside the WMF 'Backdoor'

 
Well, not to fuel the conspiracy theory even more as I don't really think
that it's true, but...

  If I were to intentionally code something in, that is suppose to be *very*
covert, I would discretely code in that backdoor so it would look 100% like
an error or "flaw".  So all the "validation" that can be done will not
disprove that there isn't' a conspiracy.  Any statements from Microsoft or
the Government will also only fuel the conspiracy, as why would they
actually admit to coding in a backdoor that looked like a flaw....

   The only thing that Conspiracy theorists will actually believe is the one
crackpot that "used to work for Microsoft" or "used to work for the
government" that says to the press that he was part of the team that came up
with the code for this backdoor.  Perhaps this is the guy actually wrote the
GDI drivers, but is now looking for the limelight

  Conspiracies can never be disprove :-)

Michael P. Blanchard
Antivirus / Security Engineer, CISSP, GCIH, MCSE, MCP+I Office of
Information Security & Risk Management EMC ² Corporation 4400 Computer Dr. 
Westboro, MA 01580
email:  Blanchard_Michael () EMC COM 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Fergie
Sent: Thursday, January 19, 2006 10:19 AM
To: funsec () linuxbox org
Subject: [funsec] Russinovich: Inside the WMF 'Backdoor'

Mark writes over on the SysInternals blog:

[snip]

Steve Gibson (of SpinRite fame) proposed a theory in his weekly
Thursday-night podcast last week that if true, would be the biggest scandal
to ever hit Microsoft - that the Windows Metafile (WMF) vulnerability that
drew so much media attention last month is actually a backdoor programmed
intentionally by Microsoft for unknown reasons. Slashdot picked up the story
the next day and I received a flood of emails asking me to look into it. I
finished my analysis, which Steve aided by sending me the source code to his
WMF-vulnerability tester program (KnockKnock), over the weekend.

In my opinion the backdoor is one caused by a security flaw and not one made
for subterfuge. I sent my findings to both Steve and to Microsoft Monday
morning, but because the issue continues to draw media attention I've
decided to publicly document my investigation.

[snip]

Much more here:
http://www.sysinternals.com/blog/2006/01/inside-wmf-backdoor.html

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet  fergdawg () netzero net or
fergdawg () sbcglobal net  ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.