I don't remember anyone posting about this http://eprint.iacr.org/2007/419 which talks about reverse engineering the pseudo-random number generator (PRNG) used by the Windows 2000.
( Let's see Microsoft sick the DCMA attack dogs on them! ) About a week or two after that paper was released. Microsoft admitted that the Windows 2000 PRNG was being used in Windows XP. So my guess is it might be used in Vista as well. Going back to the topic at hand. Microsoft has a long history of using and reusing undocumented API's ( any one remember BackOrifice?) and other bad code in all of there software. I'm not just picking on Microsoft, there are other software developers who have had issues with binary only file formats. That being said you can also have issues with programs that don't do good input output validation used in a markup language or on ASCII text as well. ( Or there is no input output validation at all Winzip ) So at the end of the day if no one audits your code, or if you don't have good software development standards (That software developers follow religiously!) you will have issues. Jacob West presented "How I Learned to Stop Fuzzing and Find More Bugs" @ Defcon this year. It was a good talk. He did get a bit off topic and talked about methods in a few programing languages that will get you into trouble even if you think they are safe. You might be able to find a video of it on youtube or google video. -Miller On Nov 29, 2007 6:34 PM, Ben Barrett <[EMAIL PROTECTED]> wrote: > The joke's on all of us: "choose your own adventure" =P > > Your knowledge is much-appreciated, Marbux! > > ben > > > > > On Nov 29, 2007 6:27 PM, marbux < [EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > On Nov 29, 2007 6:01 PM, Ben Barrett < [EMAIL PROTECTED]> wrote: > > > > > Thanks Marbux, > > > I was [partially] surprised that they said Excel was the biggie, I heard > from a CCC conference, albeit a while back, that Vista had all their old > known issues, at least at the outset, that they had identified about 90% of > the most-buggy DLLs were identical to XP on the inside :) > > > > > > > I wonder whether that part is accurate. It used to be that around 50 per > cent of the known malware out there was embedded Word scripts. And Word has > a much larger user base than Excel. > > > > On the persistent of bugs in Windows DLLs, it's much the same story with > MS Office. Its major apps were designed back in the days when Bill Gates > used to brag about not fixing bugs. Now they're in the spot 15 years later > where it's too late; gobs of spaghetti code on top of the original bugs. > There's a study I did in 2000 of all the published bugs in the Word footnote > and endnote features here, < http://www.llrx.com/features/word.htm>. If you > skim the tables, you'll see a lot of bugs, even data loss bugs, that have > persisted for many versions. And you can infer from the version numbers for > some of the persistent bugs that Word still has its original 16-bit page > layout engine. (Some of those versions ran on 80086 and 80088 processors.) > > > > I haven't studied bugs in Excel and Powerpoint so closely, but I strongly > suspect it's much the same story there too. E.g., at ISO, Microsoft is > lobbying hard to be allowed to keep the Excel leap year bug in the OOXML > specification. I doubt if they'd be defending the bug so vigorously if they > could repair it other than by using pre- and post-processors, which would > give them a big performance hit in loading large spreadsheets. > > > > Best regards, > > > > Marbux > > > > > > _______________________________________________ > > EUGLUG mailing list > > [email protected] > > http://www.euglug.org/mailman/listinfo/euglug > > > > > > > _______________________________________________ > EUGLUG mailing list > [email protected] > http://www.euglug.org/mailman/listinfo/euglug > > _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
