lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri Jan 13 20:37:28 2006
From: nfobro at gmail.com (eric williams)
Subject: Steve Gibson smokes crack?

On 1/13/06, Jason Coombs <jasonc@...ence.org> wrote:
> Stan Bubrouski wrote:
> > Ordinarily I'd argue, but its hard to when we find out Microsoft knew
> > about the bug for a long time and made a concious decision not to
> > patch it even though they knew it could lead to a system compromise.
>
> It's hard to imagine anything other than conscious and willful
> preservation of known backdoors in Windows as an explanation for
> Microsoft's refusal to enable Windows Firewall by default until XP SP2.
>

While I agree with that fundamentally, there is one more point to
stress and that is with the architecture of the GDI and the meta-data
processor design.  It seems to me that is where the 'flaw' was
introduced.  That design flaw (allowing the content originator to
detemine what processing would take place when a render operation was
aborted) is what led down this path.  Those decisions, imho, were made
well before Windows 9x even, so I think there may be some merit to
saying it "was known".  I don't know tho' it "was known" means "was
known to be exploitable", per se.


-e

> Microsoft knew for years, if not from the very start, that all Windows
> boxes were by design exposing backdoors on the network, yet they did
> nothing to remedy the situation nor alert any customer to the risk.
>
> This smells to me like a whole slew of intentional backdoors, and I
> don't smoke anything.
>
> Regards,
>
> Jason Coombs
> jasonc@...ence.org
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