WMF Flaw not a Backdoor 226
koro666 writes "In a blog post, Mark Russinovich from SysInternals responded to the allegations made by Steve Gibson labeling the flaw as an intentional backdoor. It seems that the hype was about Steve's discovery that the code would only be executed if the size of the metafile record was deliberately tampered with, which is not the case. The technical details are explained in his post."
it doesn't matter (Score:2, Funny)
Re:it doesn't matter (Score:5, Informative)
You've got a good point here and it describes the other side of of Steve Gibson [grcsucks.com]. After reading that site, you'll understand his stories are mostly made of popular speak or disinformation, rather then scientifical information.
So while you may admire him for his charisma, you shouldn't for his expertise. Would you e-mail him about an error, he'll silently correct it as if he'd always known it. You won't find him at an official security conference, but in the eyes of his fanbase he remains a god. I can image people are felling for his stories through, his stories make you get excited easily.
Re:it doesn't matter (Score:3, Funny)
Re:it doesn't matter (Score:3, Funny)
And he's different from other mainstream media sources how?
Re:it doesn't matter (Score:5, Insightful)
This wasn't a Chicken Little incident. I thought it was very reasonable, controlled, open to correction, and intended mostly to elicit a response from Microsoft, which clearly it did. All in all, I think this was a positive exercise in nearly every respect.
Re:it doesn't matter (Score:3, Insightful)
When did he point that out? Certainly not in this interview [grc.com] where he was adamant that the flaw was a deliberate backdoor. The only thing he equivocated on was who at Microsoft knew, and how old it was.
Re:it doesn't matter (Score:2, Insightful)
I admit he explains the stuff very easy but especially his continuous realplayer bitching made me anxious. It was "half true", "half right" and MS Windows Media player came with "GUID" ON while Realplayer came with GUID OFF by default.
(not speaking about current sw after even dumbest user learned what spyware is)
Re:it doesn't matter (Score:2)
Expressing security bugs accurately and correctly is often someone at odds with making a good media story. It sounds like Gibson is quite good at the latter.
It does matter (was Re:it doesn't matter) (Score:4, Informative)
Conspiracy theories don't need reasons backing them up.
There is no way to disagree with that, if one accepts the anthropomorphism. s/theories/theorists/ would make this a stronger statement.
But whatever... At the time this particular exploit was introduced into Windows, there was definitely a conspiracy within Microsoft that involved at the very least mucking about with the documentation of the Windows API.
One of the reasons that Win30 and Win31 succeeded in capturing the market so quickly was because MS made the Windows API available to application competitors, notably Quattro Pro, then from Borland, and WordPerfect, then from WordPerfect. MS presented Windows as being a Good Thing for the entire software industry and got a lot of needed buy-in on that basis. During the development process for Win31, it was highly significant to the marketplace that Borland, WordPerfect, and other industry leaders of DOS software were writing native Windows versions of their applications, and urging their customers to upgrade from the DOS versions to the Windows versions. (The DOS versions ran better under OS/2 than they did under Windows since OS/2 had preemptive multitasking; moving the market to Windows versions of these products was critical to MS if Windows with its cooperative multitasking was going to survive the OS/2 challenge).
But MS wasn't playing fair: when Win31 came out, Excel and Word danced rings around Quattro Pro and WordPerfect. And when people started to look at how MS was able to get such better performance out of the same API, they found that the MS application coders were not using the same API at all: they were relying on undocumented features and features that were documented in misleading ways.
This and similar shenanigans from MS are matters of historic record, vetted by the courts. There can be no question that MS is a company that has used conspiracy tactics to gain market share. There can be no question that MS was doing this at the time it implemented the WMF structure under Windows.
Where does the WMF vulnerability fit in, in light of this background? Obviously it was not written initially as an internet backdoor.
