Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [Roy Schestowitz Lies Again] Windows Gets Another 'Hack' to Fix Inherently-insecure System (was: [News] Windows Gets Another 'Hack' to Fix Inherently-insecure System)

__/ [ Roy Schestowitz ] on Saturday 28 April 2007 11:50 \__

> __/ [ Erik Funkenbusch ] on Saturday 28 April 2007 08:45 \__
>> On Sat, 28 Apr 2007 03:52:30 +0100, Roy Schestowitz wrote:
>>> Microsoft mulling major changes to ward off .ANI-type flaws
>>> ,----[ Quote ]
>>>| During the creation of Windows Vista, more than 140,000 unsafe API calls
>>>| were banned and Howard hinted that one more -- "memcpy" -- might be
>>>| added to the list for new code coming out of Redmond.
>>>| [...]
>>>| ""The SDL is not perfect, nor will it ever ever be perfect," Howard
>>>| argued. "We still have work to do, and this bug shows that. We have
>>>| a new -GS pragma that adds more stack cookies; we?ve updated our
>>>| fuzz tools; we will pay closer attention to exception handlers that
>>>| could mask vulnerabilities, and we will investigate the impact of
>>>| banning "memcpy" for new code," he added.
>>> `----
>>> http://blogs.zdnet.com/security/?p=181
>> I'm struggling to find *ANY* way that you could possibly not be lying
>> here. This article talks about Microsoft's software development lifecycle,
>> and how they are taking steps by barring the use of functions that have a
>> history of unsafe use, as well as various tools to help identify flawed
>> code.  Yet your title says that Microsoft is issuing some hack patch to
>> fix windows.
>> They're two *ENTIRELY* different concepts.  One is a proactive stance
>> taken by professional developers (OpenBSD uses a similar approach), and
>> the other is creating a crappy piece of code.
>> Do you not even read the articles you link to?  How do you justify
>> fabricating these subject lines?
> Subject lines modified to get past filters, eh?
> Do you consider the following measure a step towards security? Or is it
> just a workaround for flawed design?


Runs away again?

> Program Names govern admin rights in Vista
> ,----[ Quote ]
> | "This is a little bit silly: just name the installer something
> | else, and Vista lets it through," Chess said. He added that
> | although the feature is imperfect and inconvenient, it's
> | "better than nothing".
> `----
> http://www.theregister.co.uk/2007/04/23/vista_program_naming_oddness/

                ~~ Best regards

Roy S. Schestowitz      |    Proprietary cripples communication
http://Schestowitz.com  |  Open Prospects   ¦     PGP-Key: 0x74572E8E
Tasks: 114 total,   1 running, 112 sleeping,   0 stopped,   1 zombie
      http://iuron.com - knowledge engine, not a search engine

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index