[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ace868f90601131237o6f9f3181y7d2ecb469252539c@mail.gmail.com>
Date: Fri Jan 13 20:37:28 2006
From: nfobro at gmail.com (eric williams)
Subject: Steve Gibson smokes crack?
On 1/13/06, Jason Coombs <jasonc@...ence.org> wrote:
> Stan Bubrouski wrote:
> > Ordinarily I'd argue, but its hard to when we find out Microsoft knew
> > about the bug for a long time and made a concious decision not to
> > patch it even though they knew it could lead to a system compromise.
>
> It's hard to imagine anything other than conscious and willful
> preservation of known backdoors in Windows as an explanation for
> Microsoft's refusal to enable Windows Firewall by default until XP SP2.
>
While I agree with that fundamentally, there is one more point to
stress and that is with the architecture of the GDI and the meta-data
processor design. It seems to me that is where the 'flaw' was
introduced. That design flaw (allowing the content originator to
detemine what processing would take place when a render operation was
aborted) is what led down this path. Those decisions, imho, were made
well before Windows 9x even, so I think there may be some merit to
saying it "was known". I don't know tho' it "was known" means "was
known to be exploitable", per se.
-e
> Microsoft knew for years, if not from the very start, that all Windows
> boxes were by design exposing backdoors on the network, yet they did
> nothing to remedy the situation nor alert any customer to the risk.
>
> This smells to me like a whole slew of intentional backdoors, and I
> don't smoke anything.
>
> Regards,
>
> Jason Coombs
> jasonc@...ence.org
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Powered by blists - more mailing lists