BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MS WMF is a Backdoor, Not a Coding Mistake

Subject: MS WMF is a Backdoor, Not a Coding Mistake
From: crschmidt at crschmidt.net (Christopher Schmidt)
Date: Fri, 13 Jan 2006 14:26:47 -0500
In-reply-to: <200601131352.20093.gaf@blu.org>
References: <200601131352.20093.gaf@blu.org>

On Fri, Jan 13, 2006 at 01:52:19PM -0500, Jerry Feldman wrote:
> From Groklaw: http://www.groklaw.net/
> Steve Gibson: MS WMF is a Backdoor, Not a Coding Mistake
> Friday, January 13 2006 @ 11:18 AM EST
> 
> Those of you using Microsoft Windows 2000 or XP will want to follow this 
> story: Steve Gibson has examined WMF and he now believes it was 
> deliberately coded. It looks to him that Microsoft put a backdoor into 
> Windows, which can be triggered even if Active X is turned off and security 
> is at high. It could be a renegade coder, he says, but it's not, in his 
> view, bad design or a mistake.

And I thought Microsoft was good at FUD.

I've listened to Gibson's podcasts for the past month. Every one has
some kind of ridiculous statement - from associating .cc with Vancouver,
to stating that he thinks that the WMF hack "might" go back as far as
Win98 when it was already published that it went back much farther than
that, to the Windows 3.x days.

Every single one of his podcasts has seemed a day late and a dollar
short. He reminds me far too much of a couple of friends of mine who
want to know so much about technology that they just start making things
up to get *somewhere*. The difference is, these friends aren't in
positions of making widely repeated statements about computer security.

I have a feeling if I trusted all my security to Steve Gibson, I'd still
be suffering the same exploit and virus levels I did when I trusted my
security to an unprotected Windows install.

(In case it isn't clear, I highly disagree with his assessment. This
feature of WMF was coded *15 years ago* -- security may have existed
somewhere, but the idea that executable code in file formats was a bad
thing was simply unheard of in the MS world, so far as I can tell.)

-- 
Christopher Schmidt
Web Developer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.blu.org/pipermail/discuss/attachments/20060113/ad38d240/attachment.sig>

Follow-Ups:
- MS WMF is a Backdoor, Not a Coding Mistake
  - From: gaf at blu.org (Jerry Feldman)

References:
- MS WMF is a Backdoor, Not a Coding Mistake
  - From: gaf at blu.org (Jerry Feldman)

Prev by Date: MS WMF is a Backdoor, Not a Coding Mistake
Next by Date: MS WMF is a Backdoor, Not a Coding Mistake
Previous by thread: MS WMF is a Backdoor, Not a Coding Mistake
Next by thread: MS WMF is a Backdoor, Not a Coding Mistake
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org