 
SilenceGold
Premium
join:2003-07-31
Benton, AR | grcsucks.com I guess grcsucks.com will become popular once again. | |
|
 | 
SND2005
Premium
join:2001-09-15
Im Over Here | Re: grcsucks.com Great, the alleged security expert has spoken again... | |
|
| Techie714
join:2005-08-02
Anaheim, CA
 ·ViaTalk
| said by SilenceGold  :I guess grcsucks.com will become popular once again. Steve Gibson is highly respected in the security field. He may be incorrect on this issue but it's obvious that your statement is flawed and ignorant. =) | |
|
| | 
a person
@comcast.net | Re: grcsucks.com Remember its not Bugg Its an Undocument hidden Feature from Micro$haft! | |
|
| | 
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
1 edit | said by Techie714 :Steve Gibson is highly respected in the security field. He may be incorrect on this issue but it's obvious that your statement is flawed and ignorant. =) When Gibson learns to take a step back and report what he's found and not what he wants everyone to think he's found we can go back to pretending he's a highly respected member of the security community that actually matters.
First and foremost Gibson is a salesman. His product are subscriptions to the Gibson fan club. The only good thing about it is that he seems to be more happy with your love and admiration than he is with your money.
--
The downfall of society will be brought about by those that think thier rear bumper is an appropriate forum for political debate. | |
|
| | 
kamm
join:2001-02-14
Brooklyn, NY
 ·T-Mobile US
| said by Techie714 :said by SilenceGold :I guess grcsucks.com will become popular once again. Steve Gibson is highly respected in the security field. Is he?
He may be incorrect on this issue but it's obvious that your statement is flawed and ignorant. =)
Is it? | |
|
| |
SilenceGold
Premium
join:2003-07-31
Benton, AR | I invite you to show me a list of well known security experts that provides respects to Steve Gibson and praises him for his work. | |
|
| 
AnonProxy
Proxy of Anon
Premium
join:2001-05-12
ß | Steve is an idiot
EOT | |
|
statecop
Premium
join:2002-09-16
Beverly Hills, CA
1 edit | Yeah right
Now there is a shock about Micro$soft.
Does anyone think they would do anything underhanded like that????????
/sarcasm
| |
|
| 
TScheisskopf
World News Trust
join:2005-02-13
Belvidere, NJ
·Sprint Broadband D..
| Re: Yeah right Yes, shocking indeed...
Wait, out there in the distance...what do I see coming this way? It looks like a herd of them, stampeding...I can almost make them out...they are getting closer...wait...wait...wait...
Oh, it's just the usual M$ astroturfers and apologists. We've seen their act before. | |
|
| | 
ronpin
Imagine Reality
join:2002-12-06
Nirvana
 ·AT&T Southwest
| CALEA Can you say CALEA?
The 2000 DOJ settlement with MS could have very easily included a secret agreement to implement a CALEA compliant backdoor -- aka rootkit. What choice would Gates have really had?
--
"...lacking a [U.S.] military option, that leaves only a diplomatic option..."(Andrea Mitchell CNBC's Hardball 1/12/06 on Iran nuke buildup) | |
|
| | |
TScheisskopf
World News Trust
join:2005-02-13
Belvidere, NJ
·Sprint Broadband D..
| Re: CALEA said by ronpin :Can you say CALEA? The 2000 DOJ settlement with MS could have very easily included a secret agreement to implement a CALEA compliant backdoor -- aka rootkit. What choice would Gates have really had? Good snag. The possibility of that blew right by me. | |
|
| | | jester121
Premium
join:2003-08-09
Lake Zurich, IL | Except that this flaw goes back to Windows versions prior to 2000... good thinking, though. | |
|
| 
Phil
Rojo Sol
Premium
join:2001-06-11
Camarillo, CA | "Microsoft is the devil!" | |
|
phantom1976
Premium
join:2001-11-08
Victoria, BC | blah Not a shock, this guy makes so secret of that fact that he doesn't like M$ much.. Good theory though | |
|
| 
CPM
join:2001-08-24
Miami, FL | Re: blah This guy has always been pro mictosoft. You are are wrong about that. | |
|
anon7007
@rr.com
| Figures This isn't the only intentional backdoor Microsoft has put in their products. But whenever they are discovered then Microsoft has some lame exuse, or pretends its a bug.
Its like when Microsoft created their hidden and locked "index.dat" file, that records every website you have ever visted since installing WindowsXP, and serves no other purpose. And can only be removed by using 3rd party programs capable of overwriting locked files at bootup. | |
|
| 
toadlife
Premium
join:2004-05-03
Lemoore, CA
·AT&T Yahoo
| Re: Figures said by anon7007 :
Its like when Microsoft created their hidden and locked "index.dat" file, that records every website you have ever visted since installing WindowsXP, and serves no other purpose. And can only be removed by using 3rd party programs capable of overwriting locked files at bootup.
Where did you hear this crap? Those file are easily removed, and when you clear them, the file stays but the contents of them *are* removed.
--
Security is a process, not a Penquin. | |
|
| |
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
| Re: Figures said by toadlife :Where did you hear this crap? I seem to remember the index.dat issue being discussed by Gibson at some point. If I remember correctly there was an issue where IE lost track of stuff in it's cache such that when you told it to clear the cache some files and info located in index.dat weren't cleared; someone opened index.dat in a text editor after they had cleared the cache, saw the URL of a site they had visited and went "OMGWTFBBQ WINDOWS IS SPYING ON ME!!!111". I believe the issue only existed on Win9X.
But this is a perfect example of the type of "security conscious individuals" Gibson churns out...people with a little bit of knowledge and the suggestion of a conspiracy theory such that no one can tell them otherwise.
--
The downfall of society will be brought about by those that think thier rear bumper is an appropriate forum for political debate. | |
|
| | | 
packetscan
Premium
join:2004-10-19
Bridgeport, CT
clubs:
 ·Optimum Online
| Re: Figures Windows XP SP2 as patched as patched can be.
The issue of index.dat not clearing is still existent. Sadly enough it's these little "things" that create niche markets for software tools like identity "erasers" and others.
Office Also Contains such "Features" Cineaware Software the makers of well know application excel fix. And you can't forget Ontrack Outlook Pst Repair Utility.
If you are concerned about your privacy and your computer is in an open setting at home or school you need to have other tools to help clean these types of features err bugs like clearing the index.dat file.
--
Who do you want to pay off today? | |
|
| dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
 ·Verizon FIOS
| said by anon7007 :
Its like when Microsoft created their hidden and locked "index.dat" file, that records every website you have ever visted since installing WindowsXP, and serves no other purpose. And can only be removed by using 3rd party programs capable of overwriting locked files at bootup.
You understand that
1) Anyone can create 'hidden' files using Microsoft-provided programmer documentation?
2) Any file that is open by a long-running process will be 'locked' against deletion unless the program explicitly permits it? And, again, this is trivial programming.
3) Anyone understanding point #2 can tell you how to delete the file without rebooting? | |
|
liquidnw
join:2005-06-05
Bronx, NY
| Tired Its getting really old and tired with every new conspiracy theory. Its amazing didn't quicktime just have a similar flaw where if you tried to play a quicktime file. Which was a hole on both apple & ms platforms? Wheres the conspiracy theory there? Sometimes its amazing the hatred people have. | |
|
RadioDoc
58ef2c0
Premium,ExMod 2000-03
join:2000-05-11 | Gibson is still relevant? | |
|
BillRoland
Premium
join:2001-01-21
Ocala, FL
clubs:
·Cox HSI
| Gibson Strikes Again Why anybody still listens to Steve Gibson or pays any attention to his Chicken Little antics is beyond me. At best he's worthy of being elected king of the tin foil hat wearing club, at worst, he uses things like for self promotion. Either way, he isn't worth listening to. Remember this is the same guy who preached the end of the world draweth nye with UPnP.
--
"Don't steal. The government hates competition." | |
|
| yabos
join:2003-02-16
Ingersoll, ON
| Re: Gibson Strikes Again I don't know if all you criticizers read the actual accusations but what he says makes a lot of sense. The thing is that the Microsoft code allows execution of your own code in a meta file if you know the specific setting in the meta file to get it to do it.
Basically all the metafile is is a list of records that Windows should interpret, not execute. If you set the metafile with a special size for a record you can tell it to execute code contained in the meta file. This isn't anything that you'd expect that a meta file should be able to do so it seems that someone had to specifically code it this way.
The process is complex enough that it can't just be a small programming error, it had to have been written that way on purpose. | |
|
| 
Fatal Vector
join:2005-11-26
| "Why anybody still listens to Steve Gibson or pays any attention to his Chicken Little antics is beyond me. At best he's worthy of being elected king of the tin foil hat wearing club, at worst, he uses things like for self promotion. Either way, he isn't worth listening to. Remember this is the same guy who preached the end of the world draweth nye with UPnP."
Did he really? Could have fooled me. I've read the mans site and what he says makes perfectly logical sense. It is your privlege to characterize it as preaching the end of the world about UPnP if you like, but I and many others dont see it quite like that.
What I saw is the man pointing out a vulnerability that can be exploited, and we all know that if it can be exploited, someone will. Actually, the man is right. UPnP as well as other servers, etc should NOT be active by default on a fresh installation of windows. They should only be active if the user activates them. People who are clueless will not activate them thereby cutting down on the trash on the internet by default. It is esactly this behavior, along with crummy, bug filled code on Microsofts behalf, that has caused the rise of bot "fleets", etc. | |
|
| |
BillRoland
Premium
join:2001-01-21
Ocala, FL
clubs:
·Cox HSI
| Re: Gibson Strikes Again The answer is here: »blogs.technet.com/msrc/archive/2···431.aspx
Thats really the end of the discussion. Nobody is debating that the SetAbortProc function was coded in there on purpose. It served a real, useful function. What is being debated, is whether or not this is a intentional "backdoor." Clearly it isn't. Steve Gibson claimed UPnP was the end of the world as we know it. The sun still came up this morning. Raw Sockets were the end of the world as we know it. The sun still came up this morning. Now this load of crap? Call me crazy, but to me, Steve Gibson is like a flak gun: he just fires as much as he can into the sky, and he's bound to hit something every now and then, but that doesn't exactly mean his aim is sharpshooter good.
The sad part is that I don't doubt that Steve Gibson is a smart guy. He COULD do a lot more for the cause of security by not pulling these kinds of antics. Because when you cry wolf, after a while nobody will believe you when you actually do see a wolf.
--
"Don't steal. The government hates competition." | |
|
| 
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA | Security analyst Steve Gibson...
That was enough for me. Yawn! 
--
Think outside the Fox... Opera | |
|
Fatal Vector
join:2005-11-26
| Well now
Not that what Steve Gibson says would surprise me. Hackers apparently do love their back doors and I dont find it very far fetched that Microsoft would want a way to get into the os built into it so they could muck around and change your settings. Hell, you ever notice how windows seems to "forget" some of your settings from time to time? Particularly when you run some of their stuff?
For example, when you change file associations in media player, you find that the other associations that you DIDN'T change are suddenly back at their defaults, sometimes EVEN IF YOU DIDN"T CHANGE ANYTHING. It appears you only have to open the tab to have it happen.
I found this out because I use Mplayer2 (a basic player contained in the program files\media player directory) to run MP3's and WAV's because you can have multiple instances of the player running at the same time. It makes a great mixer for a number of things.
No, I think that Gibson is likely right. I've found the man to be knowledgeable and trustable and I dont see why he'd just go off half cocked and say such a thing judt for the hell of it. It also makes sense in light of the way Microsof jumped right on it (which is ENTIRELY unlike them) and issued a "patch" that, so Gibson says, takes the "Vulnerability" out completely. | |
|
|
AnonProxy
Proxy of Anon
Premium
join:2001-05-12
ß | Re: Well now AYRTS? | |
|
rideboarder
welcome to the social
Premium
join:2003-07-28
Snohomish, WA
clubs: | I think... That I should start selling Tinfoil hats. I'm sure they would sell extremely well to people like that. | |
|
DaDogs
Semper Vigilantis
Premium
join:2004-02-28
Deltaville, VA
| Hmm. Yep... Leo: "The NSA wouldn't put this in because they couldn't gaurantee access to any computer."
Da Dogs: BAWHAHAHAHAHAHAHAHHHHHHAHAHAHAHAH OMG I AM DYING HERE.
Gibson: "When was this installed in windows?"
Da Dogs: September the thirteenth? DUH.
The question is WHY are we finding out about it now.
The answer is We don't need it anymore.
DUH.
