Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [neWs) M$ Begins Massive PR Blitz

On 2006-08-05, Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> posted something concerning:
> __/ [ Rex Ballard ] on Saturday 05 August 2006 00:34 \__
>
>> Sinister Midget wrote:
>>> http://news.yahoo.com/s/ap/20060803/ap_on_hi_te/microsoft_hacker_challenge
>>>
>>>    LAS VEGAS - After suffering embarrassing security exploits over the
>>>    past several years, Microsoft Corp. is trying a new tactic: inviting
>>>    some of the world's best-known computer experts to try to poke holes
>>>    in Vista, the next generation of its Windows operating system.
>> [snip]
>> 
>> So they put a padlock on their cardboard box, didn't tell them about
>> the doggie door for the St Barnard, and give them 10 minutes to try and
>> figure out the combination to the padlock.
>
>
> *LOL*
>
>
>>> --
>>> Microsoft is to operating systems and security as McDonalds is to
>>> gourmet cooking.
>> 
>> Compared to "Fortress Linux" which has numerous layers of security, and
>> auditing to bust your a** if you do try to hack it.  Crack that Linux
>> server, you go to jail.  Do you feel lucky punk?
>> 
>> :D
>
>
> FWIW, the crackers broke Vista last night! Well ahead of its date of release
> (the prematurity being a bad thing for Microsoft, not a positive thing)
>
> ,----[ Quote ]
>| She demonstrated two potential attack vectors. One could allow unsigned
>| code to be loaded into the Vista kernel. The second vector involved
>| taking advantage of AMD's Pacific Hardware Virtualization to inject a
>| new form of super malware that Rutkowska claimed to be undetectable.
> `----
>
>                 http://www.internetnews.com/security/article.php/3624861

Typical. To fix the security problem, you have to break another thing
(which is how these things nearly always work).

   Rutkowska brought suggestions that could potentially prevent the
   subversion of the Vista kernel. One of them involves denying raw
   disk access from usermode, though she said that approach would
   likely break many applications.

The bitching will start somewhere down the road. So the fix for the
newly b0rken thing will be to reverse the process and not worry about
it until kiddies find out the old access door is opened again.

Or, as happens sometimes, they'll really hose something up trying to
make the first fix work at the same time the new fix does. After people
start uninstalling the second patch and continue whining about their
broken programs for awhile, /then/ M$ would follow the usual path of
just rebreaking the first broken thing to fix the second one.

IOW more of the same.

But what can one expect from what amounts to a service pack for XP
(with monstrous additional hardware requirements)?

   Rutkowska said she disabled kernel memory paging on her own machine
   and is just using physical memory instead. She did admit, however,
   that her machine had 4 GB of RAM and as such paging makes little
   sense.

There goes the "minimum" or "recommended" memory requirements. You'll
need to increase it massively just to get around one security bug. Moms
and pops everywhere will know *exactly* what to do.

> I will also append the following list that I accumulated for PJ.
>
> Symantec highlights Windows Vista user vulnerabilities
> http://www.theregister.co.uk/2006/08/02/symantec_windows_vista_security/
>
> Symantec continues Vista bug hunt
> http://news.zdnet.com/2100-1009_22-6097976.html
>
> Symantec Finds Flaws In Vista's Network Stack
> http://www.techweb.com/wire/security/190700049;jsessionid=MWLALDT21M10GQSNDLPSKHSCJUNN2JVN
>
> Symantec Says Windows Vista Will be Less Secure than XP
> http://www.dailytech.com/article.aspx?newsid=3389
>
> Symantec sees an Achilles' heel in Vista
> http://news.zdnet.com/2100-1009_22-6095119.html

The Achilles' heel in Fister /is/ Fisted!

-- 
Microsoft Marketing: The art of making you think the money you spent
was worth it.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index