Slashdot Mirror
Windows Security Through Annoyances?
techmuse writes "According to News.com,
Microsoft's next version of Windows will let you know that you are looking
at (supposedly) secure data by putting personalized text, such as the names
of your dogs (a null list in my case), in window borders, and will also hide
the data unless the window has no others on top of it. That should make it very usable, and speed adoption of security features -- especially among
people who need to be able to see the data in two partially overlapping
windows at once."
Can allow malicious web designers to gain access to confidential data as well as your prize winning doberman's name.
Windows is so full of holes, there will probably be many ways to defeat this. First of all, the names of all of text to be put around the screen has to be stored on the hard drive. I don't think Windows is psychic yet, so it's there somewhere. If it's there, it can be stolen. It'll just give windows another day before their first security bulletin comes out.
Users will enter "normal" words in to be displayed around secure windows. If a copy of the file can be gotten, even if it's encrypted, it shouldn't be too hard to try a dictionary attack on it and crack the file quickly. It won't be that hard from there to put this text in the border.
Only 1/2 hour after it's posted on slashdot, and possible hacks are already being thought out. By the time this stuff actually comes out, it'll probably have already been cracked for quite some time.
Oh, regardless, I expect "border with the names of your dogs" to become another cherished Slashdot meme, to be used out of context everywhere in futile attempts at humor. Right up there with "blue windscreens" and so on.
MS really don't have a clue when it gets to security...sigh... ;-)