funsec mailing list archives
RE: Russinovich: Inside the WMF 'Backdoor'
From: "Blanchard, Michael (InfoSec)" <Blanchard_Michael () emc com>
Date: Thu, 19 Jan 2006 13:58:23 -0500
Well, not to fuel the conspiracy theory even more as I don't really think that it's true, but... If I were to intentionally code something in, that is suppose to be *very* covert, I would discretely code in that backdoor so it would look 100% like an error or "flaw". So all the "validation" that can be done will not disprove that there isn't' a conspiracy. Any statements from Microsoft or the Government will also only fuel the conspiracy, as why would they actually admit to coding in a backdoor that looked like a flaw.... The only thing that Conspiracy theorists will actually believe is the one crackpot that "used to work for Microsoft" or "used to work for the government" that says to the press that he was part of the team that came up with the code for this backdoor. Perhaps this is the guy actually wrote the GDI drivers, but is now looking for the limelight Conspiracies can never be disprove :-) Michael P. Blanchard Antivirus / Security Engineer, CISSP, GCIH, MCSE, MCP+I Office of Information Security & Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 email: Blanchard_Michael () EMC COM -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Fergie Sent: Thursday, January 19, 2006 10:19 AM To: funsec () linuxbox org Subject: [funsec] Russinovich: Inside the WMF 'Backdoor' Mark writes over on the SysInternals blog: [snip] Steve Gibson (of SpinRite fame) proposed a theory in his weekly Thursday-night podcast last week that if true, would be the biggest scandal to ever hit Microsoft - that the Windows Metafile (WMF) vulnerability that drew so much media attention last month is actually a backdoor programmed intentionally by Microsoft for unknown reasons. Slashdot picked up the story the next day and I received a flood of emails asking me to look into it. I finished my analysis, which Steve aided by sending me the source code to his WMF-vulnerability tester program (KnockKnock), over the weekend. In my opinion the backdoor is one caused by a security flaw and not one made for subterfuge. I sent my findings to both Steve and to Microsoft Monday morning, but because the issue continues to draw media attention I've decided to publicly document my investigation. [snip] Much more here: http://www.sysinternals.com/blog/2006/01/inside-wmf-backdoor.html - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Russinovich: Inside the WMF 'Backdoor' Fergie (Jan 19)
- Re: Russinovich: Inside the WMF 'Backdoor' Andre Ludwig (Jan 19)
- <Possible follow-ups>
- RE: Russinovich: Inside the WMF 'Backdoor' Blanchard, Michael (InfoSec) (Jan 19)
- RE: Russinovich: Inside the WMF 'Backdoor' Richard M. Smith (Jan 19)
- Re[2]: Russinovich: Inside the WMF 'Backdoor' Pierre Vandevenne (Jan 19)
- RE: Russinovich: Inside the WMF 'Backdoor' Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 19)
- RE: Russinovich: Inside the WMF 'Backdoor' Richard M. Smith (Jan 19)
- RE: Russinovich: Inside the WMF 'Backdoor' Greg Wroblewski (Jan 19)