Saturday, January 14, 2006

Speaking of Trustworthy computing....

The link in the title goes to the latest Security Now podcast with Leo Laporte and Steve Gibson. Steve releases his current information about the WMF Vulnerability. He says that the WMF exploit was a deliberate backdoor, by somebody at Microsoft, and there's no way that it was unknown. One does have to go to a website that could take advantage of the exploit though.

He came to this conclusion while trying to determine if 95, 98 and WinME were vulnerable or not to the wmf exploit, and had to come up with a file that would test the exploit in the earlier Operating Systems. Steve gets into a bit of an arcane discussion re: bits of data in wmf files, when all of a sudden he says it had to be deliberate. That woke me up! It'll be very interesting to see what happens on this issue, in the next week or so.

P.S. At first, I assumed that the MS patch had been forced on his machine, since this was so public (referring to Jack's post below).
P.P.S. I assume the fix, fixed the exploit, er backdoor?

UPDATE: 'Windows backdoor' theory causes kerfuffle |CNET

Further UPDATE: Microsoft Security Response Center Blog! : Looking at the WMF issue, how did it get there?

No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.