But consider an MS application that used a trademarked WMF graphic on its splash screen. That graphic could run a small bit of code that would unlock hidden capabilities in the Windows API. For example, it could set DEBUG=TRUE in some low level part of the task scheduler, turning off chunks of code that other applications would have to wade through, and thus making the MS app so much more efficient in a way that would be undetectable even on dissassembling the code. There is no technical reason why the WMF vulnerability could not have been used in this way. There is no question that the MS corporate culture of that time would have celebrated and rewarded this kind of cleverness. In view of this background, and the fact that this vulnerability managed to survive the intense scrutiny of several major code revisions, the only reasonable assumption is that the WMF vulnerability is a deliberate backdoor and has been kept around because MS has thought it would be useful to them.
MS has always been a company that has put more value on cleverness than on ethics.
So the questions now are what has MS used this backdoor for, and what has been their plans for future use? Anyone who has used a Windows machine recently should be wondering what information MS has gathered from them and what MS is doing with that information-- the ability to swap a keyboard logger in and out as different graphics or icons are presented while an application is running is a disturbing thought.
I continue to think that there is cause here to consider a Grand Jury investigation. I don't see any other way in which MS employees could demonstrate that their unethical business practices haven't transgressed over the fine line and become criminal behaviors.
MOD PARENT UP (Score:2)
FIGHT! FIGHT! FIGHT! (Score:2, Interesting)
However, Mark has been gaining himself a decent reputation recently.
I know whos opinion and factchecking I trust at the moment.
Mark Russinovich
483,000 results
Steve Gibson
13,700,000 results
Re:FIGHT! FIGHT! FIGHT! (Score:5, Insightful)
Hit counts don't count for much. Britney Spears is the highest in terms of web searches. I guess that means she beats both Mark and Gibson.
Re:FIGHT! FIGHT! FIGHT! (Score:2, Interesting)
Mark had the opportunity to view the source code, but after reading the NDA he declined as some of the terms meant he would have to stop writing his Sysinternals code.
Mark was *not* a licensee. He has not used the source code - all his tools are built on reverse engineering.
This information came from the "Inside Windows Course" run in London by Mark Russinovich and David Solomon.
Having attended the course and spoken to both of them, I'm very impressed with their knowledge.
Another
Re:FIGHT! FIGHT! FIGHT! (Score:5, Insightful)
Re:My question (Score:2)
I'm not sure I even care if it is a back door, so much as I care if it can be used as a back door. If the answer to the second circumstance is "yes," then it would seem that what we're seeing in this debate is little more than semanting quibbling.
Re:FIGHT! FIGHT! FIGHT! (Score:2)
Re:FIGHT! FIGHT! FIGHT! (Score:5, Funny)
I'll guess from your handle that you may not be a native speaker of English. In which case, allow me to offer some friendly advice - the word you were probably looking for is "analyze", with a "y". "Analize" with an "i" is also a verb meaning...well, something else.
Okay, mod me offtopic now....
Re:FIGHT! FIGHT! FIGHT! (Score:2)
Re:FIGHT! FIGHT! FIGHT! (Score:2)
Look up the word analyze [answers.com] - the dictionary says: [Perhaps from French analyser, from analyse, analysis, from Greek analusis. See analysis.]
But the problem with analize is that 'ize' is a suffix [learnenglish.org.uk] that can be added to many adjectives to form verbs that mean 'to cause', 'to become'. So 'digitize' means to make it digital, 'analize' then means to make it anal.
Re:FIGHT! FIGHT! FIGHT! (Score:2)
Re:FIGHT! FIGHT! FIGHT! (Score:3, Funny)
(Cue wocka wocka porn music)
Re:FIGHT! FIGHT! FIGHT! (Score:5, Funny)
Steve Gibson: 12,700,000 results.
William Gibson: 21,300,000 results.
Now who's your daddy?
Re:FIGHT! FIGHT! FIGHT! (Score:2)
William Gibson: 21,300,000 results.
Now who's your daddy?
35,000,000 for bill gates
45,200,000 for porn
233,000,000 for sex
Good. Now I know who my daddy is.
Doorframe (Score:5, Funny)
Re:Doorframe (Score:5, Insightful)
Re:Doorframe (Score:3, Funny)
What wall?
Re:Doorframe (Score:3, Funny)
I'm so changing my startup sound on my work machine to "I'm Tom Bodett, and we'll leave the light on for you".
