Slashdot Mirror


User: Locutus

Locutus's activity in the archive.

Stories
0
Comments
3,890
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,890

  1. Re:WINE does NOT have flaw found by Steve Gibson on WMF Flaw not a Backdoor · · Score: 1
    Here I go again, replying to my own message but since someone already showed that they don't get my point, I'll show the code I found in WINE to show that WINE does test for 'len equal to 1' backdoor execution and does NOT erroneously continue on. I looked at the code from metafile.c and it tests the size value in the header for a valid size.

    it first sets the varible 'size' to the size of the METAHEADER structure, allocates some memory before it reads that many bytes of the MWF file:

    METAHEADER *MF_ReadMetaFile(HANDLE hfile)
    {
            METAHEADER *mh;
            DWORD BytesRead, size;
            size = sizeof(METAHEADER);
            mh = HeapAlloc( GetProcessHeap(), 0, size );
            if(!mh) return NULL;
            if(ReadFile( hfile, mh, size, &BytesRead, NULL) == 0 ||
                  BytesRead != size) {
                    HeapFree( GetProcessHeap(), 0, mh );
                    return NULL;
            }

      and later, after all the header data is read, it checks what the MWF said the header size is with what it should be( testing mtHeaderSize with the structure size/2 ):

    if (mh->mtType != METAFILE_MEMORY || mh->mtVersion != MFVERSION ||
                    mh->mtHeaderSize != size / 2)
            {
                    HeapFree( GetProcessHeap(), 0, mh );
                    return NULL;
            }


      It appears Microsofts coders did not do this test and that's how Mr Gibson originally got off on the track that it could be an intentional exploit. It is probably why Gibsons original test application( KnockKnock.exe ) did not show the WMF vulnerability in an older version of WINE. His new test app, MouseTrap.exe probably uses a valid WMF file to trigger the SetAbortProc processing and does test the original exploit functionality.

    LoB
  2. Re:WINE does NOT have flaw found by Steve Gibson on WMF Flaw not a Backdoor · · Score: 1

    Sorry, that URL is invalid so I can't test that particular executable, but I did find his new "MouseTrap.exe" WMF vulnerability test. The point I still want to make is that the original KnockKnock.exe test did not work on WINE. This program used the len==1 problem Windows has with not testing for a valid WMF file and then continuing on with the bad WMF file and immediately starts executing code in the WMF file. Mr Gibson found this flaw when first attepting to create a test program to see if the original WMF exploit was there. He uncovered the fact the Microsoft engineers didn't test the WMF header size for invalid sizes...

    I did run the MouseTrap.exe test and though I did not find anywhere that it tested the len==1 issue, it is said to be designed to test the WMF vulneability with regards to executing code in a WMF file( the SetAbortProc issue ) and it does validate that an older version of WINE has this flaw. Unfortunately, this is not related to the point I was making since we already know WINE had the original WMF vulnerability.

    LoB

  3. WINE does NOT have flaw found by Steve Gibson on WMF Flaw not a Backdoor · · Score: 1

    Sorry for the reply to my own post but I just ran Steve Gibsons test app on an earlier version of WINE( 06/28/2005 ) and it does not have the illegal WMF header structure flaw.

    So while the WINE people implemented Microsofts WMF Spec correctly, it appears they did NOT follow Microsofts practice of allowing an invalid WMF file to continue on and implement/execute the SetAbortProc vulnerability.

    LoB

  4. Re:I don't think many people too Gibson seriously. on WMF Flaw not a Backdoor · · Score: 1

    What I'm not seeing in these discussions is the fact that what Steve Gibson found was very poor coding which resulted in executing code stored in a media file. A simple check of the illegal header size value should have rejected the media file but instead, it went ahead and adjusted some pointer which resulted in executing code.

    There are really two issues here. One is that the WMF spec allows for executing code stored within a WMF file and secondly, the fact that an illegally constructed WMF file( bad length value in WMF header ) also results in code executing from whithin the WMF file.

    So while it was already out that the WMF spec was flawed, Mr Gibson found that Microsofts coding tactics and security reviews did not find this 2nd way to get code executing in WMF files.

