Leo and I carefully examine the operation of the recently patched Windows MetaFile vulnerability. I describe exactly how it works in an effort to explain why it doesn't have the feeling of another Microsoft "coding error." It has the feeling of something that Microsoft deliberately designed into Windows. Given the nature of what it is, this would make it a remote code execution "backdoor." We will likely never know if this was the case, but the forensic evidence appears to be quite compelling.

Recent podcast from GRC's Steve Gibson. If this is correct (And I'm not saying that it is - just thinking that is too scary), then it means that the WMF exploit was actually a deliberatly coded backdoor in the windows operating system. Surely this is the ultimate proof of why a closed source operating system can not be a safe one.

Well, as if the embarrasment of having published more than one astoundingly stupid security non-vulnerability wasn't enough to teach him to keep his mouth shut, Steve Gibson (of the Gibson Research Corporation), part kook, part snake-oil salesman, has managed to come up with one that beats even the tinfoil hat wearing crowd.

To wit, he has decided that the WMF vulnerability is not actually a bug, but an honest to God planned back door in the code.