-
January 13th, 2006, 08:54 PM
#1
The Windows MetaFile Backdoor?
Hello, the "main" WMF thread it out of control with the number of posts in it, so I thought I would start a new one with this. (Beside's it is slightly off topic.) If anyone objects, let me know and I will move it.
Anyway, the following site has a good analysis of the WMF exploit. http://www.grc.com/x/news.exe?cmd=ar...ack&item=60006
Notably, the most interesting part would be the final paragraph:
The only conclusion that can reasonably be drawn is that this was a deliberate backdoor put into all of Microsoft's recent editions of Windows. WHY it was put in and WHO knew about it, and WHAT they were expected to use it for ... we'll never know
The quote above is a by-product of: http://www.grc.com/sn/SN-022.htm
Disclaimer: This isn't the most thrilling read, but interesting anyway!
-Deeboe
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu, The Art of War
http://tazforum.**********.com/
-
January 13th, 2006, 08:54 PM
#2
The Windows MetaFile Backdoor?
Hello, the "main" WMF thread it out of control with the number of posts in it, so I thought I would start a new one with this. (Beside's it is slightly off topic.) If anyone objects, let me know and I will move it.
Anyway, the following site has a good analysis of the WMF exploit. http://www.grc.com/x/news.exe?cmd=ar...ack&item=60006
Notably, the most interesting part would be the final paragraph:
The only conclusion that can reasonably be drawn is that this was a deliberate backdoor put into all of Microsoft's recent editions of Windows. WHY it was put in and WHO knew about it, and WHAT they were expected to use it for ... we'll never know
The quote above is a by-product of: http://www.grc.com/sn/SN-022.htm
Disclaimer: This isn't the most thrilling read, but interesting anyway!
-Deeboe
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu, The Art of War
http://tazforum.**********.com/
-
January 13th, 2006, 09:02 PM
#3
Hey Hey,
I wouldn't exactly call it interesting (I've been following it on the mailing lists all day).... It's a shame that Leo keeps bringing Steve onto Call For Help....
Steve is an idiot.... his products are ****... He's a dumbed down version of the Happy Hacker...
One of his "security tools" is a program that let's you stop the Messenger Service... Shields Up! is also completely useless... it's accuracy is quite vague and it says the only way you're secure is if you rports are stealthed..
Here's few comments on Steve's "theory" from DailyDave
Source: Dave Aitel
So I think what I decided was that you can get the size wrong and the thing will still work because it automatically calls Abort when it sees the zeros. But you can also trigger it by manually aborting after you call SetAbort. And the SetAbort thing itself will work when you give it the wrong length of data for the function - but it works better when you give it the right length. I think the original exploit had an invalid length there or something and everyone copied it cause it worked. At this point: Whatever.
I think maybe if there was a backdoor in Windows, which there isn't because MS has shareholders and they'd get mighty pissed if there was, it would be cryptographicly strong. I.E. What's the point of a backdoor everyone can take advantage of? You'd need to be able to hook RSA or DSA routines from crypto.dll to do it right.
Source: Paul
On Fri, 13 Jan 2006, Dave Aitel wrote:
> I think maybe if there was a backdoor in Windows, which there isn't
> because MS has shareholders and they'd get mighty pissed if there was,
Not when ordered to do so by the USG. In exchange for say, a different outcome in an anti-trust case.
> it would be cryptographicly strong.
I agree. It is. (Remember NSAKEY)
Paul
It plain and simple wouldn't make ense for it to be a deliberate backdoor... He's just trying to draw up user panic so he can most likely sell another useless product... He shouldn't even be allowed to associate with the security world.
Peace,
HT
-
January 13th, 2006, 09:02 PM
#4
Hey Hey,
I wouldn't exactly call it interesting (I've been following it on the mailing lists all day).... It's a shame that Leo keeps bringing Steve onto Call For Help....
Steve is an idiot.... his products are ****... He's a dumbed down version of the Happy Hacker...
One of his "security tools" is a program that let's you stop the Messenger Service... Shields Up! is also completely useless... it's accuracy is quite vague and it says the only way you're secure is if you rports are stealthed..
Here's few comments on Steve's "theory" from DailyDave
Source: Dave Aitel
So I think what I decided was that you can get the size wrong and the thing will still work because it automatically calls Abort when it sees the zeros. But you can also trigger it by manually aborting after you call SetAbort. And the SetAbort thing itself will work when you give it the wrong length of data for the function - but it works better when you give it the right length. I think the original exploit had an invalid length there or something and everyone copied it cause it worked. At this point: Whatever.
I think maybe if there was a backdoor in Windows, which there isn't because MS has shareholders and they'd get mighty pissed if there was, it would be cryptographicly strong. I.E. What's the point of a backdoor everyone can take advantage of? You'd need to be able to hook RSA or DSA routines from crypto.dll to do it right.
