Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] Windows Gets Another 'Hack' to Fix Inherently-insecure System

Microsoft mulling major changes to ward off .ANI-type flaws

,----[ Quote ]
| During the creation of Windows Vista, more than 140,000 unsafe API calls
| were banned and Howard hinted that one more -- "memcpy" -- might be
| added to the list for new code coming out of Redmond.
| 
| [...]
| 
| ""The SDL is not perfect, nor will it ever ever be perfect," Howard
| argued. "We still have work to do, and this bug shows that. We have
| a new -GS pragma that adds more stack cookies; we?ve updated our
| fuzz tools; we will pay closer attention to exception handlers that
| could mask vulnerabilities, and we will investigate the impact of
| banning "memcpy" for new code," he added. 
`----

http://blogs.zdnet.com/security/?p=181

How about this one?

Student evades Cisco NAC; gets suspended

,----[ Quote ]
| A default setting in Cisco NAC gear allowed a University of Portland
| student to dodge a security scan by Cisco?s NAC software agent and
| get on the school network.
`----

http://www.networkworld.com/news/2007/042607-cisco-nac-unversity-portland.html

At least the flaw was a result of human error (negligence).


Related:

Microsoft Patches Not One, But Three Vista Holes

,----[ Quote ]
| Microsoft today released an update for the recently popular 'animated
| cursor' vulnerability. The update was originally scheduled for April
| 10th, but due to recent exploits, was rushed out today. The update
| wasn't just for this one vulnerability though, in Vista, it addressed two 
| others, and in all covered seven vulnerabilities in Vista, XP and
| 2000.
`----

http://itsvista.com/2007/04/microsoft-patches-not-one-but-three-vista-holes/

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index