Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror
Microsoft

al Qaeda Hacks XP? 736

Posted by CmdrTaco
from the conspiracy-theories-and-bears-oh-my dept.
acaird writes "According to this article at Newbytes, members of al Qaeda may have worked for Microsoft and planted "trojans, trapdoors, and bugs in Windows XP"." This stuff screams of hoax to me, but it is showing up on the Washington Post.
This discussion has been archived. No new comments can be posted.

al Qaeda Hacks XP?

Comments Filter:
  • by Saint Aardvark (159009) on Tuesday December 18, 2001 @11:22AM (#2720075) Homepage Journal
    Honestly, things are getting pretty bad for MS if this sort of thing can be published without even a public whipping. :-)

    If this goes on..."Next week on Jerry Springer: Bill Gates is sleeping with my sister!"

  • by psyklopz (412711) on Tuesday December 18, 2001 @11:22AM (#2720080)
    Speaking as a programmer who works for a big software company, it's unlikely that anything like that would be able to get through.

    Code generally goes through peer reviews and quality assurance before it is accepted into the main stream. Say waht you want about MS, but I'm sure they do these things (they can afford it!)

    To bypass these failsafes would require a lot of people along the line allowing it to slip through.
    • by Anonymous Coward on Tuesday December 18, 2001 @11:29AM (#2720153)
      Yeah, right. All code gets peer reviewed, and it's also verified that the version that's peer reviewed is exactly what's under source control, and QA reads code? That's a fucking joke.

      QA generally does not read any code at all, they take the specs for how a routine works, and maybe write some regression tests to make sure it does what it's supposed to, and breaks properly. There's no digging around in the code itself.

      As for peer review, when it happens (which it doesn't for every line of code by a long shot) they don't make sure that nobody ever updates that code again without more peer review.

      While I don't believe the allegation for a second, it's definitely extremely possible.

      • That's a fucking joke.

        While I'd admit that QA in professional software is lacking, there are definately source code reviews in an OS product group. Every line of code is looked at, even if only briefly. The risk of the exploit being detected and erased before a release is too great for the Microsoft interview process (grueling, trust me) to be worthwhile. Especially if the coder is a new employee. It is highly unlikely that a new programmer even wrote a single line of compiled OS code. Most of the time, they are writing tools or test scripts for years before they get to write OS code. Insinuating that someone's entire career was a setup in order to get caught planting some bugs in Windows is a lot more ridiculous than claiming this is a hoax.
        • Two counterpoints (Score:5, Insightful)

          by Mr. Fred Smoothie (302446) on Tuesday December 18, 2001 @12:08PM (#2720458)
          In a million-plus line codebase for a product under deadline pressure, while official policy might be that "every line is checked", in reality this is highly unlikely to happen. The coders and their managers may assure the suits, "Yeah, we reviewd every line of code," but they'd be lying. It just doesn't happen. It's one of those things that everyone knows is *supposed* to happen and most people know doesn't *really* happen.

          Secondly, while I agree that it's unlikely that a terrorist would approach a 13-year old kid and say, "Hey, you should start excelling in Math and then attend college to get a CS degree so that 10 years from now you can go work at Microsoft for 4 years or so (enough to gain the confidence of your managers) and then start putting back doors and bugs in their OS," it's far more plausible that a terrorist would approach a already working programmer who's naive and idealistic -- and perhaps *already* working at and trusted by managers at Microsoft -- and say, "Hey, here's how you can really help your faith..."

          • by Geckoman (44653)
            And it's even more plausible that they would approach a disaffected, unhappy person regardless of faith -- who'd been working there for several years, feeling unappreciated the whole time -- and say, "Hey, here's a few ten thousand dollars tax free...we'll pay you and you get to screw your company!"

            And it's even more plausible that somebody just made this crap up, and the Washington Post bit on it like a hungry trout....

            "I saw it on the Internet, it must be true. Right, dad?"
            "Not necessarily, son, but I saw it printed on pieces of a dead tree, so that makes it true for sure!"

          • As an employee who has worked in the OS division of Microsoft I would like to say unequivocally that this article is complete crap.

            There is no way that you could try to put a terrorist-sized hole in XP without a lot of people noticing.