I don't think many people too Gibson seriously... (Score:5, Insightful)
I think the real question about this WMF vulnerability is how on earth could it have survived five years under the new security aware, code auditting regime that we supposedly have at Microsoft?
(Please don't reply that the wine people implemented it too - their goal reimplement the windows API, not audit it for security)
Re:I don't think many people too Gibson seriously. (Score:4, Insightful)
(Please don't reply that the wine people implemented it too - their goal reimplement the windows API, not audit it for security)
Sorry if I don't care about your rules for what I may and may not reply, but that the wine group did implement it says a whole lot of how difficult it was to spot. Their goal was to reimplement the API, sure, but you can bet your ass that they would have reported it if they saw it. And they did, despite it being right under their noses. Even Russinovich makes this point (but I guess you didn't really read TFA anyway, did you?). Forgive me if I trust his judgement a little more than yours.
That doesn't say anything bad about wine coders, who, as we all know, are pretty good coders, but it does about the subtlety of the issue. Yes, MS deserves some blame. But let's keep things in proportion -- this was a tricky little bug.
Re:I don't think many people too Gibson seriously. (Score:2, Funny)
Well, as their name subtlely denotes, backdoors are on the back, hence the difficulty to spot them if not proactively looked for.
That must be the raison d'etre for constructing them in the back.
And, to conclude, if it is built like a backdoor, and squeaks like a backdoor, it must be a...
Re:I don't think many people too Gibson seriously. (Score:2)
*ducks*
Re:I don't think many people too Gibson seriously. (Score:5, Insightful)
My point was that the wine people's goal was to reimplement. Not audit.
MS's goal over the last 5 years was to audit. You would think they would have looked particularly hard at code with roots in Windows 3.1 (which, as Russinovich pointed out is a common source of poor API design)
Their goal was to reimplement the API, sure, but you can bet your ass that they would have reported it if they saw it. And they did, despite it being right under their noses. Even Russinovich makes this point (but I guess you didn't really read TFA anyway, did you?). Forgive me if I trust his judgement a little more than yours.
Well, forgive me if I don't trust some MS shill posting anonymously on slashdot, especially when they say:
That doesn't say anything bad about wine coders, who, as we all know, are pretty good coders, but it does about the subtlety of the issue. Yes, MS deserves some blame. But let's keep things in proportion -- this was a tricky little bug. [emphasis mine]
MS deserves some blame? Who else should we blame? The wine group? Mark? Steve Gibson? Slashdotters?
Microsft deserves all the blame for this - they're responsible for the bad design, the bad implementation and the lax audit. Suggesting they only deserve a portion of the blame shows your bias.
Comment removed (Score:5, Insightful)
Re:I don't think many people too Gibson seriously. (Score:2)
That being said, I'm not saying that I couldn't see them raising it, but it's not as if they were proposing designs and some guy was pointing out security holes in the desi
How did it get into wine? (Score:2)
The code for winevdm (Win16 layer implementation) traces it's existance back to the days before windows 95 (!)
It implements a function called WOWCallback16Ex which executes 16-bit code passed in an array parameter. Normally you can't do stuff like that in linux, but winevdm uses the special features of 32-bit x86 processors to put the process in vm86 mode where you can do pretty much anything.
This was used to implement a lot of the callbacks in Wine's 16-bit GDI layer... support for 16-bit printer dr
Re:I don't think many people too Gibson seriously. (Score:2)
You've never had a security flaw in your code? It's an *accident*, the same as when the postman falls over and breaks your parcel. Oh wait, I forget, in America there's always someone to sue.
SomeONE? (Score:2)
the mailman sues his employers, for putting him in harms way
the manufacturer of his footwear, for it not being slip resistant enough
the manufacturer of his mailbag, for a capacity spec that allowed him to get so top heavy/off center
you, for shipping/recieving dangerous goods that did not break his fall- and gave him a nasty bruise an emotional disturbance.
the people who witnessed the event all sue the above, plus the mailman, for emotional disturbance
the USPS sues all t
Re:I don't think many people too Gibson seriously. (Score:2)
So who shares responsibility with MS over accidents? No one. There's no one else to blame. As mentioned before, MS is responsible for its code, so it shoulders sole blame for accidents in its code. Not "some" of the blame. All of it.
