Great Circle Associates Firewalls
(July 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Risks in NTOSKRNL? speculation....
From: "Michael S Hines" <mshines @ purdue . edu>
Organization: Purdue University
Date: Wed, 16 Jul 1997 08:06:29 -0500
To: firewalls @ GreatCircle . COM
Comments: Authenticated sender is <mshines @ postoffice . purdue . edu>
In-reply-to: <9707151453 . AA21702 @ sonic . nmti . com . nmti . com>
References: <199707141857 . OAA26304 @ SPARKY . CF . CS . YALE . EDU> from "long-morrow @ CS . YALE . EDU" at Jul 14, 97 02:57:16 pm
Reply-to: mshines @ purdue . edu 
> > Just who among us really knows what dark code lurks in the
> > heart of \winnt\ntoskrnl.exe ?
> 
> I am firmly convinced that there is no single person at Microsoft who can
> answer that in the affirmative.

In WinNT (or more technically correct - in a Portable Executable 
file format) - at least, if its reachable by others its going to 
be in the exports or imports list in the object code module ...  
  and can be detected, though it may be undocumented.

     

-----------------------------------------------------------------
Internet: mshines @
 purdue .
 edu    * Michael S. Hines, CDP, CFE
Voice: (765) 494-5845           * Sr. Information Systems Auditor
FAX:   (765) 496-1814           * Purdue University
if AC 765 doesn't work, try 317 * 1065 Freehafer Hall
                                * West Lafayette, IN 47907-1065
All views are my own and do not reflect Purdue University policy.
References:
Indexed By Date Previous: Re: Microsoft plans to offer a firewall
From: acr @ als . co . uk (Alan C. Ramsbottom)
Next: Re: What is NAT?
From: "Frank Knobbe" <FKnobbe @ BellSouth . net>
Indexed By Thread Previous: Re: NSA backdoors in OS
From: peter @ baileynm . com (Peter da Silva)
Next: Re: NSA backdoors in OS
From: Anton J Aylward <anton @ the-wire . com>
Google
 
Search Internet Search www.greatcircle.com