Microsoft deliberately designed a Windows MetaFile Backdoor?

Printable View

Show 40 post(s) from this thread on one page

January 14th, 2006, 04:25 AM
imadreamer2

This is a very interesting mp3 type interview with Steve Gibson.

Steve Gibson says the vulnerability was as if MS delibirately put it in there and was discovered by others to exploit it.

http://media.grc.com/sn/SN-022-lq.mp3

Mp3 file of about 4.6 Mb. 39 minutes. I havent yet seen the text version for download yet.
January 14th, 2006, 05:17 AM
SpywareDr

A link to the Transcript (text) and the mp3 is in the first message in this thread: http://www.grc.com/sn/SN-022.htm
January 14th, 2006, 03:58 PM
Welshjim

Steve Gibson is working on his own fix
http://www.grc.com/wmf/wmf.htm
But I understand he does not think it really is ready for use by the general public yet.
January 14th, 2006, 07:59 PM
Tuttle

Given how much Gibson has managed to get wrong about this so far, I'm not sure I'd trust whatever he comes up with anyway. :)
January 20th, 2006, 08:02 AM
SpywareDr

Update

M.I.C.E. -- Metafile Image Code Execution
http://www.grc.com/wmf/wmf.htm
January 20th, 2006, 03:10 PM
Welshjim

This is, of course, a diagnostic tool and not a fix. Wonder if it is any different or better than the one Ilfak Guilanov posted some weeks ago.
This also seems to be the successor to Gibson's KnockKnock.exe.
January 20th, 2006, 03:13 PM
poppy4

I've used them both....kind of like getting a second opinion...:)
January 23rd, 2006, 04:52 AM
A31Chris

Quote:

Originally Posted by Tuttle

Given how much Gibson has managed to get wrong about this so far, I'm not sure I'd trust whatever he comes up with anyway. :)

Yeah he's a fear monger for sure. And I'm convinced he's on ZA's payroll and most likely was the one who created the Witty Worm. If he is on ZA's payroll, the more fear he created about security the more business ZA gets.

But on the other hand there's M$. Like being stuck between two devils.

Hubba hubba hubba. Who do ya trust?
January 25th, 2006, 08:04 PM
SuperSparks

Well there's no mincing of words here :eek:

Windows backdoor rumour is bunk
January 26th, 2006, 10:06 AM
SpywareDr

Wow, n-a-i-l-e-d his @5$$ to a tree!

Quote:

The rumor began when popinjay expert Steve Gibson examined an unofficial patch issued by Ilfak Guilfanov, and, due to his lack of security experience, observed behavior that he could not explain by means other than a Microsoft conspiracy.
...
Gibson could not imagine why WMF rendering should need the SetAbortProc API, since, as he mistakenly believed, WMF outputs to a screen, not a printer. In fact, it can output to a printer as well. But following Gibson's erroneous assumption, the question arose: what would be the point of polling the process and allowing the user, or application, to cancel it?

Having exhausted his imagination on that score, he concluded that there's no good reason for SetAbortProc to be involved in handling metafiles. The more logical explanation, Gibson reckoned, was that someone at Microsoft had deliberately back-doored Windows with this peculiar little stuff-up. And besides, the idea of compromising a computer with an image file seemed quite cloak-and-dagger, adding to the supposed "mystery."
...
Here Gibson takes his preferred route to getting the ink that he craves: technobabble and innuendo. He can't prove anything (technically, he hasn't got the chops), so he lurks in the gray area between fact and fiction, and generates torrents of fear, uncertainty, and doubt.

The FUD Olympics

Gibson has a bad track record: a history of latching onto arcane issues that he doesn't fully understand and can never prove, and converting his limited understanding into fodder for the next internet melt-down.
...
The WMF backdoor very much in keeping with Gibson's history of getting security matters a bit wrong, filling the gaps in his understanding with technobabble, and hyping the actual matter out of all reasonable proportion in his neverending quest of ink.

And here, much as we regret it, we've given him even more ink. We can only hope that it dispels the ridiculous rumor that Gibson has propagated, and thus will do more good than harm.

Sheesh! Wonder if Gibson's seen the article?

--

And finally, to sum up this purported WMF "Backdoor", according to "The Register":

Quote:

... Microsoft doesn't need this as a back door; it already has one: Windows Automatic Update. It's got Windows boxes phoning home without user interaction, identifying themselves, and downloading and installing code in the background. Technically speaking, it would not be difficult for the company to pervert this process subtly, and effectively, to target certain machines for malware. But naturally, there is no possibility that it ever will: its actually doing so would be detected, and proved, and the company would end up with the PR debacle of the century. So, yes, there is a back door in Windows, and no, it is not news.
January 26th, 2006, 01:15 PM
A31Chris

Someone oughta go to GRC's website and Email it to Steve. Make sure he gets it. ;)

I'll do it if no one else wants to. :D
January 26th, 2006, 04:48 PM
lgbpop

Quote:

I'll do it if no one else wants to.

Three cheers for Angus Bell-the-Cat! :D Preface the forward with a truly humble note.

Show 40 post(s) from this thread on one page