SpannerITWks
Premium
join:2005-04-22
1 edit | - - > MS Metafile Backdoor !!! - -
This is potentially SO Important, that i feel it deserves it's own dedicated thread.
Looks like ALL versions of Windows from 2000 onwards contain this Secret Backdoor. So says Steve Gibson -
»media.grc.com/sn/SN-022-lq.mp3 = 4.8 MB
»media.grc.com/sn/SN-022.mp3 = 19 MB
Now you know why MS did the recent sneaky Update, that installed Directly WITHOUT your permission, even when requesting it not to ! To try and get rid of the evidence.
WOW this is BIG stuff !!!
The S**t is Really gonna hit the fan over this one.
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas | I'm confused, but regarding the automagic install, it did not happen to me. |
|
SUMware
Premium
join:2002-05-21
4 edits | reply to SpannerITWks
Just listened to the entire podcast. Thanks for posting the links.
If this can be independently verified...
Whoa!!! Shattering.
Bottom line - Gibson claims Microsoft Windows OS was intentionally backdoored from at least Win2K forward.
That the WMF 'vulnerability' was actually the route to the backdoor that was accidently discovered. And MS attempted to cover it up by 'fixing' the vulnerability. In other words by erasing the backdoor access.
Listen to it for yourself. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·RoadRunner Cable
 ·Clearwire Wireless
| reply to redxii
said by redxii  :I'm confused, but regarding the automagic install, it did not happen to me. Well it did happen to some anonymous user.  /:D
--
Hawaiian Electric:"How may we dick you today?" |
|
antiserious
The Future ain't what it used to be
Premium
join:2001-12-12
Scranton, PA
| reply to SpannerITWks
... I'll be anxiously waiting to see if other people can confirm these findings ... on the face of it, this sounds bad (although I'm not completely surprised that something like this can exist) ...
... and people were skeptical when the idea of backdoors in firewalls was brought up ...
--
... "Do You Know Where Your Towel Is ?" ... |
|
redxii
too big to fail
Premium,Mod
join:2001-02-26
Texas
Host:
/dev/null
Broadband Tweaks
Suddenlink
ISDN
Fiber Optic
2 edits | I listened to it, and it is nothing but speculation. I'm not twisting my panties or losing sleep (or installing another OS that can't do what I want it to do for that matter) over speculation or wondering why I am the only person to never experience the automagic install. |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12 | reply to SpannerITWks
I can't help but wonder if this is just anti-Microsoft paranoia gone to seed but it will be interesting to see what comes of it. |
|
Marilla
I Am My Own Arbiter
Premium
join:2002-12-06
Belpre, OH
| reply to redxii
said by redxii :...wondering why I am the only person to never experience the automagic install... Funny.. I bet there are a lot of people who are the 'only' person not to have experienced it. 
This would certainly be interesting if true, but otherwise it's just another big Anti-Microsoft-Conspiracy-Theory Yawnfest. I wouldn't get too 'anxious' waiting for more on this.
--
I am the sole arbiter of what is important enough to spend my time on - not anyone else here, or anywhere else. You take care of yourself, and leave me to me, got it? |
|
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
| said by Marilla : ...it's just another big Anti-Microsoft-Conspiracy-Theory Yawnfest. LOL! 
--
Think outside the Fox... Opera |
|
SpannerITWks
Premium
join:2005-04-22
| reply to SpannerITWks
Yes some people DID actually get an Unannounced " patch " install from MS, and posted about it on several forums that i saw, including here.
It could depend on the OS and PC + Browser settings etc, as well as other things, as to why some did and others didn't.
I bet the REAL reason why they delivered the patch days earlier than they were going to, was to try and cover their tracks, and try and lose the back door before it became public knowlegde !
Musn't forget to mention Charles770 who reminded me to recheck grc for this weeks podcast on the link.
