[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Steve Gibson smokes crack?
- To: Todd Towles <toddtowles@xxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Steve Gibson smokes crack?
- From: eric williams <nfobro@xxxxxxxxx>
- Date: Fri, 13 Jan 2006 15:48:59 -0500
On 1/13/06, Todd Towles <toddtowles@xxxxxxxxxxxxxxx> wrote:
>
> Stan wrote:
> > Ordinarily I'd argue, but its hard to when we find out
> > Microsoft knew about the bug for a long time and made a
> > concious decision not to patch it even though they knew it
> > could lead to a system compromise.
>
> Also, Microsoft must have made the concious decision to have it not work
> by default on any pre-Windows 2000 machine? What kind of old secret
> government backdoor is that...when it doesn't even work.
I think I follow you here, I don't think I agree with the conscious
decsion part tho'. I think the design of the WMF supported the record
types that any vendor could have access to via the GDI, what was at
play, afaict, is that you either had to have a renderer that was
flawed and could be leveraged from M$ or a third-party vendor. I
think the 'flaw' was there by default, but possibly no means to
leverage it without a properly crapped up 'viewer'. M$, of course
fixed that problem later by providing a default backd^H^H^H^H^H
viewer. :)
-e
>
> -Todd
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/