Re: Is The .WMF Exploit A ConsPiracy Gone Bad?

[Jonathan Glass <jonathan.glass () oit gatech edu>]

This seems rather complicated.  Time to shave a little off the top.

http://en.wikipedia.org/wiki/Occam's_Razor

Jonathan

Don Kennedy wrote:
> Here is my take on this. 
>
> 1. This Auto-Magical self-install Microsoft patch for this is an urban legend. 
>
> 2. That with enough investigation, by the right parties, it can or will be proven that Microsoft has created this for the FEDS! much like some PRINTERS have embedded serial numbers in their image output ("Which we also did not know about at first"). 
>
> 3. IF this causes a full blown extensive investigation, and the TRUTH is allowed to come out, I think the outrage will be something not seen in this country ever before. 
>
> 4. This ("Back Door") can/could be invoked via Email, HTML email, or via an email attachment, or even an IMAGE in a IM session, such as for example in Yahoo Messenger, where one is allowed to have a PHOTO of yourself ("A Drive-By Method of Installation") so when it was said in the Pod Cast that there would be a requirement to VISIT a web site this is not true. 
>
> If the proper investigation is done about this, IMHO, I think it can EASILY be proven that Federal Agencies have in fact USED this method ("A few MORE current and in-place back doors will be publicly admitted too as well") with and without the required paperwork, and that Microsoft actually provided instructions as to the use of these back doors to said agencies. 
>
> It CANNOT be accidental the the WRONG VALUE invokes code, which has NO way to communicate ("Easily") with the source that launched it, accidentally ("Note: while it also is being listed in Microsoft Documentation as LEGACY code") is carried even to Windows Vista. Even if somehow like in DNA, this was a one-in-ten-billion accident, it does NOT explain why this documented LEGACY code was carried over to Windows Vista, and MORE importantly this: 
>
> That WHEN Microsoft REMOVED this FUNCTIONALITY COMPLETELY from the Operating System, no Microsoft Product or application, no 3rd party code or application, no major client's or customers were impacted in ANY way! 
>
> If the INTENT of the SETABORTPROC parameter using the Escape procedure WAS to help with Printer failure logic? Where's the PAPER JAM? 
>
> So, is this the LEAST used LEGACY function accidentally carried from OS to OS since Windows 2000 which happens to be capable to LAUNCH and execute code remotely using ONLY the WRONG pa-rams ("Oh by the way, only if the WRONG value equals ONE, any other WRONG value, won't work") and the executed code within the wmf file cannot access ("easily") its own CONTEXT ("No need for that if the purpose is to deliver a stand-alone payload")? 
>
> The question then becomes, IF IT WAS SO IMPORTANT TO CARRY THIS LEGACY CODE EVEN TO WINDOWS VISTA.......... 
>
>
>   WHO WAS USING IT? ;-)   
>   More Here: http://testing.onlytherightanswers.com/modules.php?name=News&file=article&sid=36
>
>                 
> ---------------------------------
> Yahoo! Photos
>  Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.


--
Jonathan Glass, RHCE, Security+, Linux+, Network+
Information Security Engineer III
Office of Information Technology - Information Security
Georgia Institute of Technology
258 4th St NW, Atlanta, Georgia 30332-0700
Office: 404-385-6900 Fax: 404-385-2331
PGP Key ID: 0xAB50FF20
Fingerprint: 3CD2 1BC6 4485 720B AB45 FF3E 8B3B D6F5 AB50 FF20
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.