Having said that, shouldering the sole blame for a bug seems pretty minor. MS relea
Re:I don't think many people too Gibson seriously. (Score:2)
That's the point. It's "some blame" because there isn't much blame, not because it's only a small point of the blame. Wheras if it were a deliberate back door, MS would deserve a lot of blame.
Re:I don't think many people too Gibson seriously. (Score:2)
Comment removed (Score:5, Insightful)
Re:I don't think many people too Gibson seriously. (Score:2)
No, it isn't. To believe this is a backdoor, you have to believe that people thought Windows computers were going to be hooked into a giant, international, network back in 1985-1990
I don't believe it's a backdoor, but no, you don't have to believe that the alleged WMF hacker was prescient. The WMF flaw would also have been a useful way to get a user to run malicious code on his computer. If you were an early 90's black hat and you wanted to do something nasty to a particular person's computer (to which
Re:I don't think many people too Gibson seriously. (Score:3, Insightful)
And lest everyone forget, the PostScript language includes file operation commands (reading and writing). Which of course could be use for all sorts of nastiness by overwriting various important files (.login,
Re:I don't think many people too Gibson seriously. (Score:2)
Exactly why I've been arguing against it being an "intentional backdoor":
The internet as a popular medium didn't yet exist, and networking meant Novell, Lantastic, or mainframes, with DOS-only workstations.
Not only that, but WMF was
Re: (Score:3, Insightful)
Re:I don't think many people too Gibson seriously. (Score:2)
Re:I don't think many people too Gibson seriously. (Score:2)
You may want to read this article [abc.net.au] next time you fill up your bucket with tar and start stripping the feather dusters. Throwing blame around doesn't help anyone, and only shows your own bias.
Re:I don't think many people too Gibson seriously. (Score:2)
There are really two issues here. One is that the WMF spec allows for executing code stored within a WMF file and secondly, the fact that an illegally constructed WMF file( bad lengt
WINE does NOT have flaw found by Steve Gibson (Score:2)
So while the WINE people implemented Microsofts WMF Spec correctly, it appears they did NOT follow Microsofts practice of allowing an invalid WMF file to continue on and implement/execute the SetAbortProc vulnerability.
LoB
Re:WINE does NOT have flaw found by Steve Gibson (Score:2)
http://www.grc.com/x/news.exe?cmd=article&group=g
Re:WINE does NOT have flaw found by Steve Gibson (Score:2)
Re:WINE does NOT have flaw found by Steve Gibson (Score:2)
Re:WINE does NOT have flaw found by Steve Gibson (Score:2)
it first sets the varible 'size' to the size of the METAHEADER structure, allocates some memory before it reads that many bytes of the MWF file:
Re: (Score:2)
Re:I don't think many people too Gibson seriously. (Score:2, Informative)
It takes time to look trough 35 milion (Windows 2000) - 40 milion (Windows XP) lines of code...even for a big company.
Slightly off topic but I was plesantly supprised to see that in Visual Studio 2005 (probably where there already in VS 2003 but I've never used that one) most of the offending runtime functions (memcpy, strcpy etc) have been marked deprecated and replaced
Re:I don't think many people too Gibson seriously. (Score:2)
--
Krazy Kat [ignatzmouse.net]
Re:I don't think many people too Gibson seriously. (Score:2)
revision 1.12
date: 2006-01-06 20:52:46 +0000; author: julliard; state: Exp; lines: +7 -0
Marcus Meissner
gdi: Filter GETSCALINGFACTOR and SETABORTDOC proc in metafile
Escapes.
Re:I don't think many people too Gibson seriously. (Score:2)
I gave up listening to him when I read his conspiracy theory for S.M.A.R.T. hard drives. Gee, so S.M.A.R.T. makes his software obsolete? Sounds like a marketing tactic.
