al Qaeda Hacks XP?

acaird writes "According to this article at Newbytes, members of al Qaeda may have worked for Microsoft and planted "trojans, trapdoors, and bugs in Windows XP"." This stuff screams of hoax to me, but it is showing up on the Washington Post.

Where the hell is Microsoft's PR agency?

[Saint+Aardvark]

Honestly, things are getting pretty bad for MS if this sort of thing can be published without even a public whipping. :-)

If this goes on..."Next week on Jerry Springer: Bill Gates is sleeping with my sister!"

Re:Where the hell is Microsoft's PR agency?

[GTRacer]

That may be the Al-qeada plan to destroy America. make sure all MS products stop working after a certain date...

What, you mean Microsoft Product Activation and Passport subscriptions?

GTRacer
- How much for WinXP Corporate?

Re:Where the hell is Microsoft's PR agency?

[Tackhead]

> That may be the Al-qeada plan to destroy America. make sure all MS products stop working after a certain date

Huh? Last time I checked, Al Queda wanted to destroy the technological world, not save it!

not as easy as you might think

[psyklopz]

Speaking as a programmer who works for a big software company, it's unlikely that anything like that would be able to get through.

Code generally goes through peer reviews and quality assurance before it is accepted into the main stream. Say waht you want about MS, but I'm sure they do these things (they can afford it!)

To bypass these failsafes would require a lot of people along the line allowing it to slip through.

Re:not as easy as you might think

Yeah, right. All code gets peer reviewed, and it's also verified that the version that's peer reviewed is exactly what's under source control, and QA reads code? That's a fucking joke.

QA generally does not read any code at all, they take the specs for how a routine works, and maybe write some regression tests to make sure it does what it's supposed to, and breaks properly. There's no digging around in the code itself.

As for peer review, when it happens (which it doesn't for every line of code by a long shot) they don't make sure that nobody ever updates that code again without more peer review.

While I don't believe the allegation for a second, it's definitely extremely possible.

Re:not as easy as you might think

[oddjob]

So something like a flight simulator in a spreadsheet program would never make it into a released product...

Back under your bridge, troll.

Re:not as easy as you might think

[morcego]

I'm not sure.
You see, I work for a not so big software company right now, but I used to.
It's not that hard to sneak some malicious code into the final product. Quality Arrusance is usualy made only by using the software, not by analising the code. And even if they do analise the code, it's quite trivial to introduce some obscure buffer overflow.
Also, we are forced to remember about that hacking of microsoft internal network some time ago, which they "claimed" give the hackers no access to the code base.
I hate bin Laden as much as the next guy, and think he should die. But, even being a fanactic, the guy is inteligent. And has recources, both personel and money. I think it's very likely he would attempt something like this. I know, in his shoes, I would.

Re:not as easy as you might think

[Jason+Earl]

That's assuming that the terrorists would actually have to plant backdoors. It would be far less dangerous, and far easier, to simply look for buffer overflows and then not report them to management. What good is a peer review if your "peer" is actually looking for exploitable code for their own ends. A remotely exploitable buffer overflow is every bit as good as a backdoor, and if they were in QA they wouldn't even have to write it themselves, they would simply have to let it slide through.

Now, I am not saying that the Al Qaeda has penetrated Microsoft, but I can't imagine that someone working at Microsoft hasn't been tempted to simply overlook a buffer overflow. Especially now that Windows is being used to run some very tempting targets.

Re:not as easy as you might think

[jayhawk88]

Yeah, I'm sure Bill was real pissed when the lid was blown off that little hack.

Get a clue. If your a PHB code reviewer at MS, there's a big difference between finding out your programmers have actually been having a little fun on the job with a hidden easter egg, and trying to figure out the functionality of backdoorforallah.dll.

Those bastards hacked the linux kernel too!

[zyqqh]

And they even left OVER 700 SEKRET MESSAGES IN THE SOURCE CODE!

Observe:

% grep -ir 'a.*l.*q.*a.*e.*d.*a' /usr/src/linux | wc -l
704

Time to outlaw leenuks, I say.

If you don't buy Windows XP...

[pulazzo]

then the terrorists have won.

Well you know what's next...

[ShieldWolf]

This just found in winsock.dll in XP:

seineewerastsisrorretadeuqla

say what?

[cr@ckwhore]

last time I checked, these afganhis were hacking and downloading movies with a commodore 64 (http://slashdot.org/article.pl?sid=01/11/17/20420 7&mode=thread)

...no other explanation needed.