            -For the months before the OS ships every line of code that is modified is examined on several levels; every bug that is found could potentially be investigated by any of dozens of people in any part of the organization...
            -There's nearly a 1/1 ratio of Test/Dev in the critical parts of the system; to do this you would have to get the developer(s) and the tester(s) responsible for that chunk of code/functionality.
            -Automated tools run by seperate groups review changes and record owners; try to sabotage something once & you won't get a second chance.
            -Automated tools run by testers review code that's not exercised by test-passes, reporting on changes so that the hole can be filled.

            This simply did not happen and it's embarrassing that this pseudo-technical forum is giving the report even a little credit. I would expect better from even the bitter/angry/biased-microsoft-haters that make up the such a vocal percentage of the slashdot crowd.

            • That sounds reasonable. However, by that logic there should never have been any exploits for a Microsoft product, right? Maybe you are assuming that the trojan would be glaringly obvious. I would assume the opposite - that it would be the kind of vulnerability we've already seen many times in IIS and Outlook. Something that could be called an honest mistake.

              I still don't really believe the story, but I think you are dismissing it too lightly.
      • Yeah, right. All code gets peer reviewed, and it's also verified that the version that's peer reviewed is exactly what's under source control, and QA reads code? That's a fucking joke.

        I used to work for Microsoft as a dev. (Visual Studio) Although coding practices vary from group to group, many (including our team) have mandatory code reviews before submitting, including ours.

        Noone would personaly verify that the peer reviewed version is exactly what's under source control, but come on. Groups are tight knit. You're always going through each other's code on a daily basis. You plant a Trojan, you're going to get caught.

        Let's face it. These Al Quaeda has enough problems smuggling weapons onto airplanes. Try smuggling a programmer through a Micrsoft interview process. M$ job interviews are notoriously tough. You would get more bang for the buck building a bomb and giving the federal reserve a good shaking. (No pun intended)
        • by Jason Earl (1894) on Tuesday December 18, 2001 @12:53PM (#2720874) Homepage Journal

          That's assuming that the terrorists would actually have to plant backdoors. It would be far less dangerous, and far easier, to simply look for buffer overflows and then not report them to management. What good is a peer review if your "peer" is actually looking for exploitable code for their own ends. A remotely exploitable buffer overflow is every bit as good as a backdoor, and if they were in QA they wouldn't even have to write it themselves, they would simply have to let it slide through.

          Now, I am not saying that the Al Qaeda has penetrated Microsoft, but I can't imagine that someone working at Microsoft hasn't been tempted to simply overlook a buffer overflow. Especially now that Windows is being used to run some very tempting targets.

    • by oddjob (58114) on Tuesday December 18, 2001 @11:31AM (#2720172)
      So something like a flight simulator in a spreadsheet program would never make it into a released product...

      Back under your bridge, troll.
    • This thing is clearly a hoax, but..

      I don't think this would be all that difficult. It's not like the hack has to be obvious. You wouldn't put something like:

      if( strcmp( username, "osama" ) ) { uid=0; }

      That would be too obvious.

      But something more subtle in the logic could easily get through, given the number of such bugs that have made it through without deliberate sabotage.

    • I dunno, it could be argued that the engineers that worked on the components of MS Office have in the past slipped in MANY the easter eggs into the product that went unnoticed.

      I could also see how it could be done. a simple #progma and redefinition of a core Win32 API function placed in something as silly as stdafx.h might just slip by.
    • by Transient0 (175617) on Tuesday December 18, 2001 @11:41AM (#2720266) Homepage
      Not to mention that the whole story is hanging on very tentative ground.

      In the first place, I notice that man is a "suspected" Al Qaeda member. From what I've been seeing lately, anyone who has the wrong kind of accent or a copy of the Koran is a suspected Al Qaeda Member.

      Secondly, if this man really is a member of the organization, it should be noted that bravado and misinformation are prime terrorist tactics. It's a lot easier to spread rumours about having planted bombs, or for that matter created software bugs, than it is to actually do it. And you still get the result of people being afraid to fly or afraid to use Windows.

      Thirdly, as you said, even if some programmers with less than noble intentions did manage to get employed at Microsoft, the chance that they would be able to intentionally slip in a trojan horse without it being caught in testing are pretty low.