Re:I don't think many people too Gibson seriously. (Score:3, Informative)
Re:I don't think many people too Gibson seriously. (Score:2)
Seriously, it would surprise the hell out of me if the Wine's team position on this was to favor compatibility over security. If that is indeed their position, then they should be keel hauled over it.
Re:I don't think many people too Gibson seriously. (Score:3, Insightful)
Big time. He's the guy who came up with broken SYNcookies [tinyurl.com] and blathered on and on about how they were "Beautiful and Perfect". Gibson is a quack and no serious attention should be paid to his ramblings.
ride the wave (Score:5, Insightful)
i.e., I'd better hurry and get this out before nobody cares.
Back door or poor design? You can't really tell (Score:4, Informative)
if an attacker can get your computer to execute their WMF file through Internet Explorer or Outlook, for example, they can make your system execute arbitrary Windows commands, including downloading malicious applications and launching them.
My belief is that Microsoft developers decided to implement as much as the GDI function-set as possible.
In any case, its not clear that the developers envisioned applications creating on-disk metafiles with abort procedures.
Either way, it is still hard to tell why it was designed that way in the first place, maybe one of these [microsoft.com] links can tell us?
Re:Back door or poor design? You can't really tell (Score:5, Insightful)
If you want to render something postscript-like onto a screen, why not just reuse the printer code?
I can see how it happened. The original introduction of setabortproc violated separation of code and data, but it was needed for performance - and on the kind of hardware win3.1 ran on, that was vital. I suppose it shows that you should never compromise on design for the sake of performace - but in the real world, you have to. May I also point out that if the x86 had a working way to mark memory non-execute then this wouldn't be a problem.
Re:Back door or poor design? You can't really tell (Score:5, Informative)
It's quite simple:
WMF is used under the hood in lots of places in GDI. Any time GDI passes a bunch o' commands from one place to another, you'll find WMF. And as a result, WMF encapsulates almost everything you can do with GDI.
SetAbortProc is used to allow an app to display a custom "Printing Page xxx of xxx... [Cancel]" dialog to be displayed on Windows 2.0, 3.0 and 3.1, all of which are cooperatively multitasking and so need to drain their message queues on a regular basis - which they do every time that AbortProc is called.
There are even examples of this exact behavior on MSDN. It's still semi-useful under later versions of windows to be able to do this, and it's good for backwards compatibility, so it stuck around.
*Security not included. (Score:3, Insightful)
by stupidity.
Why waste time putting in a backdoor? Just ship the OS around the world and enjoy.
With an expensive scaled up consumer operating system - the operating system is the backdoor.
How dumb can you be? (Score:5, Insightful)
Re:How dumb can you be? (Score:2)
credulity is amazing (Score:2)
So, you think that M$ can and have put backdoors into your system but you still use it? Now that's dumb. Who needs conspiracies when everyone accepts their reasoning as good business practice? Here's a little refresher on what backdoors are all about.
The reasons for backdoors is so that you and your fr
Re:credulity is amazing (Score:2)
So, you think that M$ can and have put backdoors into your system
Did I say that? I can't remember saying that I think M$ has put backdoors in my system. I was just saying that they can, easily. Would they? Probably not. They would be stupid to. As with most conspiracy theories this doesn't take into the account the simple fact that in any sizable organization, CIA included, you simply cannot keep secrets for that long.
If M$ put backdoors in their systems employees leaving M$ for one reason or another,
free is easy and better. (Score:2)
Yes.
If you don't, is that because you are afraid that They have put spyware in it?
That's part one of the many disadvantages of software having owners.
Is your tin-foil hat comfortable?
Yes [debian.org], much more so than most commercial software. You should try it out sometimes. Here's a distribution [mepis.org] that autoconfigures, runs from CD, has a GUI install and comes with some commercial software, like flash and acroread, as a security b
Re:How dumb can you be? (Score:2)
Remember Apple engineers introducing Easter eggs that the company didn't know about? Same idea.
