[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Re: Microsoft Coding / National Security Ri sk

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: RE: [Full-Disclosure] Re: Microsoft Coding / National Security Ri sk
From: "Stuart Fox (DSL AK)" <StuartF@xxxxxxxxxxxxx>
Date: Thu, 25 Mar 2004 13:22:33 +1200

 
> also sprach Richard Hatch <r.hatch@xxxxxxxxxxxxxxxx> 
> [2004.03.24.1110 +0100]:
> > Take a team of really really good C/C++ coders with 
> excellent security 
> > vulnerability knowledge and have them go through the source 
> code for 
> > windows (starting with the core functionality and internet facing 
> > functionality maybe).  Find these bugs (including 
> methodical black-box 
> > testing against the binaries) and fix them.
> 
> You will have a hard time, given the patched OS that Windoze is.
> Where design is flawed you can't add security.

Seems to me that common consensus is that the Windows design is actually
relatively good - it is the implementation that is the problem.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Decrypting a kerberos master database
Next by Date: Re: [Full-Disclosure] Re: text
Previous by thread: Update: [Full-Disclosure] Telnet Sniff Problems
Next by thread: [Full-Disclosure] [SECURITY] [DSA 468-1] New emil packages fix multiple vulnerabilities
Index(es):
- Date
- Thread