funsec mailing list archives
Russinovich: Inside the WMF 'Backdoor'
From: "Fergie" <fergdawg () netzero net>
Date: Thu, 19 Jan 2006 15:19:26 GMT
Mark writes over on the SysInternals blog: [snip] Steve Gibson (of SpinRite fame) proposed a theory in his weekly Thursday-night podcast last week that if true, would be the biggest scandal to ever hit Microsoft - that the Windows Metafile (WMF) vulnerability that drew so much media attention last month is actually a backdoor programmed intentionally by Microsoft for unknown reasons. Slashdot picked up the story the next day and I received a flood of emails asking me to look into it. I finished my analysis, which Steve aided by sending me the source code to his WMF-vulnerability tester program (KnockKnock), over the weekend. In my opinion the backdoor is one caused by a security flaw and not one made for subterfuge. I sent my findings to both Steve and to Microsoft Monday morning, but because the issue continues to draw media attention Ive decided to publicly document my investigation. [snip] Much more here: http://www.sysinternals.com/blog/2006/01/inside-wmf-backdoor.html - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Russinovich: Inside the WMF 'Backdoor' Fergie (Jan 19)
- Re: Russinovich: Inside the WMF 'Backdoor' Andre Ludwig (Jan 19)
- <Possible follow-ups>
- RE: Russinovich: Inside the WMF 'Backdoor' Blanchard, Michael (InfoSec) (Jan 19)
- RE: Russinovich: Inside the WMF 'Backdoor' Richard M. Smith (Jan 19)
- Re[2]: Russinovich: Inside the WMF 'Backdoor' Pierre Vandevenne (Jan 19)
- RE: Russinovich: Inside the WMF 'Backdoor' Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 19)
- RE: Russinovich: Inside the WMF 'Backdoor' Richard M. Smith (Jan 19)
- RE: Russinovich: Inside the WMF 'Backdoor' Greg Wroblewski (Jan 19)