All right, pretty much everyone has probably heard of the Windows Metafile vulnerability by now.

Here's a new twist, though:
http://www.grc.com/sn/SN-022.htm
http://www.grc.com/x/news.exe?cmd=article&group=grc.news.feedback&item=60006

Steve Gibson claims it looks a whole lot more like an intentional backdoor than a bug. He makes a pretty good case for it.

Now, it occurs to me that the source of Win2k, which is affected by this, was leaked. If somebody had that, they could try to find the code in question, and look at what it actually does. Of course, that would be quite illegal, but it might reveal some interesting answers.

this bug and the fact that it looks a lot like an intentional backdoor are old news to me... i've known about it since 1997, and i was in high school then...

>>2
Ha, well, maybe you should have told someone about it then, and people wouldn't be making such a big fuss about it in the media today.

>>3
if i would have told someone about it, it would have been fixed and i wouldn't be able to use it any more...

>>1
The leaked Win2K code was incomplete, if I recall. Only part of the codebase.

I do have it, but after I searched the code for uses of "fuck", "shit", and "damn" and briefly skimmed a few files (didn't find anything interesting), I stopped looking at it. There may still be a torrent of the code somewhere; that's how I got it.

> Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-01-14 09:30 EST
> Interesting ports on www.grc.com (4.79.142.202):
> PORT STATE SERVICE VERSION
> 80/tcp open http Microsoft IIS webserver 5.0
> Service Info: OS: Windows
>
> Nmap finished: 1 IP address (1 host up) scanned in 7.415 seconds

lol

Yeah, Steve Gibson seems to be one of those guys who are continually bashing Microsoft and even closed-source software in general, but use it anyway. From the moment I heard this story, I suspected he was just out for publicity.

Is it really illegal to look at the Win2k source code?

>>8

No, but getting a hold of it for looking at is another matter.

You'd think it would have shown up on Freenet by now, or some other anonymous network.

>>1
It was only a small part of the Win2K code that was leaked, not the entire base. As massive as the leaked code was, it was only a tiny portion of the code base.

>>8,9
Without an NDA, MS claims it's illegal to look at the source code because doing so would cause you to violate trade secret laws. The merits and practicality of that claim are, ahem, "debatable."

>>6
IIS FIVE??? LOL, good heavens, he's just begging to be rooted! How on Earth can IIS 5 be hardened enough to match a hardened Apache, or better yet, an out-of-box thttpd?

hay guys can u hack the gibson?

I used to hack the gibsons quite beautifully back in high school music class... Oh, we did all the classics: Van Halen, Poison, Whitesnake, Tesla, and of course AC/DC.