Goodbye to the BSOD?

[sid_vicious]

So, does this mean goodbye to the "Bluescreen of Death" and hello to the "Bluescreen of Holy Vengeance?"

So THEY've been putting all those bugs!

[Unknown+Bovine+Group]

Well now that they've routed the enemy, we can expect future versions of MS OSes to be bug and exploit-free.

BWAHAHAHAHAA

Recycle Bin Laden!

[Stavr0]

Just put this in a .REG file and the evil will be revealed... REGEDIT4 [HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08- 00AA002F954E}] @="Recycle Bin Laden"

How to tell

[Syberghost]

We'll know it terrorists slipped code into XP, because if they do, they'll make it support raw port access for non-priviledged users. Clearly only a terrorist would do that, so it'll be a dead giveaway.

good lord

[banky]

(Outside of an Al Queda recruitment center)
"OK, people. Line to the left is suicide bombers, center line is front line soldiers, right-hand, nefarious computer geeks."

or
(2 terrorists meet to discuss their accomplishments)
"I have struck a great blow against Satan! I have planted bombs and anthrax!"
"I, too, have stuck a great blow!"
"What did you do?"
"Improper bounds checking in msetl23.dll! I used my own hasty, roll-your-own strcpy()! And as a final coup de gras*, I stole 3 product activation keys and gave them to Best Buy employees"

Please.

* terrorists may not actually use phrases like this. Consult your manual.

In other news...

[sheldon]

Members of the militant group Hamas have claimed responsibility for file corruption issue found in the Linux 2.4.15 kernel.

Taking credit for other people's havok...

[coupland]

Sounds to me like al-Qaeda is just looking to take credit for the chaos caused by others.

"You will feel our wrath in the endless bugs and security holes in Windows XP!"

What's next? "We will cause random car accidents in busy intersections and will lace cigarettes with deadly carcinogens!" OOooo, their prophecies are coming true, everybody! Head for the hills!

Al Qaeda's Elite Supercomputing Matrix

[lwagner]

9:05a. Breaking News... the alleged five teraflop Al Qaeda computer hax0ring complex has been penetrated by US Special Forces...

7:30p. This just in - We have learned that the alleged Al Qaeda computing complex was destroyed. US Marines were seen removing five hourglasses, an abacus, and a piece of aluminum foil that were allegedly behind a massive recent distributed denial of service.

Two counterpoints

[Mr.+Fred+Smoothie]

In a million-plus line codebase for a product under deadline pressure, while official policy might be that "every line is checked", in reality this is highly unlikely to happen. The coders and their managers may assure the suits, "Yeah, we reviewd every line of code," but they'd be lying. It just doesn't happen. It's one of those things that everyone knows is *supposed* to happen and most people know doesn't *really* happen.

Secondly, while I agree that it's unlikely that a terrorist would approach a 13-year old kid and say, "Hey, you should start excelling in Math and then attend college to get a CS degree so that 10 years from now you can go work at Microsoft for 4 years or so (enough to gain the confidence of your managers) and then start putting back doors and bugs in their OS," it's far more plausible that a terrorist would approach a already working programmer who's naive and idealistic -- and perhaps *already* working at and trusted by managers at Microsoft -- and say, "Hey, here's how you can really help your faith..."

Bill Gates holds press release on Al Qaeda hacks

[hoggoth]

This just in:

"Bill Gates holds press release on Al Qaeda hacks in Windows XP."
Redmond- Bill Gates today held a press release to confirm the presence of "hacked" code in the Windows XP product, and admitted for the first time that all previous versions of Windows also had "hacked" code inserted maliciously by covert Al Qaeda operatives within the Microsoft Corporation. "We have confirmed the presence of this code in all versions of Microsoft Windows from 3.0 to XP. The code we have found was planted by covert Al Qaeda operatives who were employed by Microsoft for years. This was a long-term terrorist operation planned years in advance and executed with frightening efficiency. We have investigated the code and found it to be the cause of instability in Windows products. As a matter of fact, the infamous "Blue Screen of Death" was in fact an Al Qaeda trojan. We will be release a full list in the coming week of all the Windows problems that the Al Qaeda terrorists are responsible for after a full investigation of all the things that make Windows suck."

Ah...

[ZoneGray]

Ahhh, it all makes sense now. No matter how hard I tried, I could never land properly in MS Flight Simulator.

Breaking up Microsoft!

[Proud+Geek]

At only $27,000 each, a Daisy Cutter would be both faster and cheaper than waiting for the courts to break up Microsoft.