__/ [ Erik Funkenbusch ] on Saturday 28 April 2007 08:45 \__
> On Sat, 28 Apr 2007 03:52:30 +0100, Roy Schestowitz wrote:
>
>> Microsoft mulling major changes to ward off .ANI-type flaws
>>
>> ,----[ Quote ]
>>| During the creation of Windows Vista, more than 140,000 unsafe API calls
>>| were banned and Howard hinted that one more -- "memcpy" -- might be
>>| added to the list for new code coming out of Redmond.
>>|
>>| [...]
>>|
>>| ""The SDL is not perfect, nor will it ever ever be perfect," Howard
>>| argued. "We still have work to do, and this bug shows that. We have
>>| a new -GS pragma that adds more stack cookies; we?ve updated our
>>| fuzz tools; we will pay closer attention to exception handlers that
>>| could mask vulnerabilities, and we will investigate the impact of
>>| banning "memcpy" for new code," he added.
>> `----
>>
>> http://blogs.zdnet.com/security/?p=181
>
> I'm struggling to find *ANY* way that you could possibly not be lying here.
> This article talks about Microsoft's software development lifecycle, and
> how they are taking steps by barring the use of functions that have a
> history of unsafe use, as well as various tools to help identify flawed
> code. Yet your title says that Microsoft is issuing some hack patch to fix
> windows.
>
> They're two *ENTIRELY* different concepts. One is a proactive stance taken
> by professional developers (OpenBSD uses a similar approach), and the other
> is creating a crappy piece of code.
>
> Do you not even read the articles you link to? How do you justify
> fabricating these subject lines?
Subject lines modified to get past filters, eh?
Do you consider the following measure a step towards security? Or is it just
a workaround for flawed design?
Program Names govern admin rights in Vista
,----[ Quote ]
| "This is a little bit silly: just name the installer something
| else, and Vista lets it through," Chess said. He added that
| although the feature is imperfect and inconvenient, it's
| "better than nothing".
`----
http://www.theregister.co.uk/2007/04/23/vista_program_naming_oddness/
--
~~ With kind regards
For governments that eavesdrop, here is a quick list of tags: Communism,
Hawaiian shirts, China, Suitcase, Martha Stewart, Encryption, Prison,
Stalin. Thanks for tuning in.
http://Schestowitz.com | RHAT GNU/Linux ¦ PGP-Key: 0x74572E8E
run-level 5 Apr 14 23:12 last=S
http://iuron.com - help build a non-profit search engine
|
|
