Microsoft accused of placing metafile backdoor in Windows

Steve Gibson has just accused Microsoft of deliberately back dooring Windows from 2000 on and trying to cover this up with the recent WMF "patch" which is actually not a patch but removes the backdoor. The WMF "vulnerability" was the path to the backdoor. When someone discovered this, Microsoft tried to cover it up by "fixing" the vulnerability. He also says the the real reason Microsoft did not patch 98/ME/NT is because the backdoor was not placed until W2000.

Listen to the full podcast before drawing conclusions. He also states that his research is not finished, but should be by next Thursday, and that there is the possibility he will come back to the next podcast with his tail between his legs, however, at this point he is sure enough of his research findings to make this very serious public accusation. He also states that there is, at present, no way to know (and may never be) if this backdoor was placed by a rogue programmer at MS (or group of programmers) or with the full knowledge and assent of Microsoft itself. Microsoft has been invited to come on the next show to present its side of the story. Steve Gibson has been accused of being flamboyant and too desirous of attention and while that may be some what true, I do not believe that he makes frivolous accusations in order to grab the spotlight. I actually hope that he is proved wrong on this by others or that his further research shows that he has drawn a too hasty conclusion. Because if true the implications are quite frightening.

http://www.grc.com/securitynow.htm

 

I can hardly wait!...."Until next Thursday"

 

i listened to the podcast earlier and it's really good. i think they knew about it because they said from the very start they wouldn't be patching old PCs. that could be becuase they don't really support them or because MS knew old PC didn't have the vulnerable metafile.

 

Kewl....I was going to be busy next Thur anyway. Perhaps it's not potentially SO Important as some have made it out to be and Alcoa stock want be going up after all

 

http://www.grc.com/securitynow.htm doesn't load/exist.

 

It's not just that section, the whole site does not load for me.... ShieldsUp! nada.

www.grc.com a no go also...

So I don't think it's because of the MS statement.

TAS

 

The Link http://www.grc.com/securitynow.htm works fine -

The following options are available at that link:-

Download "KnockKnock" – our backdoor tester (24 kb)
Download a high quality MP3 audio file 19 MB
Download a smaller MP3 audio file 4.8 MB
View any supplementary notes 4.1 KB
View text transcript as web page 63 KB
Download a text format transcript 37 KB
Download PDF format transcript 54 KB

 

DDoS attack againt GRC.com and for a moment in time the BBR\DSLreport site was being used as a reflector of this traffic.

 

Guest Rickx;

If you wish to make slanderous statements against Steve you will need to qualify them, otherwise they will be removed without notice from this point forward. There isn't any point in making baseless comments like these - your two posts have been taken offline.

Regards;

Steve

 

What I find strange is that there seem to be so many people flat out rejecting even the possibility that M$ could be in cahoots with homeland security and purposefully left the WMF flaw in place for them to use as a backdoor.

Every other US business has to bow down to their will, so why not Micro$oft? Aren't they based in the US too? And with the way the US government has been behaving as of late, spying on everyone without any warrants, I wouldn't doubt it myself, and I wouldn't doubt there may be other as of yet undiscovered backdoors as well. I think it's time to explore other OSes like Linux IMHO, at least that's what I'll be doing.

 

Has anybody traced a log of traffic stemming from this vunerability? Where's it go, what's it taking, etc?

 

Setting aside the widely varying degrees of paranoia that posters to this thread display, and setting aside the question of whether Steve Gibson is right or wrong in his suspicions, I have to observe that, so far, Steve Gibson has succeeded only in illustrating a complete lack of ethics and professionalism.

*If* he was to obtain evidence that MS intentionally coded the WMF vulnerability to be exploitable (by themselves or others) - and he has as yet presented no such evidence - then the time at which to present this would be after he has actually obtained the evidence. Instead, he decided to publicise his suspicions (for that is all they are) without supporting evidence and - as he himself has freely admitted - well in advance of him even completing his own 'investigations'.

Fuelling people's paranoia is hardly a responsible practice.

Having 'egg on his face' may turn out to be the least of his worries when all this is over. If his claims turn out to be unprovable and MS decide to come down hard on him, it would be difficult to extend him any sympathy.

 

Hi spm

Nah, it's more popcorn than paranoia.

Come to that ...... there were so many people trying to go through it at the same time - it was more 'barn door' than 'back door'

http://www.chrlen.ch/gl/images/smilies/popcorn.gif

 

True enough.

 

I have to agree with that. Personally, if I were in that position, I would be very very very careful about how I presented this. I think that this point is also partially responsible for the reaction that the claim is bogus.. he almost makes it seem like the claim is being made lightly, despite his notes to the contrary. I have to (sadly) agree with westinghouse in that it's entirely plausible that Gibson is correct, but how he chose to present it just doesn't sit well.. at least for me, it made it easier to dismiss.

 

A few Off Topic posts have been removed from this thread. Let's please remain on the topic of the so-called 'metafile backdoor' and not spin this thread off into other directions/topics.

Thanks for your co-operation and understanding;

Steve

 

Mark Russinovich of SysInternals has published a typically competent analysis of the flaw, an analysis which rather undermines the credibility of Steve Gibson. You can read Mark's analysis here: http://www.sysinternals.com/Blog/. People like Mr. Gibson do no-one any favours, not least themselves, when they make unprovable claims based on patently poor analysis.

While MS are clearly no angels, fuelling the overly paranoid and the consiparcy theorists in the apparent pursuit of fame is not the way to go. I wonder how magnanimous MS are feeling just now...

 

I agree completely.


Again, if I were in his position, I would have left the facts as they were, and not tried to add any speculation about intentions. The more I go over that last podcast of his, the more convoluted it all seems. I dunno, I think Gibson just dealt a pretty heafty blow to his own credibility.. it's going to be hard to take any more of his announcements seriously at this point. He should have simply collected the facts and tried to bring them down to a level that everyone could understand, that would have given him a more positive boost than what he's left with now.. albeit less sensational. Russinovich's findings also leave a lot of question about the quality of Gibson's new tool "Mouse Trap".