Source: Paul
On Fri, 13 Jan 2006, Dave Aitel wrote:
> I think maybe if there was a backdoor in Windows, which there isn't
> because MS has shareholders and they'd get mighty pissed if there was,
Not when ordered to do so by the USG. In exchange for say, a different outcome in an anti-trust case.
> it would be cryptographicly strong.
I agree. It is. (Remember NSAKEY)
Paul
It plain and simple wouldn't make ense for it to be a deliberate backdoor... He's just trying to draw up user panic so he can most likely sell another useless product... He shouldn't even be allowed to associate with the security world.
Peace,
HT
-
January 13th, 2006, 09:06 PM
#5
Steve is an idiot.... his products are ****... He's a dumbed down version of the Happy Hacker...
Well, you don't have to sugar coat it! Tell us how you really feel! j/k
-Deeboe
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu, The Art of War
http://tazforum.**********.com/
-
January 13th, 2006, 09:06 PM
#6
Steve is an idiot.... his products are ****... He's a dumbed down version of the Happy Hacker...
Well, you don't have to sugar coat it! Tell us how you really feel! j/k
-Deeboe
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu, The Art of War
http://tazforum.**********.com/
-
January 13th, 2006, 09:12 PM
#7
Well, HT and I don't fully agree about Gibson, since I love SpinRite and use it. I do agree, Gibson has gotten publicly involved in some areas I don't think he is qualified to address authoritatively.
I'd take all that with a grain of salt for now. I think better, cooler heads need to look it over and comment.
-
January 13th, 2006, 09:12 PM
#8
Well, HT and I don't fully agree about Gibson, since I love SpinRite and use it. I do agree, Gibson has gotten publicly involved in some areas I don't think he is qualified to address authoritatively.
I'd take all that with a grain of salt for now. I think better, cooler heads need to look it over and comment.
-
January 13th, 2006, 09:30 PM
#9
Hey Hey,
Rapier75: SpinRite is the once piece of software that has come out of GRC that i'll admit doesn't look too bad... Still not impressed with the price though... Seems like a little much...
For those of you that don't have dailydave here's another comment regarding gibson's comments.
If I was MS and I wanted to back door all Windows systems. I'd create
some sort of automatic update system that only downloaded code I signed
and installed it on everyones machines. I'd even go one better, for all
the large networks I'd give them local copies of the software to make it
easier to pass out the software to all of their internal clients. I'd
even have my Office software do similar things. It's genius I don't know
why MS haven't thought of it !
I don't even know where to begin ripping his idiotic statements apart.
There are people that take off their tin-foil hats just to ensure "they"
hear their thoughts whilst they laugh at the junk Gibson spouts.
Let's give him another week to understand a vulnerability that everyone
else has long finished with, though. Maybe we missed something pivotal
that he can point out to us.
Edit... at least the guys on DailyDave on on the same par... if you're following the FD discussion it's humerous... the last one was my favourite
It's hard to imagine anything other than conscious and willful
preservation of known backdoors in Windows as an explanation for
Microsoft's refusal to enable Windows Firewall by default until XP SP2.
Microsoft knew for years, if not from the very start, that all Windows
boxes were by design exposing backdoors on the network, yet they did
nothing to remedy the situation nor alert any customer to the risk.
This smells to me like a whole slew of intentional backdoors, and I
don't smoke anything.
Regards,
Jason Coombs
jasonc@science.org
I love these conspiracy theorists..
Peace,
HT
-
January 13th, 2006, 09:30 PM
#10
Hey Hey,
Rapier75: SpinRite is the once piece of software that has come out of GRC that i'll admit doesn't look too bad... Still not impressed with the price though... Seems like a little much...
For those of you that don't have dailydave here's another comment regarding gibson's comments.
If I was MS and I wanted to back door all Windows systems. I'd create
some sort of automatic update system that only downloaded code I signed
and installed it on everyones machines. I'd even go one better, for all
the large networks I'd give them local copies of the software to make it
easier to pass out the software to all of their internal clients. I'd
even have my Office software do similar things. It's genius I don't know
why MS haven't thought of it !
I don't even know where to begin ripping his idiotic statements apart.
There are people that take off their tin-foil hats just to ensure "they"
hear their thoughts whilst they laugh at the junk Gibson spouts.
Let's give him another week to understand a vulnerability that everyone
else has long finished with, though. Maybe we missed something pivotal
that he can point out to us.
Edit... at least the guys on DailyDave on on the same par... if you're following the FD discussion it's humerous... the last one was my favourite
It's hard to imagine anything other than conscious and willful
preservation of known backdoors in Windows as an explanation for
Microsoft's refusal to enable Windows Firewall by default until XP SP2.
Microsoft knew for years, if not from the very start, that all Windows
boxes were by design exposing backdoors on the network, yet they did
nothing to remedy the situation nor alert any customer to the risk.
This smells to me like a whole slew of intentional backdoors, and I
don't smoke anything.
Regards,
Jason Coombs
jasonc@science.org
I love these conspiracy theorists..
Peace,
HT
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|