    Regarding WINE, we seem to know that WINE does follow Microsofts spec on how WMF files operate, but did they also code the loading of the WMF file such that an illegal length value causes/triggers the vulnerability? I find it interesting that people seem to be brushing over what Mr Gibson found by describing so much of how the original flaw operates and all but ignoring what he was really exposing. ie. the dumbass way Microsofts coders didn't check for valid data structures in the WMF file.

    LoB

  5. So Gibson CALLED it wrong, Microsoft GOT IT wrong on WMF Flaw not a Backdoor · · Score: 1

    who is REALLY is responsible for this flaw? I don't think Steve Gibson created this thing and IMO, he thought he was exposing something which looked pretty much like it had to be intentional. And without the code to see how this software REALLY worked, his conclusions were correct based on the data he had.

    Now, back to who is really responsible. It's Microsoft period. Even after they claimed to have rewritten there OS's after every other release, a hole the size of Kansas was left in since the early 90's? Come on, they didn't know that allowing executable code in a multimedia file format was a security risk?

    IMO, if you trust Microsoft for YOUR computing systems, you should be feeling pretty naked right now.

    LoB

  6. Re:Inverse security evolution on Microsoft Responds to WMF Vulnerability · · Score: 1

    Remember, Microsoft ONLY considers a security issue CRITICAL when it can automatically propogate on a network. So, because a dialog box will pop up when this flaw is activated means that it is not automatic and therefore not CRITICAL in their eyes. How convenient for them.

    LoB

  7. Re:Why does Windows have so much legacy? on Microsoft Responds to WMF Vulnerability · · Score: 2, Informative

    Part of the design for how Windows95 ran Windows3.x code probably had to do with how the competition ran that code. For instance, IBM was selling a million copies a month of 32bit OS/2 when Windows95 was finally released and OS/2 was a major threat during the formative years of Chicago. Running those old apps in a VM like OS/2 did, resulted in two different look/feels and really made the old Windows3.x stuff seem old and outdated to the user. Microsoft needed users to THINK they had a new system even when running the old code. When Windows95 finally shipped, OS/2 had a good number of native applications running on it along with all the Windows3.x applications which ran on it too. Heck, Microsoft even went so far as to tell the press/public it was a new 32bit operation system when the techies were showing them it wasn't...Dos/Windows95 was a hack to beat OS/2 when 32bit WindowsNT v3.1 turned out to be overbloated as a destkop OS. The fact that it has the flaws of Windows3.x should not be a surprise. And looking back at how poorly Microsofts tools on WinowsNT v3.1, 3.50, 3.51, and 4.0 applications used multi-threading, it shows that they did very little redesign above the system kernel and did more porting of the application/tools and most likely much more. Again, not a surprise that flaws show up all the way down the lineage when the "feature" existed back that far. How would you have liked to be a developer at Microsoft when they failed to beat OS/2 with NT and then started hacking on DOS/Windows for 3 years to only come out with the hack that was DOS/Windows95? Intel and Microsoft fractured some on this when Intels 32bit PentiumPro CPU ran slower on DOS/Windows95 than it's older Pentium( 150MHz vs 150MHz )....

    BTW, how many times has Microsoft told the press that they were rewriting and redesigning their new operating system? We're getting close to needing another hand to count them. It is why Microsoft is really much more of a Marketing Company and than a technology company. They rely less on techical solutions to their "problems" and more on smoke and mirror kinds of solutions IMO. And had they done things right, they wouldn't need to rely so much on fake "Get the Facts" programs either. But THAT Microsoft never existed so there's not much hope of it ever happening. So Microsoft Windows still sucks and history shows that it will for another decade or more no matter what lies, half-truths, fabrications come out of their executives mouths. IMO.

    LoB

  8. Re:Ah those were the days. on Microsoft Responds to WMF Vulnerability · · Score: 1

    This reminds me of how "aware" of TCP/IP networking Microsoft was. They didn't own their own TCP/IP stack until sometime around the early to mid 1990's. It was 1992( IIRC ) that I had an AMD based 386/40 with 10MB of RAM running on a companys TCP/IP and Novell networks. The OS on this PC was IBMs OS/2 and I used it for email, filesharing, backups, development, and to keep me from having to run to the labs Sun computers( via the PMX Xserver ).

    ya, nobody did networking or worried about network security in THOSE days. NOT. Doesn't this remind you of a story about an Ostrich( http://www.cybertime.net/~ajgood/ostrich.html )?

