WMF Vulnerability is an Intentional Backdoor? 788
An anonymous reader writes "Steve Gibson alleges that the WMF vulnerability in Windows was neither a bug, nor a feature designed without security in mind, but was actually an intentionally placed backdoor. In a more detailed explanation, Gibson explains that the way SetAbortProc works in metafiles does not bear even the slightest resemblance to the way it works when used by a program while printing. Based on the information presented, it really does look like an intentional backdoor." There's a transcript available of the 'Security Now!' podcast where Gibson discusses this.
I would not be suprised at all. (Score:5, Interesting)
Its happened before and it will happen again. Whether this is the case remains to be seen.
Re:I would not be suprised at all. (Score:5, Insightful)
This seems to be only useful if MS itself wanted to use it. Use your imagination as to what they'd do with it. I can think of all kinds of things.
Re:I would not be suprised at all. (Score:5, Funny)
I presume you are willing to show the details of your extensive research that determined this factoid....
Re:I would not be suprised at all. (Score:3, Insightful)
It's just simple observation to say that the only site that would be consistent on every Windows system is a Microsoft site, somewhat how on my mac I am connected to apple after a clean install when I open Safari. One could say the only site that would be consistent on every mac would be apple.com.
-PS I don't think it was an intentiona
Re:I would not be suprised at all. (Score:5, Insightful)
I can't personally think of any kind of official reason why Microsoft would want to shove code onto Windows machines just from visiting their website. They've got tons of other ways of doing this.
Re:I would not be suprised at all. (Score:4, Insightful)
Re:I would not be suprised at all. (Score:3, Insightful)
Furthermore, if Gibson is so sure of himself, why isn't his own test utility avai
Re:I would not be suprised at all. (Score:5, Informative)
Eh? I just downloaded it, it's linked to from here [grc.com].
Re:I would not be suprised at all. (Score:5, Insightful)
- How about a totally stupid idea that MS thought was good?
I mean MS has a long history of ignoring security for usability, lock in and whatnot. WMF dates back to close to 10 years, back when MS really didn't give a damn about security. Even after a the big Gates propaganda email and Trusted Computing Initiative and all the hoopla, XP SP2 allows blank passwords for administrators, the user created during installation is an administrator, again if password is blank no one gives a shit. Remote registry is on by default. RPC on by default. Administrative shares are on by default. Not to mention a plethora of completely useless services.
MS just doesn't understand security. This WMF example is nothing different. It's some ancient code that never got looked at. Add to that the fact everyone and his mother is root, AND that the OS is a big bowl of spaghetti (hi2u IE deep in kernel), you get another attack vector vs Windows systems.
Did someone maliciously implement this WMF "feature"? I doubt it. It looks like another regular MS security hole that shows that MS has no clue about security.
Re:I would not be suprised at all. (Score:4, Informative)
According to the docs, SetAbortProc should provide a pointer to callback function that is called when a print is aborted. This in itself sounds like a security hole, but it could only be fired if the print is canceled, and then it can only run a preexisting callback method, not arbitary code.
According to Gibson, if you call SetAbortProc with a special key, it will instantly start running arbitary code from within the WMF. No cancelled print or preexisting method calls are requried.
If Gibson is correct, this bug is much different then how it looks on the surface.
Re:blank admin password (Score:4, Insightful)
If you're going to accuse someone of trolling, you want to be pretty sure about your facts.
if you have a blank admin password, XP prevents ANY remote network access using that account.
Hmmmn, thats an interesting band-aid.
You are actually more secure with a blank password.
Really? More secure with a blank password? I doubt it.
Would make privilige escalation pretty damn easy after you'd hacked a user account.
And it makes all that least priviliged user stuff that MS goes on about a little irrelevant too.
Re:blank admin password (Score:4, Informative)
Re:I would not be suprised at all. (Score:4, Informative)
NSA (Score:5, Funny)
Government backdoor? (Score:5, Interesting)
If this isn't a glaring example on why you should support open source, I don't know what is....
Re:Government backdoor? (Score:5, Interesting)
The function in question has existed for a long time. The exploit is in Windows 2000 and more recent. From the transcript:
Re:Government backdoor? (Score:3, Insightful)
Re:Government backdoor? (Score:3, Insightful)
Re:Government backdoor? (Score:3, Informative)
Re:Government backdoor? (Score:3, Informative)
Needless to say, I am not at all surprised that there might be all sorts of backdoors in Windows that we may never know about. This is a really good reason *not* to use it in any environment requiring security.
