The Windows MetaFile Backdoor?
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: The Windows MetaFile Backdoor?

  1. #1
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185

    The Windows MetaFile Backdoor?

    Hello, the "main" WMF thread it out of control with the number of posts in it, so I thought I would start a new one with this. (Beside's it is slightly off topic.) If anyone objects, let me know and I will move it.

    Anyway, the following site has a good analysis of the WMF exploit. http://www.grc.com/x/news.exe?cmd=ar...ack&item=60006

    Notably, the most interesting part would be the final paragraph:

    The only conclusion that can reasonably be drawn is that this was a deliberate backdoor put into all of Microsoft's recent editions of Windows. WHY it was put in and WHO knew about it, and WHAT they were expected to use it for ... we'll never know
    The quote above is a by-product of: http://www.grc.com/sn/SN-022.htm

    Disclaimer: This isn't the most thrilling read, but interesting anyway!

    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  2. #2
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185

    The Windows MetaFile Backdoor?

    Hello, the "main" WMF thread it out of control with the number of posts in it, so I thought I would start a new one with this. (Beside's it is slightly off topic.) If anyone objects, let me know and I will move it.

    Anyway, the following site has a good analysis of the WMF exploit. http://www.grc.com/x/news.exe?cmd=ar...ack&item=60006

    Notably, the most interesting part would be the final paragraph:

    The only conclusion that can reasonably be drawn is that this was a deliberate backdoor put into all of Microsoft's recent editions of Windows. WHY it was put in and WHO knew about it, and WHAT they were expected to use it for ... we'll never know
    The quote above is a by-product of: http://www.grc.com/sn/SN-022.htm

    Disclaimer: This isn't the most thrilling read, but interesting anyway!

    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I wouldn't exactly call it interesting (I've been following it on the mailing lists all day).... It's a shame that Leo keeps bringing Steve onto Call For Help....

    Steve is an idiot.... his products are ****... He's a dumbed down version of the Happy Hacker...

    One of his "security tools" is a program that let's you stop the Messenger Service... Shields Up! is also completely useless... it's accuracy is quite vague and it says the only way you're secure is if you rports are stealthed..

    Here's few comments on Steve's "theory" from DailyDave

    Source: Dave Aitel
    So I think what I decided was that you can get the size wrong and the thing will still work because it automatically calls Abort when it sees the zeros. But you can also trigger it by manually aborting after you call SetAbort. And the SetAbort thing itself will work when you give it the wrong length of data for the function - but it works better when you give it the right length. I think the original exploit had an invalid length there or something and everyone copied it cause it worked. At this point: Whatever.


    I think maybe if there was a backdoor in Windows, which there isn't because MS has shareholders and they'd get mighty pissed if there was, it would be cryptographicly strong. I.E. What's the point of a backdoor everyone can take advantage of? You'd need to be able to hook RSA or DSA routines from crypto.dll to do it right.
    Source: Paul
    On Fri, 13 Jan 2006, Dave Aitel wrote:

    > I think maybe if there was a backdoor in Windows, which there isn't
    > because MS has shareholders and they'd get mighty pissed if there was,

    Not when ordered to do so by the USG. In exchange for say, a different outcome in an anti-trust case.

    > it would be cryptographicly strong.

    I agree. It is. (Remember NSAKEY)

    Paul
    It plain and simple wouldn't make ense for it to be a deliberate backdoor... He's just trying to draw up user panic so he can most likely sell another useless product... He shouldn't even be allowed to associate with the security world.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I wouldn't exactly call it interesting (I've been following it on the mailing lists all day).... It's a shame that Leo keeps bringing Steve onto Call For Help....

    Steve is an idiot.... his products are ****... He's a dumbed down version of the Happy Hacker...

    One of his "security tools" is a program that let's you stop the Messenger Service... Shields Up! is also completely useless... it's accuracy is quite vague and it says the only way you're secure is if you rports are stealthed..

    Here's few comments on Steve's "theory" from DailyDave

    Source: Dave Aitel
    So I think what I decided was that you can get the size wrong and the thing will still work because it automatically calls Abort when it sees the zeros. But you can also trigger it by manually aborting after you call SetAbort. And the SetAbort thing itself will work when you give it the wrong length of data for the function - but it works better when you give it the right length. I think the original exploit had an invalid length there or something and everyone copied it cause it worked. At this point: Whatever.


    I think maybe if there was a backdoor in Windows, which there isn't because MS has shareholders and they'd get mighty pissed if there was, it would be cryptographicly strong. I.E. What's the point of a backdoor everyone can take advantage of? You'd need to be able to hook RSA or DSA routines from crypto.dll to do it right.
    Source: Paul
    On Fri, 13 Jan 2006, Dave Aitel wrote:

    > I think maybe if there was a backdoor in Windows, which there isn't
    > because MS has shareholders and they'd get mighty pissed if there was,

    Not when ordered to do so by the USG. In exchange for say, a different outcome in an anti-trust case.

