Post reply

Security Issues

  • August 12, 2006 at 9:26 pm

    #191796

    Security Issues

    With the Black Hat security conference going on last week, it seems that some new issues are being brought to light. There's the Wi-fi driver issue as well as an ActiveX Fuzzer that can be used to look for vulnerabilities. I'm sure these tools have security developers at lots of companies working overtime to ensure they can release a patch as soon as they can.

    Having a bunch of disclosures at the conference worries me a little since I wonder how long people have known about these. I hope the researchers kept things close at hand, but you never know how many people knew.

    And with materials needing to be submitted ahead of time so they could be distributed to the attendees, that means that there were quite a few people that at least knew a few weeks ago what the presentations would disclose.

    Microsoft is attending and even running a track at BlackHat, mostly based on Vista, highlighting their design and hopefully soliciting a great deal of feedback. It's a first for the company and should spark attendence from those who have to deal with security issues in their own products based on Windows and researchers that want to know more about the product they'll be looking into over the next few years.

    And hopefully Microsoft is looking at incorporating the feedback into the product and not getting defensive about the decisions they've already made.

    Steve Jones

  • August 14, 2006 at 1:42 pm

    #654933

    Interesting ... I thought this editorial would have generated quite a response - boy was I mistaken. However I feel that the majority of the 'issues' are MS own fault and could have been solved a long time ago just by simple class and range tests for all parameters passsed to APIs - both external and internal.

    RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."

  • August 14, 2006 at 2:29 pm

    #654945

    I've learned the editorials I really like and think people will respond do don't.

    Oh well.

    I think it's good that they're doing this, but they should have done it last year, with the product in earlier stages than at this late date with 6 months before ship.

  • August 14, 2006 at 2:47 pm

    #654952

    It's still great information for those who care Steve. Maybe I'm too close to the issue - being a former 'White Hat' from the early days ... Oh well have a great day !

    RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply