Bugtraq mailing list archives
Re: WMF vulnerability was a deliberate backdoor?
From: Mike Ely <me () taupehat com>
Date: Sun, 15 Jan 2006 13:42:50 -0800
Brooks, Shane wrote:
I've recently had my attention brought to a post from Steve Gibson in the grc.com forums, which contains the following quote: <snippet>The only conclusion that can reasonably be drawn is that this [setAbortProc procedure] was a deliberate backdoor put into all of Microsoft's recent editions of Windows.</snippet> full article here: http://www.grc.com/x/news.exe?cmd=article&group=grc.news.feedback&item=60006 thoughts?
Shane,What you read was classic Gibson: a thorough discussion of a technical problem, followed by a wild speculative jump regarding the motives of the people who wrote the code. He's been doing this for years, which is why you may notice folks here take a very jaded view of anything he says - ever.
In the specific case of his commentary on the WMV vulnerability, I have read the same writeup you have read, and what my read on it was that he was saying something like the following: "There's an unhandled exception that doesn't even need to be there in the first place, therefore it's a deliberate backdoor." To me, this just screams "Does Not Follow!" I've seen plenty of equally stupid mistakes coming from Redmond (and elsewhere) that didn't happen to result in remote code execution, but were nonetheless astonishingly dumb. For example, up until a couple days ago, you could make the error handler at ideas.live.com write all sorts of amusing stuff to their 404 page simply by appending it to the URL. Was it a security risk? Possibly, probably not. Was it really dumb? Duh.
So my take on Gibson's post can be summed up as follows: Interesting writeup on the problem, but he's come nowhere close to proving to me that the WMF vulnerability was deliberate. If he wanted to show me the sourcecode where it has a comment like "/* The following code is here at the behest of No Such Agency. Do not remove from future versions. */" I might start to consider the possibility of some dark conspiricy. As it stands, it just looks to me like Yet Another Dumb Screwup by Microsoft (YADSM).
Cheers, Mike Ely
Current thread:
- WMF vulnerability was a deliberate backdoor? Brooks, Shane (Jan 15)
- Re: WMF vulnerability was a deliberate backdoor? Denis Jedig (Jan 16)
- Re: WMF vulnerability was a deliberate backdoor? Steve Friedl (Jan 16)
- Re: WMF vulnerability was a deliberate backdoor? Mike Ely (Jan 16)
- Re: WMF vulnerability was a deliberate backdoor? Gadi Evron (Jan 18)
- <Possible follow-ups>
- RE: WMF vulnerability was a deliberate backdoor? Alex Eckelberry (Jan 16)