WMF Vulnerability is an Intentional Backdoor?

An anonymous reader writes "Steve Gibson alleges that the WMF vulnerability in Windows was neither a bug, nor a feature designed without security in mind, but was actually an intentionally placed backdoor. In a more detailed explanation, Gibson explains that the way SetAbortProc works in metafiles does not bear even the slightest resemblance to the way it works when used by a program while printing. Based on the information presented, it really does look like an intentional backdoor." There's a transcript available of the 'Security Now!' podcast where Gibson discusses this.

You can't Hack My Gibson

[Anonymous Coward]

You can't Hack My Gibson.

NSA

[Anonymous Coward]

Well, how else is the NSA going to fight terrorism?

Re:Another?

[dr_dank]

How about a link to information on the "other" intentional back doors that exist?

*looks at clipboard*

Ok Goatse linkers, thats your cue.

obligatory Hackers quote

[Anonymous Coward]

"Hack the Gibson!"

As Eddie Deezen would say...

[east coast]

I can't believe it, Jim. That girl's standing over there listening and you're telling him about our back doors?

You guys are so dumb, I'd go straight through Falken's Maze.

I just hope David Lightman isn't reading this... we'd only have a few days until it was all over for us...

Re:Length==1

[DaveCar]

That seems like design

Intelligent Design?

Re:Another?

[gbobeck]

How about a link to information on the "other" intentional back doors that exist?

Sure fine... Behold the Power of Google! [google.com]

Have Fun.

Back door flaw?

[digitaldc]

If it is intentional, I don't see how it possibly got past the Microsoft Security Engineers.

Re:Length==1

[BandwidthHog]

To trigger the exploit, the length must be set to 1. Not 2, 3, 0, or some other equally invalid value, but only the value "1".

And the counting of the length shall be ONE!

Sorry, couldn’t resist.

Backdoor Holes

[RequiemX]

Most backdoor hole problems can be patched with the application (of) Preperation H.

When does Microsoft fix the exploit where...

[blair1q]

posting a URL on /. causes the server to crash?

Right...

[WiseWeasel]

Yeah, right... trust the Chinese government to uphold our privacy rights. Anyone who runs Red Flag Linux voluntarily should have their head examined. I think Gentoo might be a safe bet...

Re:Another?

[lgw]

You mean the urban legend [cnn.com] about an NSA backdoor? There was *never* any evidence of a backdoor, only a registry key named "NSAKEY" and a bunch of paranoid fantasy. Because, you know, if the NSA did have a secret backdoor, they'd make sure is was called NSAKEY, in case they forgot where it was, or something.

Re:I would not be suprised at all.

[QuietLagoon]

The only sites that all windows machines access on a regular basis are Microsoft's.

I presume you are willing to show the details of your extensive research that determined this factoid....

Re:Another?

[Anonymous Coward]

Something like this?

(=()=)

Here's why

[Anonymous Coward]

I work at Microsoft, and know for a fact the exploit was put in for the purpose of determining who looks at illegal pr0n on Usenet. Ever wonder why the government dropped all the lawsuits against us? This kind of behind-the-scenes cooperation with the federal government is why.

Waif

[djdavetrouble]

where you waif that right.

I really think kate moss doesn't have anything to do with this, despite the recent press tizzy.

Malice

[uncle mole]

Never ascribe to malice that which is adequately explained by incompetence. Napoleon Bonaparte