    > it would be cryptographicly strong.

    I agree. It is. (Remember NSAKEY)

    Paul
    It plain and simple wouldn't make ense for it to be a deliberate backdoor... He's just trying to draw up user panic so he can most likely sell another useless product... He shouldn't even be allowed to associate with the security world.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #5
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185
    Steve is an idiot.... his products are ****... He's a dumbed down version of the Happy Hacker...
    Well, you don't have to sugar coat it! Tell us how you really feel! j/k

    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  6. #6
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185
    Steve is an idiot.... his products are ****... He's a dumbed down version of the Happy Hacker...
    Well, you don't have to sugar coat it! Tell us how you really feel! j/k

    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/

  7. #7
    Banned
    Join Date
    Apr 2003
    Posts
    1,146
    Well, HT and I don't fully agree about Gibson, since I love SpinRite and use it. I do agree, Gibson has gotten publicly involved in some areas I don't think he is qualified to address authoritatively.

    I'd take all that with a grain of salt for now. I think better, cooler heads need to look it over and comment.

  8. #8
    Banned
    Join Date
    Apr 2003
    Posts
    1,146
    Well, HT and I don't fully agree about Gibson, since I love SpinRite and use it. I do agree, Gibson has gotten publicly involved in some areas I don't think he is qualified to address authoritatively.

    I'd take all that with a grain of salt for now. I think better, cooler heads need to look it over and comment.

  9. #9
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Rapier75: SpinRite is the once piece of software that has come out of GRC that i'll admit doesn't look too bad... Still not impressed with the price though... Seems like a little much...

    For those of you that don't have dailydave here's another comment regarding gibson's comments.

    If I was MS and I wanted to back door all Windows systems. I'd create
    some sort of automatic update system that only downloaded code I signed
    and installed it on everyones machines. I'd even go one better, for all
    the large networks I'd give them local copies of the software to make it
    easier to pass out the software to all of their internal clients. I'd
    even have my Office software do similar things. It's genius I don't know
    why MS haven't thought of it !

    I don't even know where to begin ripping his idiotic statements apart.
    There are people that take off their tin-foil hats just to ensure "they"
    hear their thoughts whilst they laugh at the junk Gibson spouts.

    Let's give him another week to understand a vulnerability that everyone
    else has long finished with, though. Maybe we missed something pivotal
    that he can point out to us.
    Edit... at least the guys on DailyDave on on the same par... if you're following the FD discussion it's humerous... the last one was my favourite

    It's hard to imagine anything other than conscious and willful
    preservation of known backdoors in Windows as an explanation for
    Microsoft's refusal to enable Windows Firewall by default until XP SP2.

    Microsoft knew for years, if not from the very start, that all Windows
    boxes were by design exposing backdoors on the network, yet they did
    nothing to remedy the situation nor alert any customer to the risk.

    This smells to me like a whole slew of intentional backdoors, and I
    don't smoke anything.

    Regards,

    Jason Coombs
    jasonc@science.org
    I love these conspiracy theorists..

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  10. #10
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Rapier75: SpinRite is the once piece of software that has come out of GRC that i'll admit doesn't look too bad... Still not impressed with the price though... Seems like a little much...

    For those of you that don't have dailydave here's another comment regarding gibson's comments.

    If I was MS and I wanted to back door all Windows systems. I'd create
    some sort of automatic update system that only downloaded code I signed
    and installed it on everyones machines. I'd even go one better, for all
    the large networks I'd give them local copies of the software to make it
    easier to pass out the software to all of their internal clients. I'd
    even have my Office software do similar things. It's genius I don't know
    why MS haven't thought of it !

    I don't even know where to begin ripping his idiotic statements apart.
    There are people that take off their tin-foil hats just to ensure "they"
    hear their thoughts whilst they laugh at the junk Gibson spouts.

    Let's give him another week to understand a vulnerability that everyone
    else has long finished with, though. Maybe we missed something pivotal
    that he can point out to us.
    Edit... at least the guys on DailyDave on on the same par... if you're following the FD discussion it's humerous... the last one was my favourite

    It's hard to imagine anything other than conscious and willful
    preservation of known backdoors in Windows as an explanation for
    Microsoft's refusal to enable Windows Firewall by default until XP SP2.

    Microsoft knew for years, if not from the very start, that all Windows
    boxes were by design exposing backdoors on the network, yet they did
    nothing to remedy the situation nor alert any customer to the risk.

    This smells to me like a whole slew of intentional backdoors, and I
    don't smoke anything.

    Regards,

    Jason Coombs
    jasonc@science.org
    I love these conspiracy theorists..

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •