Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Steve Gibson smokes crack?
From: eric williams <nfobro () gmail com>
Date: Fri, 13 Jan 2006 15:37:15 -0500

On 1/13/06, Jason Coombs <jasonc () science org> wrote:
Stan Bubrouski wrote:
Ordinarily I'd argue, but its hard to when we find out Microsoft knew
about the bug for a long time and made a concious decision not to
patch it even though they knew it could lead to a system compromise.

It's hard to imagine anything other than conscious and willful
preservation of known backdoors in Windows as an explanation for
Microsoft's refusal to enable Windows Firewall by default until XP SP2.


While I agree with that fundamentally, there is one more point to
stress and that is with the architecture of the GDI and the meta-data
processor design.  It seems to me that is where the 'flaw' was
introduced.  That design flaw (allowing the content originator to
detemine what processing would take place when a render operation was
aborted) is what led down this path.  Those decisions, imho, were made
well before Windows 9x even, so I think there may be some merit to
saying it "was known".  I don't know tho' it "was known" means "was
known to be exploitable", per se.


-e

Microsoft knew for years, if not from the very start, that all Windows
boxes were by design exposing backdoors on the network, yet they did
nothing to remedy the situation nor alert any customer to the risk.

This smells to me like a whole slew of intentional backdoors, and I
don't smoke anything.

Regards,

Jason Coombs
jasonc () science org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]