If your going to put a backdoor you would want to put it in something that is remotely exploitable like a network service or something. You don't want to have to socially engineer the user of the computer to either download your attachment or visit a website. That's too much work especially if its supposedly a conspiracy to be able to access any computer.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Weeden Sent: Friday, January 20, 2006 7:41 AM To: The Hardware List Subject: Re: [H] Nutty Steve Gibson claims WMF bug was planted by Microsoft Listen to episode 22: http://grc.com/securitynow.htm This was on Digg last week. Every person that I have heard saying Gibson is a moron over this has not had their facts straight. Listen to the podcast, look at his reports, hell look at his source code. His arguement that you need 2 or 3 very specific things to happen to trigger the WMF vulnerability, things that prevent the WMF files from working as intended. Which in my mind is the exact definition of a backdoor. Of course M$ will deny it. The only other option is to say yes, one of two things are true: 1. We have a rogue programmer who put their own backdoor in all version of our software since win2k 2. We deliberately put in a backdoor so we can access and patch every copy of windows in an emergency, even if they have firewalls and autoupdate disabled. -- Brian
