[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fsfe-uk] Windows WMF exploit intentional?
From: |
Kevin Donnelly |
Subject: |
Re: [Fsfe-uk] Windows WMF exploit intentional? |
Date: |
Sat, 14 Jan 2006 21:28:08 +0000 |
User-agent: |
KMail/1.8 |
On Saturday 14 January 2006 20:20, Chris Croughton wrote:
> On Sat, Jan 14, 2006 at 04:09:07PM +0000, Kevin Donnelly wrote:
> > Steve Gibson is speculating that the recent Microsoft Windows WMF bug was
> > intentionally put in the code by someone at Microsoft as a back-door:
> > http://www.grc.com/sn/SN-022.htm
> > I have no idea how well-founded his speculation is,
>
> Not at all from what I've heard, it was put in as a way to close down
> printing in the middle of a job because MSDOS (and Windows on top of it)
> weren't intelligent enough. Yes, it was a "back door" of a sort, but so
> was almost everything in those days.
Hmm. His take is that there is simply no reason for that printabort to be
included in a WMF, and the odd behaviour is only triggered when you send a
*specific* unexpected value to it. I
> > but it has him saying that an operating system whose source is open
> > would allow users to check that there is nothing untoward in the code
> > ....
>
> Users? No chance at all. Users wouldn't know a back door if it shut in
> their face. Other programmers? Possibly, if they bothered to search it
> that far, but you only have to look at how many vunerabilities are still
> slipping through open software to see that merely being open doesn't
> mean that programmers will find the holes.
Programmers are users too, of course. I think his point is that it is easier
to identify the vulnerabilities, rather than suggesting that there will be
none.
> Yes, being open has some advantages, and more people /can/ look at it,
> but who has the time? How many Linux users have looked at any of the
> kernel source code at all, let alone the applications?
Very few, I'd have thought. But it's nice to know I could do if the mood were
ever to take me ...
--
Pob hwyl / Best wishes
Kevin Donnelly
www.kyfieithu.co.uk - KDE yn Gymraeg
www.rhedadur.org.uk - Rhedeg berfau Cymraeg
www.cymrux.org.uk - Linux Cymraeg ar un CD