Microsoft mulling major changes to ward off .ANI-type flaws
,----[ Quote ]
| During the creation of Windows Vista, more than 140,000 unsafe API calls
| were banned and Howard hinted that one more -- "memcpy" -- might be
| added to the list for new code coming out of Redmond.
|
| [...]
|
| ""The SDL is not perfect, nor will it ever ever be perfect," Howard
| argued. "We still have work to do, and this bug shows that. We have
| a new -GS pragma that adds more stack cookies; we?ve updated our
| fuzz tools; we will pay closer attention to exception handlers that
| could mask vulnerabilities, and we will investigate the impact of
| banning "memcpy" for new code," he added.
`----
http://blogs.zdnet.com/security/?p=181
How about this one?
Student evades Cisco NAC; gets suspended
,----[ Quote ]
| A default setting in Cisco NAC gear allowed a University of Portland
| student to dodge a security scan by Cisco?s NAC software agent and
| get on the school network.
`----
http://www.networkworld.com/news/2007/042607-cisco-nac-unversity-portland.html
At least the flaw was a result of human error (negligence).
Related:
Microsoft Patches Not One, But Three Vista Holes
,----[ Quote ]
| Microsoft today released an update for the recently popular 'animated
| cursor' vulnerability. The update was originally scheduled for April
| 10th, but due to recent exploits, was rushed out today. The update
| wasn't just for this one vulnerability though, in Vista, it addressed two
| others, and in all covered seven vulnerabilities in Vista, XP and
| 2000.
`----
http://itsvista.com/2007/04/microsoft-patches-not-one-but-three-vista-holes/
|
|
