Slashdot Mirror
al Qaeda Hacks XP?
acaird writes "According to this article at Newbytes, members of al Qaeda may have worked for Microsoft and planted "trojans, trapdoors, and bugs in Windows XP"."
This stuff screams of hoax to me, but it is showing up on the Washington
Post.
If this goes on..."Next week on Jerry Springer: Bill Gates is sleeping with my sister!"
Carousel is a lie!
Speaking as a programmer who works for a big software company, it's unlikely that anything like that would be able to get through.
Code generally goes through peer reviews and quality assurance before it is accepted into the main stream. Say waht you want about MS, but I'm sure they do these things (they can afford it!)
To bypass these failsafes would require a lot of people along the line allowing it to slip through.
Unless they commented there code:
security_hole();       /*b1n l@d1n r00lz!*/
Objects in the blog are closer then they ap
And they even left OVER 700 SEKRET MESSAGES IN THE SOURCE CODE!
/usr/src/linux | wc -l
Observe:
% grep -ir 'a.*l.*q.*a.*e.*d.*a'
704
Time to outlaw leenuks, I say.
// zyqqh
From the article:
According to Desler, Microsoft has rigorous processes in place during the development of Windows to ensure the security and integrity of source code
I can sleep easier now.
Sigs are so 1990s. No way would I be seen dead with one.
These backdoors, trojans, etc. are rendered useless by the backdoors, trojans, etc. the NSA placed in XP.
then the terrorists have won.
This just found in winsock.dll in XP:
seineewerastsisrorretadeuqla
just = (My)Opinion.toCents();
It screams of a hoax, so let's put it on the front page. Way to be part of the problem, Taco.
last time I checked, these afganhis were hacking and downloading movies with a commodore 64 (http://slashdot.org/article.pl?sid=01/11/17/20420 7&mode=thread)
...no other explanation needed.
Skiers and Riders -- http://www.snowjournal.com
So, does this mean goodbye to the "Bluescreen of Death" and hello to the "Bluescreen of Holy Vengeance?"
If it ain't broke, it doesn't have enough features yet.
Well now that they've routed the enemy, we can expect future versions of MS OSes to be bug and exploit-free.
BWAHAHAHAHAA
m00.
Just put this in a .REG file and the evil will be revealed...
REGEDIT4
[HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08- 00AA002F954E}]
@="Recycle Bin Laden"
Does this mean we can drop a few 'Daisy Cutters' on Redmond?
We'll know it terrorists slipped code into XP, because if they do, they'll make it support raw port access for non-priviledged users. Clearly only a terrorist would do that, so it'll be a dead giveaway.
Now, third-party patches such as those at linuxhq.com are not scrutinized by the kernel team, and these patches might possibly contain nasty code (as well as simply poor code). But if you're downloading third-party patches and applying them without reading them, you're an idiot. Can't read C, or don't understand kernel internals? Then don't apply third-party patches.
It would be far easier, as you suggest, to insert backdoors and other nasties into userspace open source programs. When was the last time you downloaded a source tarball and actually read all the code before building and installing it? The most evil of all would be a trojan in gcc -- all programs compiled with the trojaned compiler would themselves be trojans. After a while all source remnants of the trojan would be wiped away, but the trojan code would still be lurking in all our binaries. Horrible thought.
Like you say, be careful. Just because you're running Linux, or you use open source, doesn't make you immune to viruses, backdoors, trojans, or anything else.
(Outside of an Al Queda recruitment center)
"OK, people. Line to the left is suicide bombers, center line is front line soldiers, right-hand, nefarious computer geeks."
or
(2 terrorists meet to discuss their accomplishments)
"I have struck a great blow against Satan! I have planted bombs and anthrax!"
"I, too, have stuck a great blow!"
"What did you do?"
"Improper bounds checking in msetl23.dll! I used my own hasty, roll-your-own strcpy()! And as a final coup de gras*, I stole 3 product activation keys and gave them to Best Buy employees"
Please.
* terrorists may not actually use phrases like this. Consult your manual.
ZOMG I WOULD LOVE TO KNOW ABOUT YOUR FEELINGS ON MACINTOSH VERSUS WINDOWS, VI VERSUS EMACS, AND HOW YOU'RE NOT A DORK
Not to mention that the whole story is hanging on very tentative ground.
In the first place, I notice that man is a "suspected" Al Qaeda member. From what I've been seeing lately, anyone who has the wrong kind of accent or a copy of the Koran is a suspected Al Qaeda Member.