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks/SpannerITWks |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by SpannerITWks :Yes some people DID actually get an Unannounced " patch " install from MS, and posted about it on several forums that i saw, including here. It's much more likely that the users in question were simply confused about their own configurations than it is that Microsoft has somehow done stealth installs. I've seen fairly in-depth looking into this, and it's not turned out to be anything.I bet the REAL reason why they delivered the patch days earlier than they were going to, was to try and cover their tracks, and try and lose the back door before it became public knowlegde ! I think this is likely: Microsoft was probably betting on the fact that nobody will be able to perform a low-level diff against the two versions because they managed to get the old ones completely out of circulation before anybody was looking.
It's not that hard to secretly update every Windows machine on the planet overnight, right?
Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site |
|
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England | reply to SpannerITWks
"The sky is falling down!" said Spanner.  |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by John2g :"The sky is falling down!" said Spanner. "My tinfoil is oxidizing" said Spanner.
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site |
|
SpannerITWks
Premium
join:2005-04-22
| reply to SpannerITWks
Hey it's real easy, well only if people arn't lazy of course, just listen to the Whole PodCast. Then and ONLY then can people make any comment of value on his findings !
We'll soon see if he's right, and those that havn't even listened to it ALL, or any of it, will have some explaining to do about dissing it out of hand.
If it is true as it sure sounds like it is from the mp3, then is HUGE, can't some people realise that.
1 is the MAGIC number. If you havn't heard the PodCast then you won't understand it !
I always thought OT remarks wern't allowed on here. Now i know it appears it is OK. Well as long as we all know, now can ALL make em whenever we like then, whoopee ! Hmmm lemme fink ......
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks/SpannerITWks |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12
|  reply to Steve
Steve I would love to hear what you can say about this from a purely technical point of view. Proving Gibson wrong could put some minds at ease and stop another asinine MS bash fest before it gets started.
--
Get hpHOSTS! Member ASAP
Paranoia is no substitute for understanding. |
|
kfgjhfjf
@telus.net | reply to SpannerITWks
im really not going to risk opening your files im so scared |
|
kfgjhfjf
@telus.net | reply to SpannerITWks
is there a link to a site ?
sorry posting twice |
|
kfgjhfjf
@telus.net | reply to SpannerITWks
»www.grc.com/SecurityNow.htm#22
found it |
|
SpannerITWks
Premium
join:2005-04-22
1 edit | reply to SpannerITWks
Anybody else DL'd and tried the GRC Windows MetaFile Backdoor research and vulnerability utility, KnockKnock.exe File Version 0.1.2204.0
I just did from the " official " www - »www.grc.com/sn/notes-022.htm - and got this -
Hello ?
He's got a whole new page devoted to exposing this BD. Keep checking for updates - »www.grc.com/wmf/wmf.htm
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw
| reply to SpannerITWks
This is Steve G doing what Steve G does best, hype. I even checked to see if the stock prices of Alcoa had gone up, but I'm betting they will shortly as this gets going.
Think about this for just a couple of seconds and Steve G the so called developer should know this. In a program of many millions of lines of code, what are the chances of there being an exploitable vulnerability? So why explicitly code a back door, what would the benefit be? As a back door this one sucks as it involves having the user perform some function. Second using a graphic file on a web site isn't a good way to hide your backdoor, as it is easily obtainable without exploitation (how a lot of us collected samples of this to start with). This is nothing more then a design flaw from a bygone computing era, where the focus was on functionality and flexibility and all computer users were assumed to be good.
Frankly I'm not sure I agree that Microsoft's rush to get this patch out was needed. I would think with Microsoft's HoneyMonkey they knew pretty well just how wide spread the malicious files were and certainly some of the sites that I saw that were infected, the WMF exploit wouldn't have been my top concern with users going there (I didn't know people could do things like that). Most of the AV guys caught on pretty quickly even if it did show some chinks in their game plan (what do you mean you don't by default scan wmf files). Now I have Steve G and his latest conspiracy theory. I guess if you keep screaming the sky is falling that maybe one day you just might fluke out and be right, but then again its more likely you'll just keep screaming.
Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel |
|
