Slashdot Mirror

← Back to Stories (view on slashdot.org)

WMF Vulnerability is an Intentional Backdoor?

Posted by Zonk on from the take-with-a-grain-of-salt dept.

An anonymous reader writes "Steve Gibson alleges that the WMF vulnerability in Windows was neither a bug, nor a feature designed without security in mind, but was actually an intentionally placed backdoor. In a more detailed explanation, Gibson explains that the way SetAbortProc works in metafiles does not bear even the slightest resemblance to the way it works when used by a program while printing. Based on the information presented, it really does look like an intentional backdoor." There's a transcript available of the 'Security Now!' podcast where Gibson discusses this.

7 of 788 comments (clear)

  1. Move along, Move along by XFilesFMDS1013 · · Score: 0, Offtopic

    Nothing for you to see here. Please move along.

    Now there's a feature.

  2. MS Bashing by Anonymous Coward · · Score: -1, Offtopic

    Does anyone else out there think that this article might lead to a very extreme amount of MS bashing?

  3. McDonalds by Anonymous Coward · · Score: -1, Offtopic

    WTF? It figures that Ronald McDonald would friggen put a backdoor in this Big Mac Microsoft calls an OS. Come on people, when are you gonna realize that there's too much fat in their healthy foods. Healthy foods come from cows and are delivered to your local MickeyD's where they are frozen for future consumption by the proliteriate class. Once all the foods are frozen, the loyal, extremely wealthy McDonald's employees create highly sophisticated utility doors in their crazy ideas. I mean really.

  4. Re:Unparalleled BS from MS. by iAmSmarticus · · Score: -1, Offtopic

    is it just me or is /. becoming more of a digg.com mirror these days?
    and yes, M$ will very likely say it was some rogue programmer... We should start taking bets on how quickly they make the announcement!

    --
    ~ I am Smarticus. And you're not.
  5. A link to his.... by p.rican · · Score: 0, Offtopic
    site containing his evidenence/proof that this vulnerabilty is there on purpose.

    here

    --

    /. --"Demented and sad....but social" -Judd Nelson

  6. Re:I would not be suprised at all. by Reziac · · Score: 0, Offtopic

    Thanks, it wasn't linked from TFA page, far as I saw (tho by then my brain was glazing over :)

    --
    ~REZ~ #43301. Who'd fake being me anyway?
  7. Re:I would not be suprised at all. by Jesus_666 · · Score: 0, Offtopic

    I'm reminded of how malicious code can be embedded in the comment field of GIFs, and executed by an accomplice program... that exploit was never seen in the wild either, but has been known about for as long as GIFs have existed. Was it part of a grand conspiracy to force us all to subscribe to Compu$erve?? ;)

    Yes, but AOL sent a team of shadowrunners to the Compuserve headquarters to geek the coders responsible for writing the backdoors. After the mage was done manabolting everyone in the office and the decker had copied and deleted the project's entire codebase Compuserve was forced to give up that particular matrix domination scheme.
    AOL would be the good guys here but they decided to pay the runners in lead. Never trust a Johnson, chummers, I tell you...

    --
    USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)