      On the other hand, i suppose they couls just sabotage the american way of life by writing bad code, but then Microsoft pays people to do that anyway.
      • In the first place, I notice that man is a "suspected" Al Qaeda member. From what I've been seeing lately, anyone who has the wrong kind of accent or a copy of the Koran is a suspected Al Qaeda Member.

        Ok, but when you pick the suspected Al Qaeda member up, and he says "I'm an Al Qaeda member, and I'd like to enter a formal confession in court, so I can blather on about the evils of western 'civilization' before proudly marching off to die a martyr in your jails", you can excuse journalists for thinking he might really mean it.
    • by morcego (260031) on Tuesday December 18, 2001 @12:02PM (#2720426)
      I'm not sure.
      You see, I work for a not so big software company right now, but I used to.
      It's not that hard to sneak some malicious code into the final product. Quality Arrusance is usualy made only by using the software, not by analising the code. And even if they do analise the code, it's quite trivial to introduce some obscure buffer overflow.
      Also, we are forced to remember about that hacking of microsoft internal network some time ago, which they "claimed" give the hackers no access to the code base.
      I hate bin Laden as much as the next guy, and think he should die. But, even being a fanactic, the guy is inteligent. And has recources, both personel and money. I think it's very likely he would attempt something like this. I know, in his shoes, I would.
      • After some obtuse comments on my post, I stopped to think what I would do if I was a terrorist and decided to do this kind of stuff (sabotage WinXP).
        That lead me to some considerations:

        1- The sabotage would have to be enough so it's usage (or saying I would use it) would cause terror
        2- The sabotage would have to be small enough it would pass quality assurance without arousing a flag
        3- The sabotage would have to be generic enough so nobody would spot it at a first glance
        4- The exploit would have to be complicated enough so nobody else would be able to exploit it before I do
        5- This sabotage would have to take a form, or permit some kind of use, that would let me claim responsability for the terrorist act
        6- If I could do something misleading, so that when I first attacked, the the original sabotage
        would not be found, even after the attack, the better

        So, considering all this point, I want to reduce my rating from "Very Probable" to simply "Technicaly Factible".

        Unless they are very stupid. Which maybe they are, just like me posting this kind of thing with the FBI sensors and such monitoring everything.

        If they arest me for this post, please, let the slashdotters know about it.

        Or could it be I'm simply violating the DMCA ?
    • I have worked for several major software companies, including Microsoft, as a co-op.

      The standard practices at Microsoft do not include a lot of code review (even for a co-op). You could easily sneak stuff in there.

      That being said, I'll wait until I see proof before I believe this one.

      I have nothing to worry about, however. My standard practice is to never install a Microsoft OS until it has been "in the field" for -at least- a year :)
    • by Mr. Slippery (47854) <tms AT infamous DOT net> on Tuesday December 18, 2001 @12:32PM (#2720672) Homepage
      Code generally goes through peer reviews and quality assurance before it is accepted into the main stream.

      Where is this wonderful place you work?

      I've worked for, lessee, eight companies over the years, ranging from the tiny to mammoth international corporations. Only two had code reviews.

      At one, a well known company in the computer security field, code for a secure operating system base was reviewed by trust engineers - who were knowledgeable about the theory of security but who were not so knowledgeable about the programming language being use. We'd get questions like "what does char somecstring[16]; somecstring[0] = char(0); mean"?

      At the other, a well-known aerospace contractor, reviews of code for a NASA project focused on making sure that your code met the formatting standards required - no one asked me anything at all about the semantics of my code.

    • by Jason Earl (1894) on Tuesday December 18, 2001 @12:36PM (#2720708) Homepage Journal

      Whatever. Excel used to have a flight simulator embedded in it, for crying out loud! IIS had a back door password of "Netscape Engineers are Weenies" spelled backwords.

      Not to mention the fact that it seems like Windows has an exploit approximately every 3.5 seconds, and that's without access to the source. A terrorist at Microsoft wouldn't even have to try and embed backdoors into the software. They could just keep track of the exploitable buffer overflows and pass them on to their buddies instead of raising attention to them at Microsoft. Microsoft's entire defense stems around the fact that the "bad guys" don't have access to the code and must therefore guess where the problems are (and even still they have more than their share of problems). Someone on the inside (with access to the source) could easily subvert this process.

