On 2006-08-04, Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> posted something concerning:
> __/ [ Bobbie ] on Friday 04 August 2006 06:17 \__
>
>> On Fri, 04 Aug 2006 05:36:09 +0200, OK wrote:
>>
>>> On Fri, 04 Aug 2006 00:18:49 GMT, Jim <james@xxxxxxxxxxxxxxxxxxxxxxx>
>>> wrote:
>>>
>>>>Sinister Midget wrote:
>>>>
>>>>>
> http://news.yahoo.com/s/ap/20060803/ap_on_hi_te/microsoft_hacker_challenge
>>>>>
>>>>> LAS VEGAS - After suffering embarrassing security exploits over the
>>>>> past several years, Microsoft Corp. is trying a new tactic: inviting
>>>>> some of the world's best-known computer experts to try to poke holes
>>>>> in Vista, the next generation of its Windows operating system.
>>>>>
>>>>> Microsoft made a test version of Vista available to about 3,000
>>>>> security professionals Thursday as it detailed the steps it has
>>>>> taken to fortify the product against attacks that can compromise
>>>>> bank account numbers and other sensitive information.
>>>>>
>>>>> "You need to touch it, feel it," Andrew Cushman, Microsoft's
>>>>> director of security outreach, said during a talk at the Black Hat
>>>>> computer-security conference. "We're here to show our work."
>>>>>
>>>>> Microsoft has [ED: rightly)faced blistering criticism for security
>>>>> holes that have led to network outages and business disruptions for
>>>>> its customers. After being accused for not putting enough resources
>>>>> into shoring up its products, the software maker is trying to
>>>>> convince outsiders that it has changed.
>>>>>
>>>>> Maybe they'll even leave it connected long enough for somebody to say
>>>>> truthfully that they had a chance to attack it. But I doubt it'll be
>>>>> long enough for a group of M$-selected "security professionals"* to do
>>>>> any actual damage.
>>>>>
>>>>> * Let's not forget that there are thousands of "scientists" on each
>>>>> side of the global warming debate. So numbers of "experts" alone
>>>>> means nothing.
>>>>>
>>>>
>>>>Give it to any student at TMRC or the MIT AI lab or any white hat hacker.
>>>>They'll have it to /pieces/ in no time.
>>>>
>>>>Or give it to my 12yo son; he'll laugh his arse off while he pokes holes
>>>>you could drive a *truck* through.
>>>
>>> How delusional....
>>
>>
>> But still, you have to wonder.
>> Windows comes from the company that has always put ease of use over
>> security.
>
> Why invite all the world's cracker while you have the following:
>
>
> Symantec highlights Windows Vista user vulnerabilities
>
> ,----[ Quote ]
>| Symantec has shed more light on potential vulnerabilities in Windows
>| Vista that could circumvent new security measures and leave users
>| vulnerable to attack.
> `----
>
> http://www.theregister.co.uk/2006/08/02/symantec_windows_vista_security/
>
>
>
> Symantec continues Vista bug hunt
>
> ,----[ Quote ]
>| After poking around the Windows Vista networking stack, Symantec
>| researchers have tried out privilege-escalation attacks on an early
>| version of the Windows XP successor.
>|
>| "We discovered a number of implementation flaws that continued to allow
>| a full machine compromise to occur," Matthew Conover, principal
>| security researcher at Symantec, wrote in the report titled "Attacks
>| against Windows Vista's Security Model." The report was made available
>| to Symantec customers last week and is scheduled for public release
>| sometime before Vista ships, a Symantec representative said Monday.
> `----
>
> http://news.zdnet.com/2100-1009_22-6097976.html
>
>
> Symantec Finds Flaws In Vista's Network Stack
>
> ,----[ Quote ]
>| Researchers with Symantec's advanced threat team poked through
>| Vista's new network stack in several recent builds of the
>| still-under-construction operating system, and found several bugs
>| -- some of which have been fixed, including a few in Monday's
>| release -- as well as broader evidence that the rewrite of the
>| networking code could easily lead to problems.
>|
>| [...]
>|
>| Among Newsham's and Hoagland's conclusions: "The amount of new
>| code present in Windows Vista provides many opportunities for
>| new defects."
>|
>| "It's true that some of the things we found were 'low-hanging
>| fruit,' and that some are getting fixed in later builds,"
>| said Friedrichs. "But that begs the question of what else
>| is in there?"
> `----
>
> http://www.techweb.com/wire/security/190700049;jsessionid=MWLALDT21M10GQSNDLPSKHSCJUNN2JVN
>
>
> Symantec Says Windows Vista Will be Less Secure than XP
>
> ,----[ Snippet ]
>| Symantec said earlier last week that there were no viruses for Apple's
>| OS X.
> `----
>
> http://www.dailytech.com/article.aspx?newsid=3389
>
>
> Symantec sees an Achilles' heel in Vista
>
> ,----[ Quote ]
>| Some of Microsoft's efforts to make Windows Vista its most stable and
>| secure operating system ever could cause instability and new security
>| flaws, according to a Symantec report.
>|
>| [...]
>|
>| "Microsoft has removed a large body of tried and tested code and
>| replaced it with freshly written code, complete with new corner cases
>| and defects," the researchers wrote in the report, scheduled for
>| publication Tuesday.
> `----
>
> http://news.zdnet.com/2100-1009_22-6095119.html
That was my point above. Despite knowing these things, I'm betting no
more than a couple of their "experts" can find any way to exploit
Fisted's holes.
--
Bill Gates: "As long as they [China] are going to steal it, we want
them to steal ours. They'll get sort of addicted, and then we'll
somehow figure out how to collect sometime in the next decade."
|
|
