Slashdot Mirror
Microsoft Invites Black Hats into Vista
gtzpower writes "Microsoft is inviting hackers to 'Take Your Best Shot' at Vista. 'You need to touch it, feel it,' Andrew Cushman, Microsoft's director of security outreach, said during a talk at the Black Hat computer-security conference. 'We're here to show our work.'" From the article: "A security team with oversight of every Microsoft product — from its Xbox video game console to its Word program for creating documents — has broad authority to block shipments until they pass security tests. The company also hosts two internal conferences a year so some of the world's top security experts can share the latest research on computer attacks." Essentially a tie-in with an article we discussed yesterday.
Consider: Microsoft gets to ride free hacks this time-->before the OS gets released. All that nice work, and they don't spend a dime. Interesting also because the release they gave out isn't a 'community-style' release. It makes one wonder if there's a 'Vista-call-home' component to it, too. Might be nice to know which of the coders actually tried to boot the thing, and then note their IP for future reference (or maybe to turn over to the NSA).
Still, with many noted reviewers in full belief that it's swiss cheese, it ought to be fun to see who eats it with crackers.
---- Teach Peace. It's Cheaper Than War.
Step #1. No open ports.
Step #2. No services running that are not absolutely essential.
The idea is to reduce the number of available avenues for attacks. Then you can focus on protecting/hardening the apps that are running. Such as (on Linux) putting them in a chroot jail.
From TFA:
"A security team with oversight of every Microsoft product...has broad authority to block shipments until they pass security tests."
Any of you who listen to Security Now will have heard M$ have re-written the networking stack (as discovered by Symantec et.al).
Needless to say, even after this testing and patching, there is a high probablity the networking interface will still have a few 'zero day' flaws...
Sorry, that's not the case. Permissions in Vista really ARE based on tasks, roles, and objects.
Even when you are running as Administrator, it still requires that you consent when you're running tasks/programs/etc that need superuser status. When you run the console while you're logged into administrator, it does not automatically have superuser status--you need to choose to run the console as administrator.
All accesses (to services, registry sections, config/admin programs, and anything that tries to change those) are based on ACLs (access control lists). How do I know this? I'm one of the contracted testers that is working with the vista firewall and its ACLs.
Is it perfect? I don't know. But I do know it feels pretty secure--not entirely different from the way things worked when I played around with setting up Linux server boxes in college (which was only a year ago).
The real black hats want it to be widely deployed before they start exploiting it.
:/
Exactly.
All they'll garner from this attempt are Grey hats looking for a job that will sell out their friends for a management title and the blackies too stupid to assume Microsoft will never fix it, but smart enough to realize it certainly won't be before release.
So a huge influx of cross-platform, release day ready viruses.
Go Microsoft.
.sig: Now legally binding!
You are absolutely correct. Just because he's not going to leave until July 2008, and just because he is giving up his day-to-day activities while remaining chairman of the board and "advisor for key development projects" doesn't mean he should still be considered at all a leader of any kind over at MS right now in August of 2006.
Stop Global Warming!
Just say no to irreversible processes!
In the case of the console, choosing "Run As Administrator" (assuming the admin account you've got access to has full-admin status) is the same as typing "su" into your *nix terminal.
In the case of various tasks (such as, say, firewallsettings.exe, the replacement for firewall.cpl) giving the OS permission to run it (or, if you're on a non-admin account, typing in an admin user/pass) allows you to only run that task.
So, if a certain user account has access to, say, change the firewall settings and not user accounts, and you run the console as an elevated user, you'll be able to run in the console "netsh advfirewall firewall [settings here]" but you won't be able to, say change user passwords.
So yes, it's all ACL-based.
Lol, what? Windows has had ACLS and auditing since NT4.
If you don't know where you are going, you will wind up somewhere else.