    • I worked for a software company and put a time bomb into one of their products, just to show it could be done. Even when they knew it was in there and what it did, they couldn't find it for hours. I pointed to the exact code and they still didn't understand what it did, but someone said "oh yeah, I saw that last week and thought it looked odd." I doubt he did (such a bullshitter), but even if he had, he wouldn't have figured it out. He would have given up and ignored it. Not anymore. And that's with a team of under 5 people touching that product. Imagine a team the size of the WinXP one.
    • >Speaking as a programmer who works for a big
      >software company, it's unlikely that anything
      > like that would be able to get through.


      Speaking as a director of the Federal Aviation Authority, it's unlikely that four planes could be simultaneuously hijacked and . . .


      hawk, not really an FAA official

  • hah! (Score:2, Funny)

    by kevlar (13509)

    I heard they also worked for Firestone and sabotaged their tires!!!
  • Hmmmm (Score:4, Funny)

    by Your_Mom (94238) <.slashdot. .at. .innismir.net.> on Tuesday December 18, 2001 @11:23AM (#2720090) Homepage
    Unfortunately, since there already so many holes and bugs in XP, we will never know if they really were successful.


    Unless they commented there code:

    security_hole(); &nbsp&nbsp&nbsp&nbsp&nbsp&nbsp/*b1n l@d1n r00lz!*/


  • c'mon, this is such a pile of bullshit it's ridiculous.

    Microsoft spokesman Jim Desler said Afroze's claims about the company were "bizarre and unsubstantiated and should be treated skeptically."

    for once, we can all agree with a Microsoft spokesman.
  • by zyqqh (137965) on Tuesday December 18, 2001 @11:24AM (#2720097)
    And they even left OVER 700 SEKRET MESSAGES IN THE SOURCE CODE!

    Observe:

    % grep -ir 'a.*l.*q.*a.*e.*d.*a' /usr/src/linux | wc -l
    704

    Time to outlaw leenuks, I say.
  • by Geeky (90998) on Tuesday December 18, 2001 @11:24AM (#2720099)
    From the article:

    According to Desler, Microsoft has rigorous processes in place during the development of Windows to ensure the security and integrity of source code

    I can sleep easier now.
  • don't worry (Score:3, Funny)

    by bnitsua (72438) on Tuesday December 18, 2001 @11:24AM (#2720100)
    These backdoors, trojans, etc. are rendered useless by the backdoors, trojans, etc. the NSA placed in XP.
    • yes, worry. (Score:3, Funny)

      by Erris (531066)
      Don't forget the ones there by design. You know, like the remote kill switch for too many hardware modifications, and others to make sure you don't rip M$ off. Ha ha ha. If M$ can do it, you can be sure others will figure it out and be doing it.

      Also, don't forget the ones that are there by poor implimentation. You know, like sound files in email that get executed without warning.

      Also, don't forget the ones that are there due to poor design. You know, like an email client that runs as root because there are no real user accounts and the underlying file system will not support that and ....

      Don't forget to combine all of the above with poor judgement. Well, running M$ with anything but in single user non networked air gap protected mode is poor judgement. Worse judgement is attatching a camera and an always on high speed internet connection in your freaking bedroom, ha-ha [min.net](banned in Saudi Arabia).

      Alah-Akbar. It's true you know.

  • Knowing Microsoft's track record, I wonder how much more damage some terrorist can add.
  • Ah ha! (Score:2, Funny)

    by Ledge (24267)
    So thats who coded Outlook! 10 bucks says they were in on the whole Passport thing too!
  • "This stuff screams hoax to me, but it's showing up on the washington post"

    Can we mod down a statement in an article as being redundant? The washington post all but invented "ready-shoot-aim" journalism.
    • Well, they are rerpoting as fact that Mohammad Afroze Abdul Razzak is making these claims. Are they not supposed to print the story because what this guy is saying is almost certainly untrue?

      It would be different if they were reporting that there were *in fact* security bugs in XP planted by terrorists, based on the claims of one guy.
  • by pulazzo (231488) on Tuesday December 18, 2001 @11:26AM (#2720126)
    then the terrorists have won.
  • by ka9dgx (72702)
    Ok, the clue is right in the idea... backdoors into the operating systems, but the perpetrators are more likely to owe allegence to the Mossad, NSA, CIA, Jesuits, or some other representative of authority.

