more on Steve Gibson: MS WMF is a Backdoor, Not a Coding Mistake

[David Farber <dave () farber net>]

Begin forwarded message:

From: Bob Frankston <Bob2-19-0501 () bobf frankston com>
Date: January 13, 2006 4:21:41 PM EST
To: dave () farber net, ip () v2 listbox com
Subject: RE: [IP] Steve Gibson: MS WMF is a Backdoor, Not a Coding  
Mistake

As one of the Groklaw commenters reminds us, Gibson also wanted to  
take out the raw sockets calls in Windows because he thinks that they  
are a security hole when removing them only creates the illusion of  
security.



Just reading his analysis, the WMF is a classic operating system bug  
– a callback from a protected context. Given that the code has been  
around for a long time and seemed to work I can understand  
overlooking it. Calling it a conspiracy is very strange. It’s not  
completely different from the more subtle bug in expanding JPG files.  
As to asking Microsoft to patch all old versions of Windows they did  
-- the patch is called XP.



I do appreciate his explanation even if I don’t agree with his  
conspiracy theory.



Ideally there would be no bit rot in the world but the solution is  
simplicity rather than a combinatorial explosion of systems mixed  
with patches.



Let’s not confuse naïve hindsight analysis with understanding – it  
makes it more difficult to address the issues.



It’s also important to realize that the processor is not the only  
execution engine – all applications are execution engines that apply  
polices. Befuddling them is a standard attack vector – especially  
when the execution engine is a clerk interpreting a baroque policy  
(such as cellular plans).



As noted in Schneier’s comments on identity – we can’t fix human  
factors attacks with a simple technical patch as Gibson seemed to  
want to do with raw sockets.



-----Original Message-----
From: David Farber [mailto:dave () farber net]
Sent: Friday, January 13, 2006 15:47
To: ip () v2 listbox com
Subject: [IP] Steve Gibson: MS WMF is a Backdoor, Not a Coding Mistake







Begin forwarded message:



From: Matt Manor <kingmanor () gmail com>

Date: January 13, 2006 12:54:39 PM EST

To: David Farber <dave () farber net>

Subject: Steve Gibson: MS WMF is a Backdoor, Not a Coding Mistake



Steve Gibson: MS WMF is a  Backdoor, Not a Coding Mistake



http://www.groklaw.net/article.php?story=20060113111825193



http://www.grc.com/sn/SN-022.htm



  Those of you using Microsoft Windows 2000 or XP will want to follow

this story:  Steve Gibson has examined  WMF  and he now believes it

was  deliberately coded.   It looks to him that Microsoft put a

backdoor into Windows, which can be triggered even if Active X is

turned off and security is at high.





-------------------------------------

You are subscribed as BobIP () Bobf Frankston com

To manage your subscription, go to

  http://v2.listbox.com/member/?listname=ip



Archives at: http://www.interesting-people.org/archives/interesting- 
people/



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/