Secondly, if this man really is a member of the organization, it should be noted that bravado and misinformation are prime terrorist tactics. It's a lot easier to spread rumours about having planted bombs, or for that matter created software bugs, than it is to actually do it. And you still get the result of people being afraid to fly or afraid to use Windows.
Thirdly, as you said, even if some programmers with less than noble intentions did manage to get employed at Microsoft, the chance that they would be able to intentionally slip in a trojan horse without it being caught in testing are pretty low.
On the other hand, i suppose they couls just sabotage the american way of life by writing bad code, but then Microsoft pays people to do that anyway.
lysergically yours
Look at the effect they've already had on the global airline and tourist industries, based on a net increase in danger that's insignificant compared to road deaths. Score one for the terrorists.
And here come the ill considered security measures and infringements of civil liberties. We defend Freedom by taking it away. Score two.
Then it was time to target the the government, postal service and law enforcement with a few packets of a not particularly lethal virus (sympathies to the victims though). Again, the big impact is from the FUD, as law enforcement chase hoaxes and benign packages all over the country. Score three.
Now it's software. "All your code base belong to us!" they rant. Expect the hoaxers to jump on this and a new rash of bin Laden themed virii and worms to appear. It's pure FUD, but the problem is reassuring easily frightened and confused non-techies that it isn't true. How do you disprove the existence of allegedly hidden code?
And so for once I'm actually going to get on the bandwagon with Microsoft and give this zero credibility. This pathetic piece of bluster should not be allowed to put anyone off using XP. There's plenty of real reasons for not using it, but this isn't one of them.
If you were blocking sigs, you wouldn't have to read this.
# chflags noschg /bin/laden
/bin/laden
/bin/laden removed. Will replace with something even more evil.
/bin/microsoft /bin/laden
/bin/laden
/bin/microsoft
/bin/laden
# rm -f
Warning: Utitilty
# ln
# chflags schg
# chflags schg
Thank you for removing
This page left intentionally blank.
Members of the militant group Hamas have claimed responsibility for file corruption issue found in the Linux 2.4.15 kernel.
It turns out that al Qaeda is actually a bitter DR-DOS user group.
Sounds to me like al-Qaeda is just looking to take credit for the chaos caused by others.
"You will feel our wrath in the endless bugs and security holes in Windows XP!"
What's next? "We will cause random car accidents in busy intersections and will lace cigarettes with deadly carcinogens!" OOooo, their prophecies are coming true, everybody! Head for the hills!
Well, they are rerpoting as fact that Mohammad Afroze Abdul Razzak is making these claims. Are they not supposed to print the story because what this guy is saying is almost certainly untrue?
It would be different if they were reporting that there were *in fact* security bugs in XP planted by terrorists, based on the claims of one guy.
I think you'll find that starting with a 5 gallon container might be considered cheating.
ObSoln:
Fill 7
(Fill 3 from 7:Discard 3) twice
Decant remaining 1 from 7 to 3.
Fill 7. Top up 3 from 7, leaving 5 in 7.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
7:30p. This just in - We have learned that the alleged Al Qaeda computing complex was destroyed. US Marines were seen removing five hourglasses, an abacus, and a piece of aluminum foil that were allegedly behind a massive recent distributed denial of service.
I have worked for several major software companies, including Microsoft, as a co-op.
:)
The standard practices at Microsoft do not include a lot of code review (even for a co-op). You could easily sneak stuff in there.
That being said, I'll wait until I see proof before I believe this one.
I have nothing to worry about, however. My standard practice is to never install a Microsoft OS until it has been "in the field" for -at least- a year
Secondly, while I agree that it's unlikely that a terrorist would approach a 13-year old kid and say, "Hey, you should start excelling in Math and then attend college to get a CS degree so that 10 years from now you can go work at Microsoft for 4 years or so (enough to gain the confidence of your managers) and then start putting back doors and bugs in their OS," it's far more plausible that a terrorist would approach a already working programmer who's naive and idealistic -- and perhaps *already* working at and trusted by managers at Microsoft -- and say, "Hey, here's how you can really help your faith..."
The evaluation of an action as 'practical' . . . depends on what it is that one wishes to practice.
Also, don't forget the ones that are there by poor implimentation. You know, like sound files in email that get executed without warning.
Also, don't forget the ones that are there due to poor design. You know, like an email client that runs as root because there are no real user accounts and the underlying file system will not support that and ....
Don't forget to combine all of the above with poor judgement. Well, running M$ with anything but in single user non networked air gap protected mode is poor judgement. Worse judgement is attatching a camera and an always on high speed internet connection in your freaking bedroom, ha-ha(banned in Saudi Arabia).