    I'm starting to believe the FBI are actually the good guys these days... YIKES!

    --Mike--

  • by ShieldWolf (20476) <jeffrankine@netscap e . net> on Tuesday December 18, 2001 @11:27AM (#2720131)
    This just found in winsock.dll in XP:

    seineewerastsisrorretadeuqla
  • *sigh* (Score:4, Interesting)

    by szcx (81006) on Tuesday December 18, 2001 @11:27AM (#2720132)
    It screams of a hoax, so let's put it on the front page. Way to be part of the problem, Taco.
    • *barf* (Score:3, Insightful)

      by Erris (531066)
      It screams of a hoax, so let's put it on the front page. Way to be part of the problem, Taco.

      Let's just whine about it instead of moving on. Way to fill the page up with trash.

      Hypocracy, see above.

      • Re:*barf* (Score:3, Interesting)

        by szcx (81006)
        Let's just whine about it instead of moving on. Way to fill the page up with trash.

        Yeah, be sure and keep that advice in mind the next time you see FUD coming from Microsoft. The only way to stop problem behavior is by pointing it out. You think the antitrust case would have been filed if people just "moved on"? Are the Slashdot editors immune from scrutiny simply because they're anti-Microsoft?

        Hypocracy, see above.

  • say what? (Score:5, Funny)

    by cr@ckwhore (165454) on Tuesday December 18, 2001 @11:27AM (#2720134) Homepage
    last time I checked, these afganhis were hacking and downloading movies with a commodore 64 (http://slashdot.org/article.pl?sid=01/11/17/20420 7&mode=thread [slashdot.org])

    ...no other explanation needed.
  • I'm sorry, but this sort of statement is just plain silly. Any 'newly hired engineers' would hardly be in a position to place any sort of major bugs in such a large project. EVEN IF THEY COULD, since XP is relatively new, bugs placed on purpose would be no worse then any existing bugs simply due to the nature of newly released software.

    Perhaps, just perhaps, a few well placed bugs could have an effect on the end product, but I see no reason why such an orginization would want to target such a thing. I can see the reason to want to make such false statement to cause yet more public doubt as to their safety, though. The likelyhood this is a ploy to crete more doubt is much greater then the likelyhood that they actually did such a thing.

    On the other hand, it could very well be true. It is so out there that it just might be truely something that happened. It most certainly is no more out there then the very same network obtaining Anthrax from a US source, and mailing it all over the country..
  • "I, Mudd" was on sci-fi last night. I see a rewrite, something like this:

    I, Ashcroft

    "...XP is the only OS that can protect us from terrorists.

    But XP was *made* by terrorists"

    Fzzt... Pop....
  • has found the following phrase:
    "!seineeW era tnemnrevoG SU"
  • Oh ya? (Score:2, Funny)

    by Matt2000 (29624)

    I heard that members of al Qaeda had infiltrated Slashdot and were sabotaging the quality of reporting.

    Oh wait, Taco has always posted retarded stuff.
  • by sid_vicious (157798) on Tuesday December 18, 2001 @11:31AM (#2720171) Homepage Journal
    So, does this mean goodbye to the "Bluescreen of Death" and hello to the "Bluescreen of Holy Vengeance?"
  • by Stavr0 (35032) on Tuesday December 18, 2001 @11:34AM (#2720203) Homepage Journal
    Just put this in a .REG file and the evil will be revealed... REGEDIT4 [HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08- 00AA002F954E}] @="Recycle Bin Laden"
  • Daisy Cutter (Score:4, Offtopic)

    by pjdepasq (214609) on Tuesday December 18, 2001 @11:35AM (#2720210)
    Does this mean we can drop a few 'Daisy Cutters' on Redmond?
  • How to tell (Score:5, Funny)

    by Syberghost (10557) <syberghost@syb[ ]host.com ['erg' in gap]> on Tuesday December 18, 2001 @11:35AM (#2720213) Homepage
    We'll know it terrorists slipped code into XP, because if they do, they'll make it support raw port access for non-priviledged users. Clearly only a terrorist would do that, so it'll be a dead giveaway.
  • We should all know about the wonderful editorial integrity [slashdot.org] of the Washington Post.

  • According to Desler, Microsoft has rigorous processes in place during the development of Windows to ensure the security and integrity of source code

    Oh well, in that case!
  • Prasad, moderator of an Internet mailing list on south Asia security and information warfare, told Newsbytes that Afroze made the claims in a police confession.

    Even if the story is true, and the guy "confessed"... I know I'd confess to writing windows XP if faced with a rubber hose.

    Think about it...
  • Funny how /bin/laden has passed from mere mortal to a incarnation of evil, and as such responsible for all bad things.

    Yesterday he was responsible for crashing the US economy. Today he is responsible for bugs in XP. Tommorow he will be responsible for sour milks, bad weather, disrespectfull children...

  • "...members of Osama bin Laden's Al Qaeda network, posing as computer programmers, were able to gain employment at Microsoft" - so, you can "pose" as a computer programmer, and get to modify M$'s source, can you? You don't actually have to be a programmer?

    Also, I liked "According to Desler [an M$ spokesman], Microsoft has rigorous processes in place during the development of Windows to ensure the security and integrity of source code." Well, it's worked so far, hasn't it? Maybe they're just talking about how difficult it is to add intentional bugs. That, I can believe.

    The very suggestion that M$ needs help adding "trojans, trapdoors, and bugs in Windows XP," is the laughable bit here.
  • good lord (Score:5, Funny)

    by banky (9941) <gregg&neurobashing,com> on Tuesday December 18, 2001 @11:38AM (#2720240) Homepage Journal
    (Outside of an Al Queda recruitment center)
    "OK, people. Line to the left is suicide bombers, center line is front line soldiers, right-hand, nefarious computer geeks."

    or
    (2 terrorists meet to discuss their accomplishments)
    "I have struck a great blow against Satan! I have planted bombs and anthrax!"
    "I, too, have stuck a great blow!"
    "What did you do?"
    "Improper bounds checking in msetl23.dll! I used my own hasty, roll-your-own strcpy()! And as a final coup de gras*, I stole 3 product activation keys and gave them to Best Buy employees"

    Please.

    * terrorists may not actually use phrases like this. Consult your manual.
  • by cygnusx (193092)
    Anybody else noticed this in the article:

    A defense attorney hired by Afroze's father, a tailor by profession, reportedly asked the court to allow Afroze to receive a
    psychiatric examination but was rejected.


    The guy sure sounds loco to me.
  • As someone who has been through the Microsoft interview process, I find it highly doubtful that some random terrorist programmers could make it though.

    Unless, of course, Al Qaeda makes learning how to get 5 gallons of liquid using 3 and 7 gallon containers part of their training.

  • According to Desler, Microsoft has rigorous processes in place during the development of Windows to ensure the security and integrity of source code.

    Hahaha... that's how you can be sure this article's a hoax.
  • by Rogerborg (306625) on Tuesday December 18, 2001 @11:41AM (#2720268) Homepage
    • A suspected member of the Al Qaeda terrorist network claimed that Islamic militants infiltrated Microsoft and sabotaged the company's Windows XP operating system, according to a source close to Indian police.

    Look at the effect they've already had on the global airline and tourist industries, based on a net increase in danger that's insignificant compared to road deaths. Score one for the terrorists.

    And here come the ill considered security measures and infringements of civil liberties. We defend Freedom by taking it away. Score two.

    Then it was time to target the the government, postal service and law enforcement with a few packets of a not particularly lethal virus (sympathies to the victims though). Again, the big impact is from the FUD, as law enforcement chase hoaxes and benign packages all over the country. Score three.

    Now it's software. "All your code base belong to us!" they rant. Expect the hoaxers to jump on this and a new rash of bin Laden themed virii and worms to appear. It's pure FUD, but the problem is reassuring easily frightened and confused non-techies that it isn't true. How do you disprove the existence of allegedly hidden code?

    And so for once I'm actually going to get on the bandwagon with Microsoft and give this zero credibility. This pathetic piece of bluster should not be allowed to put anyone off using XP. There's plenty of real reasons for not using it, but this isn't one of them.

  • Probably nothing more than an indication that al-Qaeda are Linux buffs and wanted to see their names on /.
  • by ASyndicate (159990) on Tuesday December 18, 2001 @11:42AM (#2720278) Homepage
    # chflags noschg /bin/laden
    # rm -f /bin/laden

    Warning: Utitilty /bin/laden removed. Will replace with something even more evil.

