Slashdot Mirror

← Back to Stories (view on slashdot.org)

al Qaeda Hacks XP?

Posted by ryuzaki0 on from the conspiracy-theories-and-bears-oh-my dept.

acaird writes "According to this article at Newbytes, members of al Qaeda may have worked for Microsoft and planted "trojans, trapdoors, and bugs in Windows XP"." This stuff screams of hoax to me, but it is showing up on the Washington Post.

7 of 736 comments (clear)

  1. Re:score -1, redundant by Jburkholder · · Score: 3, Informative

    Well, they are rerpoting as fact that Mohammad Afroze Abdul Razzak is making these claims. Are they not supposed to print the story because what this guy is saying is almost certainly untrue?

    It would be different if they were reporting that there were *in fact* security bugs in XP planted by terrorists, based on the claims of one guy.

  2. Re:WARNING: THIS IS ADVICE TO TERRORISTS by gowen · · Score: 3, Informative

    I think you'll find that starting with a 5 gallon container might be considered cheating.

    ObSoln:
    Fill 7
    (Fill 3 from 7:Discard 3) twice
    Decant remaining 1 from 7 to 3.
    Fill 7. Top up 3 from 7, leaving 5 in 7.

    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  3. Re:not as easy as you might think - VERY EASY by Preylude · · Score: 3, Informative

    I have worked for several major software companies, including Microsoft, as a co-op.

    The standard practices at Microsoft do not include a lot of code review (even for a co-op). You could easily sneak stuff in there.

    That being said, I'll wait until I see proof before I believe this one.

    I have nothing to worry about, however. My standard practice is to never install a Microsoft OS until it has been "in the field" for -at least- a year :)

  4. Re:not as easy as you might think by Mr.+Slippery · · Score: 4, Informative
    Code generally goes through peer reviews and quality assurance before it is accepted into the main stream.

    Where is this wonderful place you work?

    I've worked for, lessee, eight companies over the years, ranging from the tiny to mammoth international corporations. Only two had code reviews.

    At one, a well known company in the computer security field, code for a secure operating system base was reviewed by trust engineers - who were knowledgeable about the theory of security but who were not so knowledgeable about the programming language being use. We'd get questions like "what does char somecstring[16]; somecstring[0] = char(0); mean"?

    At the other, a well-known aerospace contractor, reviews of code for a NASA project focused on making sure that your code met the formatting standards required - no one asked me anything at all about the semantics of my code.

    --
    Tom Swiss | the infamous tms | my blog
    You cannot wash away blood with blood
  5. Re:not as easy as you might think by Jason+Earl · · Score: 4, Informative

    Whatever. Excel used to have a flight simulator embedded in it, for crying out loud! IIS had a back door password of "Netscape Engineers are Weenies" spelled backwords.

    Not to mention the fact that it seems like Windows has an exploit approximately every 3.5 seconds, and that's without access to the source. A terrorist at Microsoft wouldn't even have to try and embed backdoors into the software. They could just keep track of the exploitable buffer overflows and pass them on to their buddies instead of raising attention to them at Microsoft. Microsoft's entire defense stems around the fact that the "bad guys" don't have access to the code and must therefore guess where the problems are (and even still they have more than their share of problems). Someone on the inside (with access to the source) could easily subvert this process.

  6. Re:Two counterpoints take two by Already.there · · Score: 3, Informative
    As an employee who has worked in the OS division of Microsoft I would like to say unequivocally that this article is complete crap.

    There is no way that you could try to put a terrorist-sized hole in XP without a lot of people noticing.

    -For the months before the OS ships every line of code that is modified is examined on several levels; every bug that is found could potentially be investigated by any of dozens of people in any part of the organization...
    -There's nearly a 1/1 ratio of Test/Dev in the critical parts of the system; to do this you would have to get the developer(s) and the tester(s) responsible for that chunk of code/functionality.
    -Automated tools run by seperate groups review changes and record owners; try to sabotage something once & you won't get a second chance.
    -Automated tools run by testers review code that's not exercised by test-passes, reporting on changes so that the hole can be filled.

    This simply did not happen and it's embarrassing that this pseudo-technical forum is giving the report even a little credit. I would expect better from even the bitter/angry/biased-microsoft-haters that make up the such a vocal percentage of the slashdot crowd.

  7. Remember the Y2K bug fixing frenzy? by TWR · · Score: 3, Informative
    Now I don't know if XP was targeted by Al Qaeda, but a good chunk of Y2K work was outsourced to places like India, where this self-proclaimed terrorist was picked up.

    Given the long-term planning that Al Queda is known for, and their penchant for using the tools of the West against the West, I would be unsurprised if they planted people into companies doing Y2K patchwork for major financial institutions or other mission-critical systems. Most of that code was NOT code reviewed due to time constraints, and the work was done overseas by the lowest bidders. This is a recipe for disaster and was predicted as such years ago. Now that we know exactly how crazy these motherfuckers are, the warnings seem a lot more important.

    Just my paranoid guess.

    -jon

    --

    Remember Amalek.