On 1/13/06, Jason Coombs <[EMAIL PROTECTED]> wrote: > Stan Bubrouski wrote: > > Ordinarily I'd argue, but its hard to when we find out Microsoft knew > > about the bug for a long time and made a concious decision not to > > patch it even though they knew it could lead to a system compromise. > > It's hard to imagine anything other than conscious and willful > preservation of known backdoors in Windows as an explanation for > Microsoft's refusal to enable Windows Firewall by default until XP SP2. >
While I agree with that fundamentally, there is one more point to stress and that is with the architecture of the GDI and the meta-data processor design. It seems to me that is where the 'flaw' was introduced. That design flaw (allowing the content originator to detemine what processing would take place when a render operation was aborted) is what led down this path. Those decisions, imho, were made well before Windows 9x even, so I think there may be some merit to saying it "was known". I don't know tho' it "was known" means "was known to be exploitable", per se. -e > Microsoft knew for years, if not from the very start, that all Windows > boxes were by design exposing backdoors on the network, yet they did > nothing to remedy the situation nor alert any customer to the risk. > > This smells to me like a whole slew of intentional backdoors, and I > don't smoke anything. > > Regards, > > Jason Coombs > [EMAIL PROTECTED] > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
