Microsoft deliberately designed a Windows MetaFile Backdoor?

SpywareDr · 2006/01/13

Security Expert Steve Gibson Says Microsoft Intentionally Put a Backdoor in Windows 2000 and XP. Film at 11.
Click to expand...

Transcript and PodCast mp3s:

http://www.grc.com/sn/SN-022.htm

TonyT · 2006/01/13

It's a good transcript of he & Leo's talk, but as Gibson himself said, he's not yet 100% certain about his claims that MS deliberately kept that backdoor in the Windows metafile functions. He has not completed his research yet. Right now, what he said should be considerted 100% hype & that's all.

SpywareDr · 2006/01/13

Hang out on SlashDot too do you?

Steve Gibson has been around a l-o-n-g time ... long enough to know better than to try and spew "100%" hype. Like he says though, "We will never have proof one way or the other because we will never know for sure what Microsoft's intentions were. "

It will be interesting to see how this one develops ...

http://news.google.com/news?hl=en&ned=us&q="steve+gibson"&btnG=Search+News

SpywareDr · 2006/01/13

Found this interesting. Wonder if Steve Gibson has seen it.

http://news.com.com/Microsoft+to+hu...g/2100-1002-6024778.html?part=dht&tag=nl.e433

Microsoft to hunt for new species of Windows bug
By Joris Evers
Staff Writer, CNET News.com
Published: January 9, 2006, 12:48 PM PST

Microsoft plans to scour its code to look for flaws similar to a recent serious Windows bug and to update its development practices to prevent similar problems in future products.

The critical flaw, in the way Windows Meta File images are handled, is different than any security vulnerability the software maker has dealt with in the past, Kevin Kean and Debby Fry Wilson, directors in Microsoft's Security Response Center, said in an interview with CNET News.com.

...

When WMF files were designed in the late 1980s, a feature was included that allowed the image files to contain computer code that could be executed on a PC, said Mikko Hypponen, chief research officer at Finnish security company F-Secure.

"This was not a bug; this was something that was needed at the time," Hypponen said. "It is just bad design, design from another era." The graphics file format was introduced with Windows 3.0 in early 1990. Executable code in the image file could help abort the processing of large images on the slow systems of yesteryear, security experts said.

"This should have been caught and eliminated years ago. "
--Neil MacDonald, analyst, Gartner

Ilfak Guilfanov, a European software developer who made headlines by beating Microsoft to the punch with a fix for the Windows flaw, agreed. "WMF was designed a long time ago, when information security was not considered an essential part of software design," he said.

...
Click to expand...

Arie · 2006/01/13

SpywareDr said:

Steve Gibson has been around a l-o-n-g time ... long enough to know better than to try and spew "100%" hype.
Click to expand...

It's better I don't comment on that...

SpywareDr · 2006/01/13

<big-grin>

Welshjim · 2006/01/14

Steve Gibson is working on his own WMF fix
http://www.grc.com/wmf/wmf.htm
But I understand, from his description, that he does not think it is ready yet for general use.

SpywareDr · 2006/01/20

Update

M.I.C.E. -- Metafile Image Code Execution
http://www.grc.com/wmf/wmf.htm

charlesvar · 2006/01/20

I see that Steve Gibson and Leo have climbed down from their original assertion that this was an intentional back door.

Reading minds is always tough

Regards - Charles

Whiskeyman · 2006/01/20

What a combo. A magic elixir salesman and a teleprompter reader.

charlesvar · 2006/01/20

Hi Whiskeyman,

A magic elixir salesman

I have a lot of respect for Steve Gibson's abilities, unfortunately the P.T. Barnum aspect of his personality gets the better of his judgement at times.

Leo I won't comment on.

Regards - Charles

Welshjim · 2006/01/20

As can be seen from posts #7 and #8 above, the link posted in #7 has morphed into the link for MICE diagnostic not a fix. (While under development it was called KnockKnock.exe.)
I have no idea whether MICE is any better than the diagnostic for WMF vulnerability offered by Ilfak Guilfanov several weeks ago. It probably would not hurt to use them both if you still have Ilfak's diagnostic.

Arie · 2006/01/25

This article sums it up pretty good:

http://www.theregister.co.uk/2006/01/21/wmf_fud_from_grc/

Contrary to a recent rumor circulating on the internet, Microsoft did not intentionally back-door the majority of Windows systems by means of the WMF vulnerability. Although it is a serious issue that should be patched straight away, the idea that it's a secret back door is quite preposterous.

The rumor began when popinjay expert Steve Gibson examined an unofficial patch issued by Ilfak Guilfanov, and, due to his lack of security experience, observed behavior that he could not explain by means other than a Microsoft conspiracy. He then went on to speculate publicly about this via a "This Week in Tech" podcast, and on his own web site. Slashdot grabbed the story, and the result is a fair number of Netizens who now mistakenly believe that the WMF flaw was created with malicious intent.
Click to expand...

