__/ [ Bobbie ] on Friday 04 August 2006 06:17 \__
> On Fri, 04 Aug 2006 05:36:09 +0200, OK wrote:
>> On Fri, 04 Aug 2006 00:18:49 GMT, Jim <james@xxxxxxxxxxxxxxxxxxxxxxx>
>>>Sinister Midget wrote:
>>>> LAS VEGAS - After suffering embarrassing security exploits over the
>>>> past several years, Microsoft Corp. is trying a new tactic: inviting
>>>> some of the world's best-known computer experts to try to poke holes
>>>> in Vista, the next generation of its Windows operating system.
>>>> Microsoft made a test version of Vista available to about 3,000
>>>> security professionals Thursday as it detailed the steps it has
>>>> taken to fortify the product against attacks that can compromise
>>>> bank account numbers and other sensitive information.
>>>> "You need to touch it, feel it," Andrew Cushman, Microsoft's
>>>> director of security outreach, said during a talk at the Black Hat
>>>> computer-security conference. "We're here to show our work."
>>>> Microsoft has [ED: rightly)faced blistering criticism for security
>>>> holes that have led to network outages and business disruptions for
>>>> its customers. After being accused for not putting enough resources
>>>> into shoring up its products, the software maker is trying to
>>>> convince outsiders that it has changed.
>>>> Maybe they'll even leave it connected long enough for somebody to say
>>>> truthfully that they had a chance to attack it. But I doubt it'll be
>>>> long enough for a group of M$-selected "security professionals"* to do
>>>> any actual damage.
>>>> * Let's not forget that there are thousands of "scientists" on each
>>>> side of the global warming debate. So numbers of "experts" alone
>>>> means nothing.
>>>Give it to any student at TMRC or the MIT AI lab or any white hat hacker.
>>>They'll have it to /pieces/ in no time.
>>>Or give it to my 12yo son; he'll laugh his arse off while he pokes holes
>>>you could drive a *truck* through.
>> How delusional....
> But still, you have to wonder.
> Windows comes from the company that has always put ease of use over
Why invite all the world's cracker while you have the following:
Symantec highlights Windows Vista user vulnerabilities
,----[ Quote ]
| Symantec has shed more light on potential vulnerabilities in Windows
| Vista that could circumvent new security measures and leave users
| vulnerable to attack.
Symantec continues Vista bug hunt
,----[ Quote ]
| After poking around the Windows Vista networking stack, Symantec
| researchers have tried out privilege-escalation attacks on an early
| version of the Windows XP successor.
| "We discovered a number of implementation flaws that continued to allow
| a full machine compromise to occur," Matthew Conover, principal
| security researcher at Symantec, wrote in the report titled "Attacks
| against Windows Vista's Security Model." The report was made available
| to Symantec customers last week and is scheduled for public release
| sometime before Vista ships, a Symantec representative said Monday.
Symantec Finds Flaws In Vista's Network Stack
,----[ Quote ]
| Researchers with Symantec's advanced threat team poked through
| Vista's new network stack in several recent builds of the
| still-under-construction operating system, and found several bugs
| -- some of which have been fixed, including a few in Monday's
| release -- as well as broader evidence that the rewrite of the
| networking code could easily lead to problems.
| Among Newsham's and Hoagland's conclusions: "The amount of new
| code present in Windows Vista provides many opportunities for
| new defects."
| "It's true that some of the things we found were 'low-hanging
| fruit,' and that some are getting fixed in later builds,"
| said Friedrichs. "But that begs the question of what else
| is in there?"
Symantec Says Windows Vista Will be Less Secure than XP
,----[ Snippet ]
| Symantec said earlier last week that there were no viruses for Apple's
| OS X.
Symantec sees an Achilles' heel in Vista
,----[ Quote ]
| Some of Microsoft's efforts to make Windows Vista its most stable and
| secure operating system ever could cause instability and new security
| flaws, according to a Symantec report.
| "Microsoft has removed a large body of tried and tested code and
| replaced it with freshly written code, complete with new corner cases
| and defects," the researchers wrote in the report, scheduled for
| publication Tuesday.