    # ln /bin/microsoft /bin/laden
    # chflags schg /bin/laden
    # chflags schg /bin/microsoft

    Thank you for removing /bin/laden
  • Actually, something occured to me that makes it a little bit more possible. I once read somewhere on MSDN regarding the realease of localized versions of Microsofts OSes ad applications where generally localized by outside contractors, such as those used in India, etc..

    This could have, indeed, made it a great deal easier to insert some hidden #ifdef inside of, say, a comment that looks funny, and cause some issues such as providing uid checks, etc..

    Perhaps I'm just thinking to much. It's amazing how easy something appears to be if you can think about it long enough..
  • by sheldon (2322) on Tuesday December 18, 2001 @11:43AM (#2720284)
    Members of the militant group Hamas have claimed responsibility for file corruption issue found in the Linux 2.4.15 kernel.
  • WTF! (Score:2, Funny)

    by bill0r (195811)
    Microsoft has rigorous processes in place during the development of Windows to ensure the security and integrity of source code.

    muahahaha, now, *THAT* was funny.
  • Yeah, that's the ticket. The Al-Queda did it. They are the reason that XP sucks. Yeah. We didn't do nothin, you hear?

    The largest case of FUD EVER!

  • i am not an ms fan, in fact part of the reson this story will be successful is because of ms's history of poor quality management and it's closed source systems, but this article is most likely fud. after all, it's easier to *say* you've planted such things in xp then to actually do it. and since ms has a poor track record for security and since there is no public peer review of their code, it will certainly cause reasonable people fear, uncertainty and doubt about microsoft's software.

    truly a case of reaping what you sow. ah, how amusing.
  • Anyone got a link to it?
  • That Al Queda knows why manhole covers are round...

  • by Tony Shepps (333) on Tuesday December 18, 2001 @11:49AM (#2720334) Homepage
    It turns out that al Qaeda is actually a bitter DR-DOS user group.
  • by coupland (160334) <dchase@nOSpaM.hotmail.com> on Tuesday December 18, 2001 @11:51AM (#2720349) Journal

    Sounds to me like al-Qaeda is just looking to take credit for the chaos caused by others.

    "You will feel our wrath in the endless bugs and security holes in Windows XP!"

    What's next? "We will cause random car accidents in busy intersections and will lace cigarettes with deadly carcinogens!" OOooo, their prophecies are coming true, everybody! Head for the hills!

  • by lwagner (230491) on Tuesday December 18, 2001 @12:00PM (#2720408)
    9:05a. Breaking News... the alleged five teraflop Al Qaeda computer hax0ring complex has been penetrated by US Special Forces...

    7:30p. This just in - We have learned that the alleged Al Qaeda computing complex was destroyed. US Marines were seen removing five hourglasses, an abacus, and a piece of aluminum foil that were allegedly behind a massive recent distributed denial of service.

  • by The Pim (140414) on Tuesday December 18, 2001 @12:09PM (#2720464)
    On a hunch, I started grep'ing through XP, and stumbled across the backdoor password:

    !seineew era snaitsirhC dna sweJ
  • by WildBeast (189336) on Tuesday December 18, 2001 @12:17PM (#2720515) Journal
    Al Qaeda members aren't supposed to know what the other members are doing. Their own mission is revealed to them at the last moment.

    In the article they mention the following : "authorities find some of his claims inconsistent and "too theatrical to believe.""

    This guy is probably not even a member of Al Qaeda, he's just a crazy guy who's probably too dumb to even be a terrorist.
    • WildBeast wrote:

      > Al Qaeda members aren't supposed to know what the other members
      > are doing. Their own mission is revealed to them at the last moment.

      That is exactly right. Bin Laden himself said that none of the 9/11 groups (except the leader) knew the others existed or what they were doing. They didn't know what they themselves were doing until they were getting on the plane.

      > This guy is probably not even a member of Al Qaeda, he's just a crazy
      > guy who's probably too dumb to even be a terrorist.

      Oh, he's a terrorist alright, and if Walker is saying what he has been reported to say (attack yesterday), then he is one too. When one of these people have been captured and can do nothing else to support their cause, they use their mouths in one last terrorist attack: spreading wild (but at least remotely believable) rumors to terrify their enemies. After all, the real business of terrorists is not high body counts, but *TERROR*.

