Main Area and Open Discussion > Living Room

OFFICIAL WINDOWS UPDATE for Windows Vulnerability - READ IN

<< < (4/4)

f0dder:
I read the transcript, and this "keeps offering him the opportunity to back down" looks more like something to cover their asses. It seems like Gibson hasn't analysed the flaw (ie, proper reverse engineering) but rather just fiddled with .WMF files until he produced one that worked, and then jumps to conclusions that 1 is a "magic backdoor value", while it sounds more like a buffer overflow to me. I haven't done RE of it either, but I'd rather opt for something that sounds plausible instead of brewing up conspiracy theories.

you have to give him some credit for sticking his neck out so far on something that's going to get a lot of push back.

--- End quote ---
Not really. Sticking out his neck this way gives him publicity, and that's what he wants.

mouser:
long slashdot discussion of the issue:
http://it.slashdot.org/it/06/01/16/0615247.shtml

f0dder:
Heh, even the /. zealots say that Gibson is a crackpot ^_^

f0dder:
...so much for Gibson's "magic value" theories - here's a guy that KNOWS how to reverse engineer, and has actually done it: http://www.sysinternals.com/Blog/

mouser:
fodder's link, to Mark Russinovich's blog entry about the wmf vulnerability, will no doubt be the definitive word on the subject.

His conclusion:
"The bottom line is that I'm convinced that this behavior, while intentional, is not a secret backdoor."
--- End quote ---

looks like steve gibson is going to be eating his words on his next radio show.

Navigation

[0] Message Index

[*] Previous page