Re:Government backdoor? (Score:4, Informative)
Re:Government backdoor? (Score:5, Informative)
http://www.schneier.com/crypto-gram-9909.html#NSA
The fact is, the majority of the people making claims about this don't even understand what it does. The majority of the speculation isn't possible. It doesn't give anyone (Not even Microsoft, much less the NSA) a backdoor into your computer.
Re:Government backdoor? (Score:5, Informative)
The NSA is (in theory at least) legally forbidden to spy on Americans. Their main mission involves cryptoanalysis (codebreaking) and signal intelligence. So they spend a lot of time in foreign countries evesdropping on cell phone calls and the like. They have also been very much involved in the development of computerized cryptography (witness their role in the creation of DES). In this latter case, they have probably attempted to balance their interests in codebreaking with the legitimate interests in algorythmically secure encryption (i.e. make DES algorythmically secure, but shorten the key so we can break it if we really have to).
The rise of independant professional cryptography organizations, like RSA, Inc. has created a very serious problem for the NSA in this regard. In general, most of these new systems use variable length keys and are highly peer reviewed for attack potential. So the NSA cannot count on being able to brute force decrypt a document within a reasonable timeframe in the event of a clear and present need to decrypt the information.
Therefore, I believe that most of these are there to allow the NSA to bypass the encryption algorythms in Windows and allow them to access the information without having to attack the encryption. This would make reasonable sense given the NSA history.
Now, I see *no* reason to suppose that the NSA has anything to do with the WMF exploit. Instead, I suggest that this is likely to be a backdoor either put in place by a developer, at the request of a partner (such as the RIAA), etc. This backdoor has *nothing* to do with anything the NSA typically gets involved in, so I think even the most paranoid analysis can rule them out. Instead, this is just a strange attempt to allow the Media Player to be subverted and used in what ever way an attacker decides.
Now, Microsoft's response to this has been inadequate (they only grudgingly developed a patch), which suggests that this backdoor had the blessing of the company, much like the response to the Sony DRM rootkit which was undetected by agreement with First4Internet. Lest I appear to be too hard on Microsoft, I found Symantec's response ("Oh, we will start removing it" when First4Internet claims they were working with Symantec to ensure that it would not be removed) to be far less trustworthy.
Anyway, there is enough doubt in my mind about Microsoft's goodwill on these areas that I would not suggest running Windows in any environment that absolutely requires security. The system has fundamental design flaws from a security point of view, and these problems continue to underscore either serious development issues at Microsoft or an attitude that the security of the customer is not really that important.
Re:Government backdoor? (Score:3, Insightful)
You'd want something in the base system of ALL Windows version, which couldn't be disabled AT ALL, doesn't require a user to be logged-in as an admin, or stupid enough to open anything sent to them.
If I was making a backdoor, I'd put it in something basic... Have the IP stack open a port when recieving a specially-crafted packet. Have the filesystem driver silently execute a file if it find a special signature in it (eg. code embedded in a
Length==1 (Score:5, Insightful)
Re:Length==1 (Score:4, Insightful)
Re:Length==1 (Score:4, Interesting)
"Never ascribe to malice that which is adequately explained by incompetence."
But wait, there's more... (Score:5, Interesting)
I found was that, when I deliberately lied about the size of this record and set the size to one and no other value, and I gave this particular byte sequence that makes no sense for a metafile, then Windows created a thread and jumped into my code, began executing my code.
So, it accidently created a new thread, and directed the new thread to start executing code at the specific position? That's a whole different level of accident.
Oh, and Shimmer, I'll take that 5$.
Re:Length==1 (Score:5, Insightful)
I can see this being a programmer supplied backdoor, like a hook for easter eggs, but based on the other security work done in MS, anything that can be gotten into that is there on purpose is locked up pretty tight to any casual attempts.
Re:Length==1 (Score:5, Interesting)
But I still have a hard time seeing how code would *accidentally* behave like this. An invalid length should abort processing right off the bad, for one thing; "falling through" might be an explanation, but what possible code could be "fallen through" into that would set CPU execution *inside* the metafile -- moreover, would set CPU execution to the *next byte* after the erroneous header block. That's awfully convenient; if it were a mistake, I'd expect code execution to begin at some other random location, probably influenced by whatever happened to be in the register or some temporary pointer variable at the time. But the very next byte? That's too insanely convenient -- you get to provide your key *and* your payload in the *same* place.