Alah-Akbar. It's true you know.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Al Qaeda members aren't supposed to know what the other members are doing. Their own mission is revealed to them at the last moment.
In the article they mention the following : "authorities find some of his claims inconsistent and "too theatrical to believe.""
This guy is probably not even a member of Al Qaeda, he's just a crazy guy who's probably too dumb to even be a terrorist.
"Bill Gates holds press release on Al Qaeda hacks in Windows XP."
Redmond- Bill Gates today held a press release to confirm the presence of "hacked" code in the Windows XP product, and admitted for the first time that all previous versions of Windows also had "hacked" code inserted maliciously by covert Al Qaeda operatives within the Microsoft Corporation. "We have confirmed the presence of this code in all versions of Microsoft Windows from 3.0 to XP. The code we have found was planted by covert Al Qaeda operatives who were employed by Microsoft for years. This was a long-term terrorist operation planned years in advance and executed with frightening efficiency. We have investigated the code and found it to be the cause of instability in Windows products. As a matter of fact, the infamous "Blue Screen of Death" was in fact an Al Qaeda trojan. We will be release a full list in the coming week of all the Windows problems that the Al Qaeda terrorists are responsible for after a full investigation of all the things that make Windows suck."
- For the complete works of Shakespeare: cat
... where this looney says they planned to attack the Houses of Parliament and Tower Bridge.
Parliament perhaps, but not Tower Bridge. If they were interested in tourist attractions in the US, they would have put a plane into the statue of Liberty. It doesn't fit their pattern. Tower Bridge isn't even that big a deal as a symbol of the City. The Tower itself, or St Pauls, or Buck Huse, would be more likely.
Canary Wharf, I could believe.
~~~~~ BigLig2? You mean there's another one of me?
Ahhh, it all makes sense now. No matter how hard I tried, I could never land properly in MS Flight Simulator.
At only $27,000 each, a Daisy Cutter would be both faster and cheaper than waiting for the courts to break up Microsoft.
Even Slashdot wants to hide some things
They were planting features, not trojans or trapdoors.
Let's just whine about it instead of moving on. Way to fill the page up with trash.
Hypocracy, see above.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Perhaps these guys have been instructed that if they feel the need to "spill the beans" they should spill 3 or 4 phony beans along with the real ones. That way, our security has to track multiple potential threats. I'm sure nothing would please them more than to see us spend the time and money required to audit all of the Windows code.
Perhaps there is a rational way to tell which threats are real; some kind of "threat profiling".
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
There is no way that you could try to put a terrorist-sized hole in XP without a lot of people noticing.
-For the months before the OS ships every line of code that is modified is examined on several levels; every bug that is found could potentially be investigated by any of dozens of people in any part of the organization...
-There's nearly a 1/1 ratio of Test/Dev in the critical parts of the system; to do this you would have to get the developer(s) and the tester(s) responsible for that chunk of code/functionality.
-Automated tools run by seperate groups review changes and record owners; try to sabotage something once & you won't get a second chance.
-Automated tools run by testers review code that's not exercised by test-passes, reporting on changes so that the hole can be filled.
This simply did not happen and it's embarrassing that this pseudo-technical forum is giving the report even a little credit. I would expect better from even the bitter/angry/biased-microsoft-haters that make up the such a vocal percentage of the slashdot crowd.
Given the long-term planning that Al Queda is known for, and their penchant for using the tools of the West against the West, I would be unsurprised if they planted people into companies doing Y2K patchwork for major financial institutions or other mission-critical systems. Most of that code was NOT code reviewed due to time constraints, and the work was done overseas by the lowest bidders. This is a recipe for disaster and was predicted as such years ago. Now that we know exactly how crazy these motherfuckers are, the warnings seem a lot more important.
Just my paranoid guess.
-jon
Remember Amalek.
My policy is half of that: the first half!
That sounds reasonable. However, by that logic there should never have been any exploits for a Microsoft product, right? Maybe you are assuming that the trojan would be glaringly obvious. I would assume the opposite - that it would be the kind of vulnerability we've already seen many times in IIS and Outlook. Something that could be called an honest mistake.
I still don't really believe the story, but I think you are dismissing it too lightly.
It's al just FUD to cover up the Magic Lantern introduction. Really.
karma capped
"no evidence of malicious code in the operating system has been reported".
:}
Never attribute to malice that which can be adequately explained by stupidity.
Hand me that airplane glue and I'll tell you another story.