    LoB

  9. Re:/tin hat on Toyota Prius Under Fire For Patent Infringement · · Score: 1

    there is a difference between 'working on' and what they project and promote to the public. When Toyota put the Prius on the market, GM and Ford were saying publicly that they would work to bring that technology and fuel savings to their productlines. THEN, Bush took over and within 6 months, what GM and Ford were saying to the public was very different. GM actually stated that hybrids were bad for the public...

    oh, and you really can't be serious bringing up the E85 options! Not only is that something they are just now promoting, they are 30% less efficient comparied to when run on gasoline. Going to the pump 30% more often is just what the public wants....

    I'm all for competition, but the public is only going to take lies and self-serving promotions for so long and then they are not going to buy the product. Boy, it's brilliant how both Ford and GM are bringing hybrid vehicles to market. Putting them in heavy trucks/SUVs is exactly what the public wants. Maybe they are trying to differtiate themselves from how Toyota and Honda are releasing hybrid tech almost exclusively in cars where the MPG and efficiencies are highest.. Putting them in heavy vehicles where the cost to ROI ratio makes it a quite undesireable purchase...

    Whatever you call competition, the US oil industry needs to find a way to keep gasoline below $2.50(avg) or GM and Ford will be old news in US history. Their ability to "compete" and their tactics are not doing them much good. And they had their chance in the mid 90's when a US company approached them with another hybrid design. But that was when they were pushing SUVs and super large trucks.

    LoB

  10. Re:/tin hat on Toyota Prius Under Fire For Patent Infringement · · Score: 1

    "buried as if Microsoft actively sought to hide it. "

    Are you really sure Microsoft was trying to hide this? ;-)
    BTW, those are YOUR words, not mine. And to those who are used to getting at most all aspects of their OS from the keyboard, it's buried.

    I should have known SOMEBODY would comment on THAT. geesh.

    LoB

  11. Re:Theyre patent is pretty complete on Toyota Prius Under Fire For Patent Infringement · · Score: 1

    Look at some of the work done by the company called( formerly called ) Rosen Motors...

    http://ntl.bts.gov/card_view.cfm?docid=9775

    They put a flywheel and a turbine in a Saturn back in 1996 IIRC. They used electric motors to move the vehicle IIRC and pulled energy stored in the flywheel when needed.

    LoB

  12. Re:Diagram on Toyota Prius Under Fire For Patent Infringement · · Score: 1

    thanks for the link. It is great to see the USPTO stating how Plugger will work for GNU/Linux workstation users. Works great for me.

    LoB

  13. Re:Don't laugh! on Toyota Prius Under Fire For Patent Infringement · · Score: 1

    So THAT is why Bush created that new engery project in 2001. And THAT is why he moved the then, ongoing hybrid project under it, created a new hydrogen project and then killed the hybid one. And THAT is why Detroit stopped talking about how they were going to bring out hybrids back in 2000 and started talking about producing hydrogen bases vehicles. Because hybrids use less fuel NOW and hydrogen is only a dream. Know it's obvious! ;->

    Now I thought the Republican party was about govermment staying OUT of the way of businesses... hmmm. Come to think of it, Republicans were about small government too. Maybe they need to change their name.

    LoB

  14. Re:/tin hat on Toyota Prius Under Fire For Patent Infringement · · Score: 1

    That is true but what these guys do is very much like what Microsoft does also, they attack and threaten anybody who comes out with something that's a good idea but they don't own. Bush took over the whitehouse and soon after, Detroit was attacking hybrid vehicles. The oil industry and Microsoft do not want to have to compete. They own their markets now and they will do anything to make sure that they are the ones in control of "the next thing". And this is anti-capitalism and closer to facism. And not a good thing.