You could argue that buffer overrun exploits do the same thing, but the idea of the buffer overflow is to specifically overwrite the function-return pointer to *make* it point at your code. In this case, the exploit doesn't have to specify the location of the code to execute, Windows does that for you. Too convenient.
Old coding practises, not conspiracy (Score:3, Interesting)
> that would set CPU execution *inside* the metafile
Actually, I think it was done for performance releases (remember, existed back in the Win 3.0 days).
Back in ye olden days, there was a common software practise called self modifying code. It was used in some implementations of FORTH, but it was far more popular on systems that had few registers like C64. It was generally used as a way to dramatically speed up code on those slow processors.
Have a
Thread Creation (Score:5, Insightful)
I don't think it's surprising that a piece of code might behave in an odd way if it's given invalid input, i.e., if a buffer length is wrong.
I think the real giveaway here is that Windows creates a new thread when presented with this magic length. That's like rolling out the red carpet for the attacking Huns. I don't think the average buffer overflow type exploit gets it's own thread or process.
And of course it's still possible that it was all a mistake. The C language can be used to write some extremely tangled code, if one is so inclined. Something like an incorrectly used setjmp/longjmp could have effects like this.
Re:Thread Creation (Score:5, Insightful)
Again, agreed. But again, the catch is in the particular kind of odd behavior. If I were writing that code and it hit an invalid length, I'd probably abort processing of the whole file, presuming data corruption. Failing that I'd just skip over the flawed block and proceed with processing the next one. In that case, I could imagine not checking the length very carefully and just going to " + " to process the next block -- this would produce the observed "next byte" pointer.
The problem is in the semantics: I said *process* the next block, not *execute* it. If anything this would just cascade into more error cases, since the data that was expected to be the "next block" would almost definitely also have a malformed header (since it wasn't intended to be a header at all), etc.
So, I guess you're right - the tipoff is still that actual code is executed without having to be specifically pointed to (i.e. buffer overrun), and that it's executed in its own thread, rather than taking over the processing thread that was interpreting the metafile in the first place.
Re:Thread Creation (Score:4, Insightful)
But that's only an issue if the WMF-processing code doesn't create a new thread in order to call the subroutine in the valid case. In reality you'd almost certainly want the callback to happen in its own thread, rather than to allow anyone to run abitrary code in the same thread as the print server.
Think about it like a programmer (Score:5, Interesting)
exit standard processing
encounter SetAbortProc
open thread to communicate with windows print manager
thread attempts to read [length] bytes for sub value, encounters overrun
this is where I'm guessing the real horrendous problem lies. I'm guessing that the original code ignores exceptions while pulling in the sub value, so in this case where code hits an overrun, instead of that sub value getting a few bytes of data, it just graps until . In this case that sub value winds up being the payload.
So there you go, key and payload on an independent thread because of a bad exception handler in a 12 year old block of code.
-Rick
Re:Thread Creation (Score:3, Insightful)
I don't find this (or the originial article) convincing. He makes a wildly unsubstantiated claim about the WMF vulnerability being intentional.
The whole Escape/SetAbortProc vulnerability is built around some (admittedly stupid) functionality in WMF
Easy one to test. (Score:3, Insightful)
However, there are a few very specific ways in which you would write code to deliberately look for that specific value in a specific portion of an operation. These ways can be checked by inspecting a disassembled version of the code. (But do this outside of the US, or the DMCA droids will Use The Force.)
Since WINE shows the same hole and the coders ar
Re:Length==1 (Score:5, Informative)
It might have been convincing if it were true. The vulnerability checker [hexblog.com] from Ilfak Guilfanov's site uses length==17 to trigger the exploit (Look in the wmfhdr.wmf file in the source zip. The length is a little-endian DWORD at offset 0x12.)
The Metasploit module [metasploit.com] uses a length of 4. Check out the following snippet:
#
# StandardMetaRecord - Escape()
#
pack('Vvv',
# DWORD Size;
4,
# WORD Function;
int(rand(256) << 8) + 0x26,
# WORD Parameters[];
9,
). $shellcode .
I think Steve Gibson is confused.
Re:Length==1 (Score:5, Informative)
In this case, the smallest possible "length" value is 6, because the header itself takes 6 bytes, so even if the unit had no actual data, the length field itself and the unit's command code is a minimum of 6 bytes.
To trigger the exploit, the length must be set to 1. Not 2, 3, 0, or some other equally invalid value, but only the value "1". Any other value has no effect at all.
Re:Length==1 (Score:4, Funny)
And the counting of the length shall be ONE!
Sorry, couldn’t resist.
do you mean (Score:4, Interesting)
This Steve Gibson [grcsucks.com] ?, yeah he is a real security expert, along with his podcast boy wonder we have much to be afraid of
Ah, nice Ad-Hominem attack in there... (Score:5, Insightful)
IMHO your "debunking steve gibson" site is nothing but a smokescreen to divert the attention from Microsoft's vulnerabilities and backdoors.
Re:Ah, nice Ad-Hominem attack in there... (Score:4, Informative)
In my not so humble opinion, you don't know what you are talking about. Go read some of the links in that site, and you'll see that Steve Gibson is one of the many "security experts" that have no clue but gives dangerous and very wrong "solutions".
Re:Ah, nice Ad-Hominem attack in there... (Score:5, Insightful)
In my ever-so-humble opinion you completely missed the point of the parent. The reputation, sanity, motives, and anything else dealing with the person making the claim has nothing to do with the validity of the claim itself.
In this particular instance, there is at least some apparent merit to the idea that this was an intentional backdoor, and that merit would be there regardless of who points it out.
If you want to discredit the idea that this is an intentional backdoor (of which I am far from convinced), then you should attack the argument directly, not the man making it.
SetAbortProc (Score:3, Informative)
Possible uses? (Score:4, Interesting)
Re:Possible uses? (Score:5, Interesting)
Re:Possible uses? (Score:3, Insightful)
Probably more to be found, may work together? (Score:3, Insightful)
That we know of that is. This has been lurking about in every version of windows since 95, right? And it's taken until now to be brought to light. How many other similar seemingly innocent bits of code in those millions of lines of legacy windows code do similar things? The question is not what can this exploit do on its own, but what can it do in concert with others
Bugs don't have to be well-coded (Score:3, Interesting)
Re:Bugs don't have to be well-coded (Score:3, Interesting)
You're talking out of your ass. RTFA.
This is (IMNSHO) not a bug. How would you accidentally introduce a bug that for one specific, non-valid, value the program would start executing code that has no place being there in the first place. This has nothing to do w
Lawsuit time (Score:5, Interesting)
It's possible to get to the bottom of this by legal means.
Based on that information (Score:3, Interesting)
Magic Lantern? (Score:5, Interesting)
The notion of a backdoor in Windows isn't new. Perhaps the WMF vulnerability was one of the vectors used by Magic Lantern [wired.com], which was the code word for at least one of the FBI's keylogger programs. Magic Lantern was notable in that antivirus providers participated with the Feebs in a gentleman's agreement to not look for it.
It's certainly a dumb enough solution that the IT-challenged FBI might go for it.
On relative dumbness and smartness, I'd expect smart spies, namely those who work for two other notable three-letter-agencies, to use somewhat more interesting techniques. If it were me, I'd take advantage of equipment I had in place at critical infrastructure points to conduct MITM attacks between a PC and Windows Update servers, in order to transparently install my spookware on only those machines that specifically identify themselves - by means of GUID or whatever other stuff I could glean from the Windows Genuine Advantage and other DRM-related bitstreams - as belonging to my target population.
Paranoid? If you're not paranoid, you're not thinking far enough ahead.
Steve Gibson is a crackpot (Score:3, Informative)
The guy is a massive alarmist and I wouldn't take anything he says seriously. He loves to cry about the end of the digital world type scenarios, perhaps because he really believes it, or perhaps because it gets him more business.
Re:Steve Gibson is a crackpot (Score:5, Interesting)
Re:Steve Gibson is a crackpot (Score:5, Informative)
Re:Steve Gibson is a crackpot (Score:5, Informative)
Interesting evidence (Score:4, Insightful)
It's a straightforward way to add a backdoor that will bypass firewalls, etc. It can be triggered by a browsed page, email, etc. It's better than gif/jpeg encoding because those are more "platform independent." and the payload would be more likely noticed by a 3rd party decoder.
On the other hand, isn't this flagged as an attempt to execute code on a data page?
Also, if it were official, doesn't MS have easier ways into a general box - say through security updates, or even the entire existing code base?
Right... (Score:3, Funny)
Please not Gibson again... (Score:3, Informative)
http://www.grcsucks.com/ [grcsucks.com]
Re:Please not Gibson again... (Score:5, Insightful)
What about wine? (Score:3, Interesting)
http://it.slashdot.org/article.pl?sid=06/01/06/20
Re:What about wine? (Score:3, Informative)
Yeah... (Score:5, Informative)
S.G. is a flaming idiot, he looks for (and imagines) ghosts and spooks in every corner. Then flogs his conspiracy theories to promote himself and his buisness. This probably holds about as much water as the "discovery" of cold fusion and Korean human cloning.
Why aren't we reporting on REAL bugs like the 4 security vulnerabilities found in iTunes this week which opens both Windows and Mac users to external attack? Was the Microsoft bashing quota too low this week?
What is becoming of
Re:Yeah... (Score:5, Insightful)
As Eddie Deezen would say... (Score:3, Funny)
You guys are so dumb, I'd go straight through Falken's Maze.
I just hope David Lightman isn't reading this... we'd only have a few days until it was all over for us...
Patch (Score:3, Insightful)
Who DOCUMENTS their evil backdoor? (Score:5, Insightful)
Lest we forget that Wine also proved vulnerable, and it was a clean-reimplementation of the specs!
Re:Wine proves TFA wrong (Score:3, Informative)
I'm not really buying this guys explanation, however. Software errors can have very strange side effects. Probably the short length causes it to reuse (rather than overwrite) the contents of some buffer as the code pointer, and that buffer just happens to contain a pointer to the next record of t
This guy is a moron. (Score:5, Informative)
"Thank you Microsoft for blessing us with a patch to fix the products
you currently sell. The products that compete with Linux and Macintosh.
Excellent job at diverting the our attention away from the fact that
Windows 95, Windows 98, Windows 98SE, Windows Millennium Edition, and
Windows NT4 remain vulnerable. Neat trick convincing people that "the
vulnerability is not critical because an exploitable attack vector has
not been identified that would yield a Critical severity rating for
these versions."
Lemme see here. Windows 95 is 11 years old. Windows 98 is 8 years old. Windows ME is 6 years old. And Windows NT4 is 9 years old. How many other operating systems offer patches and support product versions for software that is that old?
Ridiculous.
Win98 is 8 years old -- so? (Score:3, Interesting)
It's not dead yet. You just wish it were.
still in use (Score:5, Interesting)
Sun and HP for two (Score:5, Informative)
I know of at least two. Both Sun and HP still provide support or patches for versions of UNIX System V that are older than Windows 98.
Back door flaw? (Score:4, Funny)
Why hasn't he stepped into the WMF interpreter? (Score:5, Interesting)
Backdoor Holes (Score:3, Funny)
Would be a Crappy Backdoor (Score:5, Informative)
If that's the case, they chose a dumb place to put it, because the exploit doesn't even work on Windows 2000 and below without some program installed to handle WMF files. From Larry Seltzer's blog (linked from F-Secure):
http://blog.ziffdavis.com/seltzer/archive/2006/01/ 03/39684.aspx [ziffdavis.com]
That means that unless Microsoft used some OTHER backdoor to install a handler for it, this backdoor is useless. I suspect this is merely an oversight on their part, and that it just ends up looking bad when you view it from the outside. The only way to know is to see the source code and well, we know how likely that is.
A real backdoor would be something remotely exploitable via the network, as opposed to hiding inside a file or something like that.
Not sure... (Score:3, Insightful)
1 as an input value is one of those classic boundary conditions that developers should always specifically test against (but sometimes don't...along with 0, negative numbers, MAX_whatever, etc)...so I'm not convinced that it was just a coding error. If the "magic key" length was something completely random like 6385492, then I would be more suspicious.
C'mon MS...let's see the code!
Re:Not sure... (Score:3, Insightful)
When does Microsoft fix the exploit where... (Score:3, Funny)
Jumping to conclusions. (Score:4, Informative)
I think that we ARE talking about the SETABORTPROC vuln that everyone has been talking about; Steve just finds that the vuln doesn't work quite the same way that he was expecting. It seems that Steve is basing his accusation on the fact that he had to set the length field of the code containing WMF record to 1 (an illegal value) in order to get his code to execute. While this seems odd (and sounds like a "magic value"), there is likely a better explanation. Here's one possibility... The advisory from Secunia at http://secunia.com/advisories/18255/ [secunia.com] says that the embedded code executes when any error is detected in parsing the WMF file (not only [or ever?] when canceling printing). Maybe the SETABORTPROC function was originally intended for printing but was overloaded to handle parse error callbacks? Depending on how the parsing code was written, it may treat the invalid length value as such a parsing error, but may have already indexed the the beginning of the code block (since it knows the length of the record header) - it just doesn't know when the code block ends. It can then start executing the code block, even though it is an error in the code block's record that caused the error. I wonder if the code block would execute if the correct length was specified but the NEXT record in the WMF contained a similar error (like an invalid length field).
He may very well be correct that someone has intentionally included this mechanism as a backdoor, but he is being premature in making such claims without first consulting the people who have a lot more experience with this vuln than he does. By the way, MS gives access to their source code to a LOT of outside parties - I'm sure that Steve could have found someone to take a look for him.
I don't mean to make an ad hominem attack (this podcast is actually fairly accurate - just jumps to conclusions), but Steve isn't exactly known for being a respected researcher in the security industry - he's a bit of a poser and sensationalist/alarmist. My gut feel is that Steve is continuing on his sensationalist streak, jumping to conclusions and trying to drum up more excitement. He frequently hypes issues to crazy levels and tries to make himself look like a hero/expert. In fact, he usually offers little insight and often tries to pass off regurgitation (often inaccurate) as original research. Just listen to him in this recording talking about "rolling up his sleeves" and "wrote all my own code", etc. Look up his stuff on nano-probes (http://grc.com/np/np.htm [grc.com]) for some funny stuff. I am a security professional and can tell you that much of his writing is BS and/or hyped/obfuscated wording for technologies and techniques that have been in common usage for years and years before he writes about them. I just can't help but take Steve's claims with a grain of salt.
Re:Another? (Score:5, Funny)
*looks at clipboard*
Ok Goatse linkers, thats your cue.
Re:Another? (Score:3, Funny)
Sure fine... Behold the Power of Google! [google.com]
Have Fun.
Reflections on Trusting Trust (Score:5, Interesting)
Re:Another? (Score:5, Informative)
Re:Another? (Score:5, Funny)
Re:And this door leads to... (Score:5, Insightful)
Re:And this door leads to... (Score:4, Insightful)
Since profit is all a corporation cares about, suing away those profits is the only way to punish it.
Re:And this door leads to... (Score:3, Insightful)
If you buy a cell phone and decide the interface is sucky, you don't punish the company by suing them. You punish the company by buying another brand next time.
Re:And this door leads to... (Score:4, Insightful)
A lawsuit is not the answer to everything.
Too true.
This is a case for criminal prosecution. Gibson has uncovered evidence that at face value demonstrates that there has been a conspiracy to defraud Windows users, and possibly to defraud Microsoft Corporation itself. Microsoft's internal documents would identify the coder(s) involved in this deceit, and possibly other conspirators.
I think it is time for the Washington State Attorney General to give this to a Grand Jury. (IANAL, but I think it is the business of a Grand Jury to determine if a crime has been committed in this kind of circumstance).
Let a Grand Jury hear this evidence and decide whether it appears that some person(s) deliberately set out to violate the privacy of Windows users.
You're on (Score:3, Insightful)
Re:You're on (Score:5, Informative)
Re:Unparalleled BS from MS. (Score:5, Insightful)
It's nothing like that actually, you are comparing apples to supernovas.
~S
Re:Unparalleled BS from MS. (Score:5, Insightful)
I'm going to post my hierarchy of vulnerabilities. (Score:3, Interesting)
1. Remote--root access that does NOT require human intervention or other app running.
2. Remote non-root access that does NOT require human intervention or other app running.
3. Local root access that does NOT require human intervention or other app running.
4. Local non-root access that does NOT require human intervention or other app running.
5. Remote root access that requires some human interaction or some combination of apps.
6. Remote non-root access that requires some human int
Comment removed (Score:4, Insightful)
(OT) Re:Unparalleled BS from MS. (Score:4, Interesting)
The reporting during WWI damaged the credibility of all reporting during WWII.
jcr (53032): Allied propagandists didn't have the imagination to come up with anything like the holocaust.
They most certainly did have the imagination, but they realized that they did not have a willing audience for such accusations. Successful PR cannot be had with seemingly wild claims, especially if the organization has been shown to greatly overexaggerate in the past.
Re:Rootkit (Score:3, Insightful)
Waif (Score:4, Funny)
I really think kate moss doesn't have anything to do with this, despite the recent press tizzy.