SpywareDr · 2006/01/26

Yep, n-a-i-l-e-d his @5$$ to a tree!

... it also goes on to say:

...
Gibson could not imagine why WMF rendering should need the SetAbortProc API, since, as he mistakenly believed, WMF outputs to a screen, not a printer. In fact, it can output to a printer as well. But following Gibson's erroneous assumption, the question arose: what would be the point of polling the process and allowing the user, or application, to cancel it?

Having exhausted his imagination on that score, he concluded that there's no good reason for SetAbortProc to be involved in handling metafiles. The more logical explanation, Gibson reckoned, was that someone at Microsoft had deliberately back-doored Windows with this peculiar little stuff-up. And besides, the idea of compromising a computer with an image file seemed quite cloak-and-dagger, adding to the supposed "mystery. "
...
Here Gibson takes his preferred route to getting the ink that he craves: technobabble and innuendo. He can't prove anything (technically, he hasn't got the chops), so he lurks in the gray area between fact and fiction, and generates torrents of fear, uncertainty, and doubt.

The FUD Olympics

Gibson has a bad track record: a history of latching onto arcane issues that he doesn't fully understand and can never prove, and converting his limited understanding into fodder for the next internet melt-down.
...
The WMF backdoor very much in keeping with Gibson's history of getting security matters a bit wrong, filling the gaps in his understanding with technobabble, and hyping the actual matter out of all reasonable proportion in his neverending quest of ink.

And here, much as we regret it, we've given him even more ink. We can only hope that it dispels the ridiculous rumor that Gibson has propagated, and thus will do more good than harm.
Click to expand...

Sheesh! Wonder if Gibson's seen the article?

--

And finally, to sum up this purported WMF "Backdoor ", according to "The Register ":

... Microsoft doesn't need this as a back door; it already has one: Windows Automatic Update. It's got Windows boxes phoning home without user interaction, identifying themselves, and downloading and installing code in the background. Technically speaking, it would not be difficult for the company to pervert this process subtly, and effectively, to target certain machines for malware. But naturally, there is no possibility that it ever will: its actually doing so would be detected, and proved, and the company would end up with the PR debacle of the century. So, yes, there is a back door in Windows, and no, it is not news.
Click to expand...

Arie · 2006/01/27

SpywareDr said:

Sheesh! Wonder if Gibson's seen the article?
Click to expand...

I doub't it...

Look at http://grcsucks.com/

SpywareDr · 2006/01/28

<-grin-> Need a site like that for South Florida News. Seems like everything is a "Breaking Story" and/or "Exclusive ", and durn near every sentence ends with a slam!

"After the break, The Sun! "

"Next up, The Clouds! "

"Back in a few with Something moved! "

"Next up, No it didn't! "

Sheesh "!" And they wonder why people are abandoning TV for the 'Net?

Log in or Sign up

Microsoft deliberately designed a Windows MetaFile Backdoor?

SpywareDr SuperGeek WindowsBBS Team Member Thread Starter

TonyT SuperGeek Staff

SpywareDr SuperGeek WindowsBBS Team Member Thread Starter

SpywareDr SuperGeek WindowsBBS Team Member Thread Starter

Arie Administrator Administrator Staff

SpywareDr SuperGeek WindowsBBS Team Member Thread Starter

Welshjim Inactive

SpywareDr SuperGeek WindowsBBS Team Member Thread Starter

charlesvar Inactive Alumni

Whiskeyman Inactive Alumni

charlesvar Inactive Alumni

Welshjim Inactive

Arie Administrator Administrator Staff

SpywareDr SuperGeek WindowsBBS Team Member Thread Starter

Arie Administrator Administrator Staff

SpywareDr SuperGeek WindowsBBS Team Member Thread Starter

Share This Page

Log in or Sign up

Microsoft deliberately designed a Windows MetaFile Backdoor?

SpywareDr SuperGeek WindowsBBS Team Member Thread Starter

TonyT SuperGeek Staff

SpywareDr SuperGeek WindowsBBS Team Member Thread Starter

SpywareDr SuperGeek WindowsBBS Team Member Thread Starter

Arie Administrator Administrator Staff

SpywareDr SuperGeek WindowsBBS Team Member Thread Starter

Welshjim Inactive

SpywareDr SuperGeek WindowsBBS Team Member Thread Starter

charlesvar Inactive Alumni

Whiskeyman Inactive Alumni

charlesvar Inactive Alumni

Welshjim Inactive

Arie Administrator Administrator Staff

SpywareDr SuperGeek WindowsBBS Team Member Thread Starter

Arie Administrator Administrator Staff

SpywareDr SuperGeek WindowsBBS Team Member Thread Starter

Share This Page

Useful Searches