      Afroze's claims are false, but Microsoft's all consuming greed was leading them to engage in terror marketing (those "buy more or be audited" postcards) prior to 9/11. Greed, terror, and cruelty are all three heads of one terrible monster.

      Wisdom overcomes greed.
      Courage sends terror running.
      Compassion, the greatest power, conquers cruelty.

      Mothra, you were right! Heart can reach!
  • by hoggoth (414195) on Tuesday December 18, 2001 @12:20PM (#2720534) Journal
    This just in:

    "Bill Gates holds press release on Al Qaeda hacks in Windows XP."
    Redmond- Bill Gates today held a press release to confirm the presence of "hacked" code in the Windows XP product, and admitted for the first time that all previous versions of Windows also had "hacked" code inserted maliciously by covert Al Qaeda operatives within the Microsoft Corporation. "We have confirmed the presence of this code in all versions of Microsoft Windows from 3.0 to XP. The code we have found was planted by covert Al Qaeda operatives who were employed by Microsoft for years. This was a long-term terrorist operation planned years in advance and executed with frightening efficiency. We have investigated the code and found it to be the cause of instability in Windows products. As a matter of fact, the infamous "Blue Screen of Death" was in fact an Al Qaeda trojan. We will be release a full list in the coming week of all the Windows problems that the Al Qaeda terrorists are responsible for after a full investigation of all the things that make Windows suck."

  • by biglig2 (89374) on Tuesday December 18, 2001 @12:22PM (#2720557) Homepage Journal
    ... where this looney says they planned to attack the Houses of Parliament and Tower Bridge.

    Parliament perhaps, but not Tower Bridge. If they were interested in tourist attractions in the US, they would have put a plane into the statue of Liberty. It doesn't fit their pattern. Tower Bridge isn't even that big a deal as a symbol of the City. The Tower itself, or St Pauls, or Buck Huse, would be more likely.

    Canary Wharf, I could believe.
  • Ah... (Score:5, Funny)

    by ZoneGray (168419) on Tuesday December 18, 2001 @12:39PM (#2720744) Homepage
    Ahhh, it all makes sense now. No matter how hard I tried, I could never land properly in MS Flight Simulator.
  • by abes (82351) on Tuesday December 18, 2001 @01:23PM (#2721112) Homepage
    They were planting features, not trojans or trapdoors.
  • Al Qaeda Tactic? (Score:3, Interesting)

    by istartedi (132515) on Tuesday December 18, 2001 @01:45PM (#2721276) Journal

    Perhaps these guys have been instructed that if they feel the need to "spill the beans" they should spill 3 or 4 phony beans along with the real ones. That way, our security has to track multiple potential threats. I'm sure nothing would please them more than to see us spend the time and money required to audit all of the Windows code.

    Perhaps there is a rational way to tell which threats are real; some kind of "threat profiling".

  • by TWR (16835) on Tuesday December 18, 2001 @01:53PM (#2721323)
    Now I don't know if XP was targeted by Al Qaeda, but a good chunk of Y2K work was outsourced to places like India, where this self-proclaimed terrorist was picked up.

    Given the long-term planning that Al Queda is known for, and their penchant for using the tools of the West against the West, I would be unsurprised if they planted people into companies doing Y2K patchwork for major financial institutions or other mission-critical systems. Most of that code was NOT code reviewed due to time constraints, and the work was done overseas by the lowest bidders. This is a recipe for disaster and was predicted as such years ago. Now that we know exactly how crazy these motherfuckers are, the warnings seem a lot more important.

    Just my paranoid guess.

    -jon

  • Don't believe this!! (Score:3, Interesting)

    by snake_dad (311844) on Tuesday December 18, 2001 @04:32PM (#2722572) Homepage Journal
    It's al just FUD to cover up the Magic Lantern introduction. Really.
  • Malice? (Score:3, Insightful)

    by Frank Sullivan (2391) on Tuesday December 18, 2001 @05:00PM (#2722754) Homepage
    "no evidence of malicious code in the operating system has been reported".

    Never attribute to malice that which can be adequately explained by stupidity. :}

Interchangeable parts won't.

Working...