I think that it's safe to say that this really is just a bad design that never got examined by someone involved with securing software, and not an intention
Who needs a back door... (Score:3, Funny)
Steve (Score:4, Funny)
It IS Hype (Score:4, Insightful)
Re:It IS Hype (Score:3, Insightful)
Right, he codes Win32 apps in assembly. So he has the ability to dis-assemble the WMF player code and figure out what's really going on. Instead, he made a couple shallow observations and jumped immediately to a conspiracy theory.
Re:It IS Hype (Score:4, Funny)
Re:It IS Hype (Score:2)
copy con: program.com
alt-###, alt-###, alt-###...
and yes, I actually used that means to program a keylogger executable into a machine that had it's body locked in a cabinet, so only the keyboard and screen were accessable.
but real programmers use toggle switches.
The final update from Steve Gibson (Score:2, Informative)
Re:The final update from Steve Gibson (Score:2)
A backdoor is something you purposefully build into your software, like you purposefully build a back door into your house. An accidental backdoor would be like a hole in the wall. You know, a SECURITY HOLE. Steve is just making shit up as he goes along, convienently redefining words.
Gotta give props to Gibson, but... (Score:4, Insightful)
I think everyone would agree that Steve Gibson is a technically-gifted person, but we should also agree that the guy is a little wacky, just like we should also all agree that Theo De Raadt is a little hot-headed. Not that this makes Steve or Theo a bad person - quite the contrary! It's just that when they make grand pronouncements, the pronouncements should be viewed skeptically. Anybody remember the controversy over NSAKEY [wikipedia.org] a few years ago? I.e., a flurry of wild allegations over something used for code signing that no one now cares about now that it's named something less offensive (_KEY2 for those playing along at home). It's easy to get all hot-headed and worried and freaked out, but that's the antithesis of what a information security officer is supposed to do. They are supposed to stay calm and rational in times of crisis, never jumping to conclusions (because most of the time, those conclusions are worse than wrong: they are misleading). Well, I'm ranting but you get the picture.
Re:Gotta give props to Gibson, but... (Score:2)
This is where being able to see the source helps (Score:2, Insightful)
Re:This is where being able to see the source help (Score:2)
Whah whah whah whaaaaaah (Score:2, Interesting)
And this is just one example of a whole class of things that are really, seriously, terribly wrong with Windows {and for that matter, closed-source sof
Re:Whah whah whah whaaaaaah (Score:2)
If Microsoft did that, it would be a hell of a lot more difficult to debug applications. It would bring things back to the "core-dump" era where core files had to be manually inspected as opposed to just loading up the debugge
Of Course It's Not (Score:3, Insightful)
I can't believe people on the last thread actually took him seriously without looking at his past media whoring failed attempts at security analasis.
Steve Gibson [grcsucks.com] is the Bob Lazar [ufomind.com] of the security field, only wackier.
So Gibson CALLED it wrong, Microsoft GOT IT wrong (Score:2)
Now, back to who is really responsible. It's Microsoft period. Even after they claimed to have rewritten there OS's after every other release, a hole the size of Kansas was left in since the early 90's? Co
Why no check of user code? Sociology. (Score:5, Interesting)
As others have mentioned in comments I have excerpted below, the U.S. government stated clearly and for the record that it wanted access to all computers. It appears that the government got what it wanted in what I think I can show logically is the only way possible.
Mark Russinovich of SysInternals [sysinternals.com] is an extremely competent programmer. His utilities for Windows are the best available. Even Microsoft recommends using them, to supplement the limited and unfinished and flawed utilities supplied with Windows. However, Mark Russinovich is not a sociologist, so his comments may not take into account the complexities of the social issues.
The main issue seems to be, not that graphics files have the ability to execute code, but why was there inadequate testing in the code to prevent security vulnerabilities?
Here are quotes from Mark's article:
"The actual reason is lost with the original developer of the API, but my guess is that he or she was being as flexible as possible."
And: "... given a choice of believing there was malicious intent or poor design behind this implementation, I'll pick poor design. After all, there are plenty of such examples all throughout the Windows API, especially in the part of the API that has its roots in Windows 3.1. The bottom line is that I'm convinced that this behavior, while intentional, is not a secret backdoor."
Mark's perception of Microsoft's sloppiness seems correct to me. I coded a program for Windows 3.1 using the Windows 3.1 API that dialed to a bulletin board and downloaded stock quotes. I was amazed at the extreme sloppiness and bad design of the Com port API. The actual code that Microsoft shipped had the quality of code that I would expect from an overtired programmer's first draft. A rested programmer would not have been so sloppy, even in his first proof-of-concept code.
Quotes from the comments:
"Thanks for this excellent analysis! Steve Gibson certainly does not deserver to be taken seriously by anyone, but unfortunately he is
This is a reference to the fact that Gibson's language often contains a hysterical, exaggerated quality.
Another comment -- This commenter makes the point that Microsoft had hired a technically knowledgeable top manager, who would certainly demand that programmers check the security of any code that is supplied by a user:
"Q: When was this backdoor coded?
A: About 1992.
Q: How old was VMS at that time?
A: 15 years.
Q: Who directed the development of Windows NT?
A: Dave Cutler.
Q: What's Cutler's background.
A: Directed VMS at DEC.
Q: On who's watch was this security lapse ported into the Windows NT stream.
A: Presumably Cutler's.
While anything's possible, it's hard to imagine how a security lapse of this magnitude (trusting user-written code) could have made its way into VMS code.
"The point is that Stephen Toulouse's "the security landscape in the early 1990's was very different than today" is, well, self-serving. Only in MS's myoptic view is this the case."
Another comment:
"Now that I think about it, even Mark has to guess at what some coder was thinking when she wrote this, and maybe she did it intentionally. You'll never know will you? Maybe somebody's been watching all of us for years, and it ends up in some massive NSA database."
An
So, we all really believe Windows lacks a backdoor (Score:2)
So, just so that we're all on the same page...
Do we all really beleive that there's no backdoor in Windows XP?
Or just that the WMF "problem" isn't it?
Frankly, I'd be shocked if Microsoft didn't insert a backdoor into Windows somehwere. Apparently, the Chinese were woried enough about this very problem that they set up a program to look things over [com.com], and they're still looking into Windows alternatives.
Re:Always picking no Windows... its better then li (Score:2, Funny)
Re:Always picking no Windows... its better then li (Score:2, Funny)
If i wasnt a lazy slashdot junky i would actually go looking for this posting but at the end of the day the GP being the 1st post and being so long at the same time makes obvious sense that it was c&p from somewhere.
Re:I thought we covered this (Score:4, Informative)
Re: (Score:2, Insightful)
I Heart Cliches (Score:2)
I love it when cliches come to life.
To me this looks like Gibson actually stumbled on another feature in the same piece of code.
^Fixed that for ya^
Re:Not convincing (Score:3, Insightful)
Kool-aid, how about you taking off the tin-foil hat and come back to reality. FYI there was an article posted here that said they don't help at all.
Re:I don't buy the explaination (Score:3, Insightful)
Where he is wrong is his assertion that MS saw any reason to put the AbortProc into WMF files. The fact that they work at all is entirely by accident, nobody went and typed in any code that is executed only for making AbortProc run from the file.
What happened is they had an interface of a few hundred calls to print and control printers. They wanted three things: for the calls to work, for the same calls to wr
Re:I don't buy the explaination (Score:2)
Also the code really is in the file, not a pointer. The file parser likely does something like this:
int code = readchar();
int length = readint();
void* pointer = get_pointer_to_next_byte();
advan
Re:I don't buy the explaination (Score:2)
The problem is that the SetAbortProc function had to shove a pointer to code through some api that was designed to take blocks of data. So they put the code pointer into the data pointer, and had code on the other end cast it back. Then they made a file reader that uses the same api and passes pointers to the file data in the same data pointer, never realizing that one of the possible interpretations i
Re:I don't buy the explaination (Score:2, Interesting)
He's a technical writer, not a psychologist. Why should he write about motivations. A classic adage goes, "Never attribute to malice what can be explained by stupidity". Steve jumped the gun in a BIG way. Microsoft's actions over time have been explained by many as being malicious. I never saw Microsoft as malicious at the coder level. Most developers at Microsoft love their jobs and could give a crap about a competitor