Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: The Windows MetaFile Backdoor?. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

The Windows MetaFile Backdoor?
by Graham at 9:45 am EST, Jan 13, 2006

Leo and I carefully examine the operation of the recently patched Windows MetaFile vulnerability. I describe exactly how it works in an effort to explain why it doesn't have the feeling of another Microsoft "coding error." It has the feeling of something that Microsoft deliberately designed into Windows. Given the nature of what it is, this would make it a remote code execution "backdoor." We will likely never know if this was the case, but the forensic evidence appears to be quite compelling.

Recent podcast from GRC's Steve Gibson. If this is correct (And I'm not saying that it is - just thinking that is too scary), then it means that the WMF exploit was actually a deliberatly coded backdoor in the windows operating system. Surely this is the ultimate proof of why a closed source operating system can not be a safe one.


 
RE: The Windows MetaFile Backdoor?
by Decius at 12:16 pm EST, Jan 13, 2006

Graham wrote:
Recent podcast from GRC's Steve Gibson. If this is correct (And I'm not saying that it is - just thinking that is too scary), then it means that the WMF exploit was actually a deliberatly coded backdoor in the windows operating system.

The facts are correct, the interpretation is not. This was a deliberately coded feature, but it wasn't intented to be a remote code execution backdoor. Its code from back in they 80s when people had single user pcs and this kind of issue wasn't really well understood.


Chicken Little Lays Another Stinker
by Dagmar at 2:14 pm EST, Jan 13, 2006

Well, as if the embarrasment of having published more than one astoundingly stupid security non-vulnerability wasn't enough to teach him to keep his mouth shut, Steve Gibson (of the Gibson Research Corporation), part kook, part snake-oil salesman, has managed to come up with one that beats even the tinfoil hat wearing crowd.

To wit, he has decided that the WMF vulnerability is not actually a bug, but an honest to God planned back door in the code.


 
 
Powered By Industrial Memetics