Posted on 01/16/2006 9:48:37 AM PST by ShadowAce
.
Perhaps but even then it is not something MS wanted to do. ANd code reviews do not always catch back doors..
 "I don't know about that. Doesn't Microsoft do code reviews of stuff they put in windows?"
I agree. The Lee Harvey Oswald theory of a lone renegade programming doesn't fly at all. You don't check out code for modification that isn't reviewed and tested to the max in an organization as large as Microsoft. I'm not saying it's a bug and therefore not intentionally done, but it took more than one person to pull this off if it is intentional. |
So make sure your next computer has a 64 bit processor and your motherboard has built-in protection against data segment execution.
The latest crop of Supermicro motherboard have this. Both AMD and Intel have suitable chips.
Indeed. One would think having a executible jump in a media file would be a flag thrown up. This is especially true IMO if the jump can only be triggered by a malformed request. If they try to claim the jump was included to conform to some specification, why not have the trigger execute a NOP instead of untrusted (and unknowable) code?
Read the whole thing, it sounds like a command. What's the last buffer overflow you saw where the system purposely spawned your injected code as another thread?
It's not. Gibbie is, as usual, full of it. Here's one commenter who notes that Gibson's assertion that the exploit can only be triggered with a record length of 1 (so therefore it *must* be intentional!!1!1!11) is complete BS.
http://it.slashdot.org/comments.pl?sid=173878&cid=14466008
I hate to be the party-pooper, but Gibson is next to worthless as a source for anything related to computer security.
Sure, he's a one man hype machine. But he also knows his low level Windows/Intel code. His explanations on this one are compelling. Having the code that inteprets WMF files do a subroutine jump directly into a metafile is clear evidence of blatant and intentional hackery. And Steve is entirely qualified to report on that matter. I've used and watched Steve's work for a decade. He is the most reliable reporter I know on such specifics.
And yes, he can be a bit of an arrogant butt head at times as well <grin>.
He is now tearing apart the code, instruction by instruction.
Likely, the record length of one detail was wrong.
What he gets from reading the actual machine instructions will be rock solid - that's how Steve works.
What he has already, the CALL EAX into the metafile (which is supposed to contain image data, not machine instructions), is seriously compelling.
Please quit slandering Gibson. I don't know your agenda here, sir, but something stinks about your postings.
Never attribute to malice that which can be adequately explained by stupidity.
very funny ...
No. Listen to him at your own risk, or take the word of folks who really know TCP/IP and systems security, e.g. the fellow who wrote nmap:
Gibson is a charlatan whose "research" is written for clueless media reporters (for press attention) and the teeming masses of internet newbies (to whom he sells various products). His "findings" are not new, are always filled with massive hyperbole, and are frequently completely false. Instead of presenting evidence to prove his points, he tends to just state them using goofy blue or green fonts as if that somehow adds credibility. We recommend avoiding this guy!http://seclists.org/lists/nmap-hackers/2001/Apr-Jun/0010.html
Sorry, but the only thing that keeps Gibbie from being an out-and-out scam artist is that he doesn't have a clue what he's talking about. Nothing personal against you, but he's absolutely worthless. You'd do better with Security Focus/Bugtraq or by spending some time at DEFCON with some real experts.
Exactly. The design was broken in the first place. You don't need anything more tinfoilish than that to understand what happened here.
My "agenda"? I should think it's fairly obvious - Steve Gibson is a fraud when it comes to computer security. And lest you think this is somehow pro-Microsoft shilling, I note with some interest that he has taken up his ridiculous "raw sockets" campaign against Linux now. The difference being that most Linux users, being somewhat more savvy than the average Windows user, will immediately recognize that the whole thing is garbage, right from the get-go. Sorry.
Just curious. What can you do against a 20,000 strong zombie DOS attack?
Gibson earned my respect with his tools since his tool to help with the infamous Zip drive "click of death." He was also one of the first people to push personal firewalls at a time when no one had ever heard of them. I have to give him the benefit of the doubt on this, but temper it with his known propensity for hype.
Obviously, if you're Steve Gibson, you rather inanely blame the whole thing on raw sockets.
That doesn't translate into any sort of expertise on network security, though. And when it comes to network security, he's pretty conclusively demonstrated that he's clueless. The guy somehow managed to take on the problem of SYN floods without managing to learn anything about the extant solutions - i.e., SYNcookies - and thereby managed to craft a totally inferior solution of his own. "Nanoprobes" are, as nearly as anyone can tell, a half-baked reinvention of nmap, and so forth. Whatever he knows/knew about disk drives, it doesn't carry over to security, unfortunately.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.