funsec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Is The .WMF Exploit A ConsPiracy Gone Bad?

From: Larry/Spamhaus <lr () spamhaus org>
Date: Sat, 14 Jan 2006 00:11:43 +0000
At 10:14 AM 1/13/06 -0600, Todd Towles wrote:

> The Pod Cast was by Steve Gibson and can be heard here:
>
> http://media.grc.com/sn/SN-022-lq.mp3
>
> Curious, if after you listen to how explicit this works, how
> you will feel then?

Well is Steve Gibson an employee of Microsoft? As far as my simple
google search..no, but that is kinda beside the point. I haven't listen
to the MP3 but it would seem that if Gibson stated what you said, then
he was misformed, like many people were during that time. WSJ posted a
message about the new "Metasploit" virus. They confused the new
metasploit attack module and its use in a virus...while the metasploit
itself is a tool and a pretty good one. My point is that misinformation
was pretty big on the WMF event and it isn't suprising that some people
still have it wrong.

Of course, I know what I know from what I read...not sure where some of
these people are reading.. ;)
Well, with all this chat I had to take a listen. If Gibson's correct in just the basic facts, this is exactly how I'd toss a back-door into something. Little used file-type vector, remotely triggerable, plenty of "checks" to make sure only my properly crafted stream would invoke the code execution. Then again, it's also the way I'd put in debug hooks I'd try remember to remove before ship date. 

It'll just take one lawyer to smell blood and this'll be sorted out.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: