Re: [Full-disclosure] Steve Gibson smokes crack?

[eric williams <nfobro@xxxxxxxxx>]

On 1/13/06, Jason Coombs <jasonc@xxxxxxxxxxx> wrote:
> Stan Bubrouski wrote:
> > Ordinarily I'd argue, but its hard to when we find out Microsoft knew
> > about the bug for a long time and made a concious decision not to
> > patch it even though they knew it could lead to a system compromise.
>
> It's hard to imagine anything other than conscious and willful
> preservation of known backdoors in Windows as an explanation for
> Microsoft's refusal to enable Windows Firewall by default until XP SP2.
>

While I agree with that fundamentally, there is one more point to
stress and that is with the architecture of the GDI and the meta-data
processor design.  It seems to me that is where the 'flaw' was
introduced.  That design flaw (allowing the content originator to
detemine what processing would take place when a render operation was
aborted) is what led down this path.  Those decisions, imho, were made
well before Windows 9x even, so I think there may be some merit to
saying it "was known".  I don't know tho' it "was known" means "was
known to be exploitable", per se.


-e

> Microsoft knew for years, if not from the very start, that all Windows
> boxes were by design exposing backdoors on the network, yet they did
> nothing to remedy the situation nor alert any customer to the risk.
>
> This smells to me like a whole slew of intentional backdoors, and I
> don't smoke anything.
>
> Regards,
>
> Jason Coombs
> jasonc@xxxxxxxxxxx
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/