    And regarding Microsoft researching task switching because cooperative tasking was obsolete; that's bull. Microsoft 'engineers' wanted OS/2's multitasking to give high priority to the users running task and the IBM engineers wanted OS/2's kernel to be small, fast, and nimble with quick/even task switching among all tasks. IBM wanted an OS that could operate well with both client AND server processes running well on the desktop and on the server. There was much internal squabling over this and it help lead to the breakup. To this day, Microsofts OS's give preferential treatment to the foreground though it is now a much buried option to change that. And the way Microsoft threatened the market to keep OS/2 from gaining marketshare is very much like how the oil industry operates today. If it runs the same course, we'll end up with inferior products at a much higher price in the future.

    IMO

    LoB

  15. Re:/tin hat on Toyota Prius Under Fire For Patent Infringement · · Score: 1

    google on these search terms:

    toyota battery "british petroleum" infringement patent

    Then look at the cache on the 2nd link( GeorgeWBush... ) and jump/find on the page the word "patent"

    This might get you directly to the cache:
    http://72.14.203.104/search?q=cache:DF0brjx0k5MJ:w ww.georgewbush.org/forum/lofiversion/index.php%3Ft 16860.html+toyota+battery+%22british+petroleum%22+ infringement+patent&hl=en&client=firefox

    it says what I had read about a few years ago regarding the oil industries attempts to keep NiMH battery tech out of electric and hybrid vehicles. I would bet there are MANY other examples but this one involved a foreign car company that's big enough to fight back AND get press.

    LoB

  16. Re:/tin hat on Toyota Prius Under Fire For Patent Infringement · · Score: 1

    don't laugh, a couple of oil companies purchased the patent on NiMH batteries from Ovonics and then took Toyota to court. You see, they only allowed licensees to make consumer sized NiMH batteries. That's right, they only wanted licensees to make AAA-D cell batteries. It's why the 1st Gen Prius( Japan ) and Honda Insight have a battery pack made of many D-cell NiMH batteries.

    It was about 3 years ago that I read of the court battle but never heard anything on the solution. When Toyota came out with the newer model and it didn't use D-cell batteries, I figured Toyota and Panasonic solved the issues the oil company had with it's patent. IIRC, it was BP who owned the patent last.

    One more thing. When researching this car( before we purchased in 2000 ), there were many discussions on the technology/design and there was mention of a patent and design( many decades old ) which used the planetary gear system for propulsion. Now if you can patent all the different ways to use a planetary gear, this patent system is royally screwed up... IMO, it is obvious that if you slow down ONE input, the other will speed up and if you then start trying to slow one of the other( one way is to turn a generator for regeneration ) inputs then the output MUST slow down. It's how a planetary gear system works! This is exactly how MSFT will attack GNU projects. Obvious patents, which shouldn't exist, will be used to shut down those without the means or energy to fight. Toyota will bury these guys IYAM. And I would not doubt if Detroit or Bushs oil buddies didn't "help" persuade these guys to attempt this. After all, Detroit and the worlds automakers are back to talking about hybrids again. I say "again" because in late 2000 and early 2001, they were all holding up the hybrid flag. Then the Bush Administration put money in their pockets for hydrogen based prototypes and they all started stomping on the hybrid flags and held up the hydrogen flags. Not quite keeping government out of the way of business...

    And check THIS out( from http://www.autoserviceworld.com/issues/ISArticle.a sp?id=51432&issue=01112006 ):

      Solomon president Peter W. DeVecchis, Jr., said, "The filing of the ITC complaint is the next step in our effort to fully prosecute the alleged infringement by Toyota and to protect our valuable intellectual property.

    I just loved how the company president stated it's an "alleged infringement". He sounds pretty unsure to me.

    LoB

  17. yes, let us believe the head of the MS Anti-Linux on MS Patches Go For Quality Over Quantity? · · Score: 2, Insightful

    My gawd Jim, this is a marketing company for heavens sake! ( not sure why Dr McCoy came to mind...)