--
Ooh measuring dicks with a guy over 30 years your junior, and berating me because I haven't served, as if it actually matters? Said by Tiger72. | |
|
Asmodeus
join:2004-05-26
Spring Valley, CA | i h4x0r3d the gibs0n!!! my shields are up, bitch!!! | |
|
|
el-pikachupacabra
@219.94.x.x | Re: i h4x0r3d the gibs0n!!! rubbers have been known to break | |
|
| | Asmodeus
join:2004-05-26
Spring Valley, CA
| Re: i h4x0r3d the gibs0n!!! said by el-pikachupacabra :rubbers have been known to break how do you think you got here...? i blame your mom for never telling me and thank goodness she didn't... | |
|
bjbrock
join:2002-10-28
Mcalester, OK | Not even surprised. I believe Microsoft has gotten off easy in their anti-trust suit because they agreed to prived ways for the feds to get into your PC.
I would bet everything I own that MS has more back doors in their OS's. | |
|
| nowshining
join:2005-08-22
Bakersfield, CA
| Re: Not even surprised. just read the site u'll see that xp and many other OS of theirs touts holes, its actually out in the open just like everything else...they tout it and tout it and do it and do it..
Shows how ignoran this society has become..u know def and blind..
All those ID thieves are ur Big Corps..Read the TOS or Terms of Service and u'll see whatever company u go to nowdays they can sell ur Credit card number, name, address, etc..and even spam u constantly... | |
|
bjbrock
join:2002-10-28
Mcalester, OK | not surprised Think of the foreign countries and the user that the feds could get to. Not just this country.
Cloak and dagger? Maybe. But very possible. | |
|
tech_head001
|  Ostriches call non Ostriches Chicken Little
I view people that scoff and deride those that reveal the security flaws that others are complacent about... are either morons or are people that are upset that they can't exploit the exposed vulnerabilities as easily anymore. | |
|
| dave
Premium,MVM
join:2000-05-04
not in ohio | Re: Ostriches call non Ostriches Chicken Little Oh cool. Now it's not just (not very effective) malice by Microsoft, it's now got the fingerprints of organized crime on it.
An excellent escalation in the story! | |
|
reub2000
Premium
join:2001-12-28
Evanston, IL
| Sounds kind of stupid! Why would Microsoft do this? Their products are already got a bad reputation for security. Their also trying to sell to foreign countries who are very suspicious about their products. Seems kind of illogical for microsoft to do something of this nature. | |
|
yuutomo
The Wonder Kitter
Premium
join:2001-08-27
Missoula, MT
·Bresnan Online
| Gibson = Security Analyst?? that's like saying....
Bush = stable economy
Hitler = Human Right Advocate
I've heard his scare tactics and schemes for years, his resume reads like a used car salesmans or someone in marketing, he's not experience or background in security, let alone computer security.
all he does is market his supposed cure-alls and all they do is nothing.
--
"The World is but a drop in the sea of time and space, and I am the current that flows through it" -Yuu Tomo (21st Century) | |
|
insomniac84
join:2002-01-03
Schererville, IN
| If it was deliberate... If this vulnerability was deliberate, there would only be one source as to why it exists. The US government. They have mandated security holes in anything networkable. Most likely Microsoft is forced to never say the government is behind it, as it would create a movement to prevent our government from putting security holes intentionally in our products that we would like to be secure.
If it's true it would probably never be known for sure, but eventually a product with a government backdoor is going to be found out and hopefully public outcry will force our government to stop making our product insecure just because they want to be able to spy on us. | |
|
|
See 10 replies to this post |
|
nowshining
join:2005-08-22
Bakersfield, CA
| AND... let me see MIcrosoft has been doing this for some time now...
I noticed when I was all upgraded on SP2 and all guess what someone hacked me..
Now i use SP1 and fixes..
I have been to porno sites and rarely and i mean rarely like once in a blue moon gotten a virus or malware..
It just goes to show u that the Virus companies write their software viruses i mean how would u know when it will come out, how long it will last, and defitely how big its gonna be..
??
its just not Microsoft doing unhidden things and no company is..
It's just how idiotic this society has become to it, they have been touting it up in ur face constantly but u don't hear it...or see it...
UR def and Blind..
Now's the time to see and hear what's been happening all along.. | |
|
Mr Anon
@172.16.x.x
| You just don't get it It doesn't matter if Gibson knows his stuff or not if whenever he says something people immediately bicker about him, what he said and his respect level. There will always be people that will look at the argument and say that he must know more than what most people do because of the opposition to just having him present his argument.
If you don't agree ust say you don't, maybe state facts why and leave it at that. Else wise no matter if you are for or aginst him you boost him up... at least in certain circles. | |
|
|
|
|
WMF Vulnerability Intentional Backdoor?