Slashdot Mirror


WMF Flaw not a Backdoor

koro666 writes "In a blog post, Mark Russinovich from SysInternals responded to the allegations made by Steve Gibson labeling the flaw as an intentional backdoor. It seems that the hype was about Steve's discovery that the code would only be executed if the size of the metafile record was deliberately tampered with, which is not the case. The technical details are explained in his post."

8 of 226 comments (clear)

  1. Always picking no Windows... its better then linux by Anonymous Coward · · Score: -1, Troll

    Linux needs to get its act together

    Linux is *not* user friendly, and until it is linux will stay with >1% marketshare.

    Take installation. Linux zealots are now saying "oh installing is so easy, just do apt-get install package or emerge package": Yes, because typing in "apt-get" or "emerge" makes so much more sense to new users than double-clicking an icon that says "setup".

    Linux zealots are far too forgiving when judging the difficultly of Linux configuration issues and far too harsh when judging the difficulty of Windows configuration issues. Example comments:

    User: "How do I get Quake 3 to run in Linux?"
    Zealot: "Oh that's easy! If you have Redhat, you have to download quake_3_rh_8_i686_010203_glibc.bin, then do chmod +x on the file. Then you have to su to root, make sure you type export LD_ASSUME_KERNEL=2.2.5 but ONLY if you have that latest libc6 installed. If you don't, don't set that environment variable or the installer will dump core. Before you run the installer, make sure you have the GL drivers for X installed. Get them at [some obscure web address], chmod +x the binary, then run it, but make sure you have at least 10MB free in /tmp or the installer will dump core. After the installer is done, edit /etc/X11/XF86Config and add a section called "GL" and put "driver nv" in it. Make sure you have the latest version of X and Linux kernel 2.6 or else X will segfault when you start. OK, run the Quake 3 installer and make sure you set the proper group and setuid permissions on quake3.bin. If you want sound, look here [link to another obscure web site], which is a short HOWTO on how to get sound in Quake 3. That's all there is to it!"

    User: "How do I get Quake 3 to run in Windows?"
    Zealot: "Oh God, I had to install Quake 3 in Windoze for some lamer friend of mine! God, what a fucking mess! I put in the CD and it took about 3 minutes to copy everything, and then I had to reboot the fucking computer! Jesus Christ! What a retarded operating system!"

    So, I guess the point I'm trying to make is that what seems easy and natural to Linux geeks is definitely not what regular people consider easy and natural. Hence, the preference towards Windows.

  2. changes the warcry to by Saven+Marek · · Score: -1, Troll

    backdoor teh gibson!!!

  3. It is flaw, and not intentional.. by Anonymous Coward · · Score: -1, Troll

    because, for M$ nothing works as intended.

  4. corepirate nazi felons @ both front & back doo by already_gone · · Score: -1, Troll

    what a surprise? all they want is... everything. at what cost to US? not a pretty picture at all. quite infactdead from our viewpoint.

    for many of US, the only way out is up.

    don't forget, for each of the creators' innocents harmed (in any way) there is a debt that must/will be repaid by you/US as the perpetrators/minions of unprecedented evile will not be available after the big flash occurs.

    'vote' with (what's left in) yOUR wallet. help bring an end to unprecedented evile's manifestation through yOUR owned felonious corepirate nazi life0cidal glowbull warmongering execrable.

    some of US should consider ourselves very fortunate to be among those scheduled to survive after the big flash/implementation of the creators' wwwildly popular planet/population rescue initiative/mandate.

    it's right in the manual, 'world without end', etc....

    as we all ?know?, change is inevitable, & denying/ignoring gravity, logic, morality, etc..., is only possible, on a temporary basis.

    concern about the course of events that will occur should the corepirate nazi life0cidal execrable fail to be intervened upon is in order.

    'do not be dismayed' (also from the manual). however, it's ok/recommended, to not attempt to live under/accept, fauxking nazi felon greed/fear/ego based pr ?firm? scriptdead mindphuking hypenosys.

    consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

    "If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land."

  5. http://www.grcsucks.com/ by Anonymous Coward · · Score: -1, Troll
  6. Umm... by Anonymous Coward · · Score: -1, Troll

    Yeah it is a backdoor. It would be nice if Slashdot got a title right from time to time.

  7. Gibson is all style, no substance by Anonymous Coward · · Score: -1, Troll

    Gibson wants a name for himself no matter how me he has to speculate

  8. Why would Microsoft add a backdoor? by Anonymous Coward · · Score: 0, Troll
    They control the friggin operating system, and everyone has to trust their code without seeing the source. Security patches are provided on a near-weekly basis for people to download. They can install whatever code they want, or probe the user's hard drive through the frontdoor which users have to keep unlocked just for them.

    Then there's the creepy "Tell Microsoft about the problem" button on the dialog that comes up whenever a GUI application (from any vendor, not just Microsoft) crashes - I bet their marketing folks get lots of good information on what apps people use on a regular basis, how they're being used and what frustrations their users are having. I'll bet that none of the information is passed along by Microsoft to Adobe or Corel or whoever wrote the app. Now that's evil.... Steve Gibson should be writing about that.