Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Debunking the WMF backdoor
Thomas C. Greene, 2006-01-23

Claims that the WMF vulnerability was an intentional backdoor into Windows systems makes for an interesting conspiracy theory, but doesn't fit with the facts.

Comments Mode:
Debunking the WMF backdoor 2006-01-23
Rick Luther
What?s with all the personal attacks? Microsoft Windows contains millions of lines of source code contributed by thousands of people. You can't tell me with any certainty why a developer put in certain code!

It is probably not an intentional back door by Microsoft, but everyone has made mista...

[ more ]  [ reply ]
Finally Someone said it... 2006-01-24
Jon Hash
This should be on the front page of every security site for a day or two to calm the idiot world down....

[ more ]  [ reply ]
Debunking the WMF backdoor 2006-01-24
assurbanipal (1 replies)
In fact the problem is much worse than erroneously prophesyzed in Gibson's nightmares. Had it been a real backdoor, it would had implied purposeful intent and control (though, obviously, malicious). Rather, the mess is largely due to careless coding, and is only the last of a score of horrendous vul...

[ more ]  [ reply ]
Re: Debunking the WMF backdoor 2006-01-30
Alexey Vesnin
But why do we regulary USE a closed-source insecure OS? Why not make our choice to Open-Source ones? The answer is much more simple than the question itself - Windowsi is targeted for a common IDIOT, not for a intellectual user. If you want YOUR OWN system tunings - it's already available in Unix'es...

[ more ]  [ reply ]
Debunking the WMF backdoor 2006-01-24
Anonymous
And, so now we have the rest of the story... Well presented rebuttle, and one sorely needed....

[ more ]  [ reply ]
Debunking the WMF backdoor 2006-01-24
Anonymous
"Microsoft still encourages users to run Windows as administrators, because it believes that logging in is too much trouble for the average point-and-drool civilian."

I would not say they "still" encourage this as documented here:

http://www.microsoft.com/athome/security/online/logoff_admin
_ac...

[ more ]  [ reply ]
Debunking the WMF backdoor 2006-01-24
Anonymous
The author seems to be debunking Steve Gibson, and not the intention of the WMF exploit.
Intent always defines if something is right or wrong, this article does not disprove nor does
it prove that WMF was intentionally put in, I believe Microsoft intentionaly leaves some
of these exploits in... W...

[ more ]  [ reply ]
Debunking the WMF backdoor 2006-01-24
ScuzzMonkey (1 replies)
While I don't necessarily disagree with the assessment of Gibson, and I find the conspiracy theory itself difficult to believe, this isn't much of a debunking... I just finished listening to the Security Now podcast in which he details his appreciation of the vulnerability, and this article's author...

[ more ]  [ reply ]
Re: Debunking the WMF backdoor 2006-01-25
Ikester
Hear, hear!!

Gibson claimed it was done intentionally, not that it was vetted by MS management ... though he suggested that was the most likely explanation. He later admitted he shouldn't have called it a "back door".

This author seems more interested in slamming Gibson than in laying out ho...

[ more ]  [ reply ]
Debunking the WMF backdoor 2006-01-24
ScuzzMonkey (2 replies)
Incidentally, Mark Russinovich's debunk post on Sysinternals is more thorough, better informed, and less vitriolic than this--I highly recommend reading it for a better understanding of the issue....

[ more ]  [ reply ]
Re: Debunking the WMF backdoor 2006-01-24
Kelly Martin (1 replies)
It is a good read. Here's the link: http://www.sysinternals.com/blog/2006/01/inside-wmf-backdoor
.html

Regards,

Kelly Martin...

[ more ]  [ reply ]
Re: Re: Debunking the WMF backdoor 2006-01-25
Steve Bostedor
I agree, that article is far more thought out. I believe that Gibson is one of those guys that loves attention and lives for the day when he can "discover" something and let everyone know before anyone else. It makes him feel smart and important.

We all have a tinge of that in us but he seems t...

[ more ]  [ reply ]
Re: Debunking the WMF backdoor 2006-01-25
elMurado
rk's post:
>>
Even still, the question remains as to why WMF files implement the SetAbortProc GDI function at all. My belief is that Microsoft developers decided to implement as much as the GDI function-set as possible. Including SetAbortProc makes sense for the same reason that abort procedures f...

[ more ]  [ reply ]
Debunking the WMF backdoor 2006-01-25
Anonymous (1 replies)
Hi,

You too have failed at "Debunking the WMF backdoor". All you offer is Gibson's past track record. You offer no proof that that WMF is not a
backdoor. It could have been discovered as a security hole but left un-patched on purpose, as a backdoor. Did you know that the American Federal
...

[ more ]  [ reply ]
Re: Debunking the WMF backdoor 2006-01-27
Penguinisto
Oy, Vey... got enough tinfoil packed tightly on that skull of yours?

The most likely explanation for leaving it open is legacy support for 3rd-party programs that handle WMF files - _if_ there was any decision made by MSFT coders on SetAbortProc() at all.

The MSFT/DSA key deal you referred t...

[ more ]  [ reply ]
Mr. Greene, I wouldn't be surprised if you get sued for this. 2006-01-25
Roger (2 replies)
Not only is your article an unnecessarily vitriolic attack on Gibson personally (something you have, of course, been doing for several years now), but many of the points you use to make that attack are wrong, and could have been easily seen to be wrong if you had bothered to read the interview which...

[ more ]  [ reply ]
Re: Mr. Greene, I wouldn't be surprised if you get sued for this. 2006-01-27
Anonymous
ROFL ("popinjay expert") nice and perfect, just the way Gibson was known...heheeh! I remember Caroline :-)...

[ more ]  [ reply ]
Re: Mr. Greene, I wouldn't be surprised if you get sued for this. 2006-01-30
Anonymous (1 replies)
That's what Gibson's article says today. Use one of the sites that keeps archives of his site, to see the original. A good site for that is the way back machine (www.archive.org)....

[ more ]  [ reply ]
Re: Re: Mr. Greene, I wouldn't be surprised if you get sued for this. 2006-02-01
Roger
Nonsense. First, there is no "Gibson's article", it's a podcast audio interview/chat session of Gibson by Tech TV. Gibson's site just provides written transcripts and an MP3 archive of the podcasts.

Second, there are probably several zillion locally cached copies of the podcast out there now, inc...

[ more ]  [ reply ]
Gibson is an idiot 2006-02-09
Anonymous
He's nothing but bluster and bullspit. Simple question - if Gibson is so damn smart, why won't he submit any of his "research" to public forums for analysis? Why is NONE of his "data" had ANY peer-review?

There is a simple answer. Educated and skilled people laugh at Gibson. He's a fraud. And an...

[ more ]  [ reply ]
Your mistake 2006-05-30
henriko
> he mistakenly believed, WMF outputs to a screen

Thats no mistake. WMF DOES OUTPUT TO THE SCREEN. Both Internet Explorer och Explorer does draw WMF on the screen.

And why always call code insertet thru the ABORTPROC-function? A function made to be used IF one like to abort the drawing/printin...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus