SilenceGold
Premium
join:2003-07-31
Benton, AR | grcsucks.com
I guess grcsucks.com will become popular once again. |
|
statecop
Premium
join:2002-09-16
Beverly Hills, CA
1 edit | Yeah right
Now there is a shock about Micro$soft.
Does anyone think they would do anything underhanded like that????????
/sarcasm
|
|
phantom1976
Premium
join:2001-11-08
Victoria, BC | blah
Not a shock, this guy makes so secret of that fact that he doesn't like M$ much.. Good theory though |
|
TScheisskopf
World News Trust
join:2005-02-13
Belvidere, NJ
 ·Sprint Broadband D..
| reply to statecop
Re: Yeah right
Yes, shocking indeed...
Wait, out there in the distance...what do I see coming this way? It looks like a herd of them, stampeding...I can almost make them out...they are getting closer...wait...wait...wait...
Oh, it's just the usual M$ astroturfers and apologists. We've seen their act before. |
|
anon7007
@rr.com
| Figures
This isn't the only intentional backdoor Microsoft has put in their products. But whenever they are discovered then Microsoft has some lame exuse, or pretends its a bug.
Its like when Microsoft created their hidden and locked "index.dat" file, that records every website you have ever visted since installing WindowsXP, and serves no other purpose. And can only be removed by using 3rd party programs capable of overwriting locked files at bootup. |
|
liquidnw
join:2005-06-05
Bronx, NY
| Tired
Its getting really old and tired with every new conspiracy theory. Its amazing didn't quicktime just have a similar flaw where if you tried to play a quicktime file. Which was a hole on both apple & ms platforms? Wheres the conspiracy theory there? Sometimes its amazing the hatred people have. |
|
SND2005
Premium
join:2001-09-15
Im Over Here | reply to SilenceGold
Re: grcsucks.com
Great, the alleged security expert has spoken again... |
|
ronpin
Imagine Reality
join:2002-12-06
Nirvana
 ·AT&T Southwest
| reply to TScheisskopf
CALEA
Can you say CALEA?
The 2000 DOJ settlement with MS could have very easily included a secret agreement to implement a CALEA compliant backdoor -- aka rootkit. What choice would Gates have really had?
--
"...lacking a [U.S.] military option, that leaves only a diplomatic option..."(Andrea Mitchell CNBC's Hardball 1/12/06 on Iran nuke buildup) |
|
TScheisskopf
World News Trust
join:2005-02-13
Belvidere, NJ
·Sprint Broadband D..
| said by ronpin  :Can you say CALEA? The 2000 DOJ settlement with MS could have very easily included a secret agreement to implement a CALEA compliant backdoor -- aka rootkit. What choice would Gates have really had? Good snag. The possibility of that blew right by me. |
|
RadioDoc
58ef2c0
Premium,ExMod 2000-03
join:2000-05-11 | Gibson
is still relevant? |
|
BillRoland
Premium
join:2001-01-21
Ocala, FL
clubs:
 ·Cox HSI
| Gibson Strikes Again
Why anybody still listens to Steve Gibson or pays any attention to his Chicken Little antics is beyond me. At best he's worthy of being elected king of the tin foil hat wearing club, at worst, he uses things like for self promotion. Either way, he isn't worth listening to. Remember this is the same guy who preached the end of the world draweth nye with UPnP.
--
"Don't steal. The government hates competition." |
|
Fatal Vector
join:2005-11-26
| Well now
Not that what Steve Gibson says would surprise me. Hackers apparently do love their back doors and I dont find it very far fetched that Microsoft would want a way to get into the os built into it so they could muck around and change your settings. Hell, you ever notice how windows seems to "forget" some of your settings from time to time? Particularly when you run some of their stuff?
For example, when you change file associations in media player, you find that the other associations that you DIDN'T change are suddenly back at their defaults, sometimes EVEN IF YOU DIDN"T CHANGE ANYTHING. It appears you only have to open the tab to have it happen.
I found this out because I use Mplayer2 (a basic player contained in the program files\media player directory) to run MP3's and WAV's because you can have multiple instances of the player running at the same time. It makes a great mixer for a number of things.
No, I think that Gibson is likely right. I've found the man to be knowledgeable and trustable and I dont see why he'd just go off half cocked and say such a thing judt for the hell of it. It also makes sense in light of the way Microsof jumped right on it (which is ENTIRELY unlike them) and issued a "patch" that, so Gibson says, takes the "Vulnerability" out completely. |
|
rideboarder
welcome to the social
Premium
join:2003-07-28
Snohomish, WA
clubs: | I think...
That I should start selling Tinfoil hats. I'm sure they would sell extremely well to people like that. |
|
DaDogs
Semper Vigilantis
Premium
join:2004-02-28
Deltaville, VA
| Hmm. Yep...
Leo: "The NSA wouldn't put this in because they couldn't gaurantee access to any computer."
Da Dogs: BAWHAHAHAHAHAHAHAHHHHHHAHAHAHAHAH OMG I AM DYING HERE.
Gibson: "When was this installed in windows?"
Da Dogs: September the thirteenth? DUH.
The question is WHY are we finding out about it now.
The answer is We don't need it anymore.
DUH.
--
Ooh measuring dicks with a guy over 30 years your junior, and berating me because I haven't served, as if it actually matters? Said by Tiger72. |
|
yabos
join:2003-02-16
Ingersoll, ON
| reply to BillRoland
Re: Gibson Strikes Again
I don't know if all you criticizers read the actual accusations but what he says makes a lot of sense. The thing is that the Microsoft code allows execution of your own code in a meta file if you know the specific setting in the meta file to get it to do it.
Basically all the metafile is is a list of records that Windows should interpret, not execute. If you set the metafile with a special size for a record you can tell it to execute code contained in the meta file. This isn't anything that you'd expect that a meta file should be able to do so it seems that someone had to specifically code it this way.
The process is complex enough that it can't just be a small programming error, it had to have been written that way on purpose. |
|
Fatal Vector
join:2005-11-26
| reply to BillRoland
"Why anybody still listens to Steve Gibson or pays any attention to his Chicken Little antics is beyond me. At best he's worthy of being elected king of the tin foil hat wearing club, at worst, he uses things like for self promotion. Either way, he isn't worth listening to. Remember this is the same guy who preached the end of the world draweth nye with UPnP."
Did he really? Could have fooled me. I've read the mans site and what he says makes perfectly logical sense. It is your privlege to characterize it as preaching the end of the world about UPnP if you like, but I and many others dont see it quite like that.
What I saw is the man pointing out a vulnerability that can be exploited, and we all know that if it can be exploited, someone will. Actually, the man is right. UPnP as well as other servers, etc should NOT be active by default on a fresh installation of windows. They should only be active if the user activates them. People who are clueless will not activate them thereby cutting down on the trash on the internet by default. It is esactly this behavior, along with crummy, bug filled code on Microsofts behalf, that has caused the rise of bot "fleets", etc. |
|
Asmodeus
join:2004-05-26
Spring Valley, CA | i h4x0r3d the gibs0n!!!
my shields are up, bitch!!! |
|
bjbrock
join:2002-10-28
Mcalester, OK | Not even surprised.
I believe Microsoft has gotten off easy in their anti-trust suit because they agreed to prived ways for the feds to get into your PC.
I would bet everything I own that MS has more back doors in their OS's. |
|
bjbrock
join:2002-10-28
Mcalester, OK | not surprised
Think of the foreign countries and the user that the feds could get to. Not just this country.
Cloak and dagger? Maybe. But very possible. |
|
tech_head001
|  Ostriches call non Ostriches Chicken Little
From the turnaround in MS reports on the scope and nature of the threat across the platforms it seems logical the alleged intentional nature of the vulnerability could easily have been introduced by a MS programmer being blackmailed or bribed by organised crime syndicate or international intelligence agency foreign or home grown to sneak in a simple backdoor. MS management may have been totally ignorant until the before and after source code files were examined.
I view people that scoff and deride those that reveal the security flaws that others are complacent about... are either morons or are people that are upset that they can't exploit the exposed vulnerabilities as easily anymore. |
|
