Last night, I sat down with Thomas C. Greene’s article from Security Focus, “Debunking the WMF backdoor”. I found it to be pretty disrepectful to Steve Gibson and all the work he has done for the computer world. Maybe I hold Gibson in too high regard, but I find his knowledge to be very insightful and thought-provoking, especially in his Security Now podcasts. I learned a lot from his talks on VPN’s and wireless security. Maybe he is off in left field about the WMF flaw; I can’t say for certain myself as I am what people might refer to as a “security amateur.” I try to keep up on security topics, try to understand what I can. But I am no security expert, though I am passionate about computer security and would like to learn more.
One thing I found wrong with Greene’s article was that the article was improperly titled. It was not focused on debunking the idea that Gibson had, that Microsoft left this flaw in the Windows source code intentionally. In my opinion, it probably was an oversight by the Microsoft developer’s. Realize that they do have tons of code to deal with and an oversight like this will tend to happen. I wish Greene would have titled the article “A Debunking on Steve Gibson.” Greene spent more time telling his audience how Gibson has been wrong before and trashed his reputation. Greene did not debunk the comments Gibson, or tried to do that in any respect. I really like the way one SecurityFocus commenter put it. I think I share the same opinion with him about Greene’s article.
Maybe Greene will think I am as of base as Gibson, but I think everyone is entitled to their own opinion. Come on Greene, debunk me next.
After reading Mark Russinovich’s blog post January 19, I love the way he wrapped things up. “The bottom line is that I’m convinced that this behavior, while intentional, is not a secret backdoor.” While the functionality was intentional, it was, in his opinion, not done with malicious intent.