    Why would anybody think there is any truth to what the head of Microsofts anti-Linux group says?
    Do you think he might have a little motivation to make sure people THINK their OS smells like roses?
    I do.
    IMO

    But thankyou Mr Hilfe for making sure CIO's, CTO, etc know that Linux is on Microsofts mind. THAT,
    combined with what their employees are experiencing is great for your competition. :-)

    LoB

  18. 1st mistake, listening to Bill Gates on Spam is Dead · · Score: 1

    your 2nd mistake, thinking what he says has any truth to it. IMO, 99% of what he says is self serving trash and has been for the last 10+ years.

    LoB

  19. Novell revoked SCO's license so they have nothing on SCO Amends Novell Complaint · · Score: 1

    what a waste of everybodies time this joke of a company( SCO/Caldera/Canopy/whatever ) is. Can't wait til this is finally over.

    LoB

  20. Re:Applications barrier to entry on Is Microsoft Still a Monopoly? · · Score: 2, Insightful

    selling your development tools at a loss is something Microsoft could afford to do given their grip on the OS market. Just like they have been able to lose over $8billion keeping WindowsCE afloat. That goes for the billions lost on the Xbox over the last 3-4 years. I wont even go into how Microsoft pilfered Borlands top developers, threatened Watcom if they shipped another foundation class along with MFC, etc, etc, etc, etc.

    That doesnt sound like poor work on Microsofts competitors side to me. You know Borland was actually making a pretty good living selling $99 compilers and even $250 dev IDE kit too. But when they started supporting OS/2, Microsoft decided it was Borlands time to go.

    History can be read many ways but I dont trust it when a large amount of fact is left out of the big picture. IMO.

    LoB

  21. the list title should have changed, nothing more on Bluetooth SIG Attacks Linux Bluetooth List · · Score: 1

    I wonder if the author of the list contacted EFF for some legal assistance? It would appear to me that listing consumer opinions of how one product works with another can not be illegal.

    Granted, saying the list is a BlueZ Bluetooth(tm) Hardware Support List when the BlueZ stack is an officially tested stack seems reasonable if the Bluetooth "standard" is well defined. But even then, if their issue is that the hardware was not tested on BlueZ on GNU/Linux, then change the list title, don't remove the list. Also, one would think that a product tested on one "official" stack would work on another "official" stack.... But, IMO, it was/is the list title/heading which is misleading( if it really is ), not the data.

    It would be interesting to know what it takes to get hardware tested on another approved OS/stack? And why does this seem to be an OS thing and not a "stack" based issue... THAT seems strange.

    LoB

  22. Re: Well. on Bill Gates, Time Magazine "Person of the Year" · · Score: 1

    WTF...Please reread my original posting. I hold to my guns that the B/M Gates Foundation donations are not all for the good of mankind and much of it is TIED to PUSHING Microsoft Windows and Microsoft software applications. End of story IMO.

    LoB

  23. Re: Well. on Bill Gates, Time Magazine "Person of the Year" · · Score: 1

    I think there is a slight link between Bill Gates net worth and Microsoft. The B/M Gates Foundation donations( non-cash related ) almost always have ties to Microsoft. Just go to your local library and ask about where their computers and software came from.

    LoB

  24. Re: Well. on Bill Gates, Time Magazine "Person of the Year" · · Score: 1

    as long as the donations were cash then your logic holds true. But, when Bill donates Microsoft software they probably value it at retail prices. In this case, he not only hooks the poor donee on an inferior and problematic software kit but also gets a nice writeoff considering the cost of making the CD and packaging is in the single digits.

    LoB

  25. BFD, buffer the stream to the local DVR instead on Microsoft Wins Hyperlink TV Pause Battle · · Score: 2, Informative

    I didn't look/read the patent but alot of this crap is getting passed that's really obvious. What's happening is that there's now a race to "think" about what might be handy to do and then patent that even though anybody else knowledgeable in the field, would come to the same conclusion if put the the task. What really sucks is that companies like Microsoft, with tons of cash, can afford to throw lawyers at anybody they want to in order to shut them down or steal/buy their technology.

    Anyways, since Tivo already has the ability to pause and you can go to another information/data page/display while the video is still feeding the DVR buffer, there shouldn't be anything to this. A URL is no different than an onscreen or offscreen button IMO.

    LoB