Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Invites Black Hats into Vista

Posted by ryuzaki0 on from the you-may-want-to-think-this-through dept.

gtzpower writes "Microsoft is inviting hackers to 'Take Your Best Shot' at Vista. 'You need to touch it, feel it,' Andrew Cushman, Microsoft's director of security outreach, said during a talk at the Black Hat computer-security conference. 'We're here to show our work.'" From the article: "A security team with oversight of every Microsoft product — from its Xbox video game console to its Word program for creating documents — has broad authority to block shipments until they pass security tests. The company also hosts two internal conferences a year so some of the world's top security experts can share the latest research on computer attacks." Essentially a tie-in with an article we discussed yesterday.

3 of 189 comments (clear)

  1. Re:Not that I wish to flame, but... by russ1337 · · Score: 5, Informative

    Any of you who listen to Security Now will have heard M$ have re-written the networking stack (as discovered by Symantec et.al).

    Needless to say, even after this testing and patching, there is a high probablity the networking interface will still have a few 'zero day' flaws...

  2. Re:Won't help them by Anonymous Coward · · Score: 4, Informative

    Sorry, that's not the case. Permissions in Vista really ARE based on tasks, roles, and objects.

    Even when you are running as Administrator, it still requires that you consent when you're running tasks/programs/etc that need superuser status. When you run the console while you're logged into administrator, it does not automatically have superuser status--you need to choose to run the console as administrator.

    All accesses (to services, registry sections, config/admin programs, and anything that tries to change those) are based on ACLs (access control lists). How do I know this? I'm one of the contracted testers that is working with the vista firewall and its ACLs.

    Is it perfect? I don't know. But I do know it feels pretty secure--not entirely different from the way things worked when I played around with setting up Linux server boxes in college (which was only a year ago).

  3. Re:why invite the black hats in? by Chosen+Reject · · Score: 5, Informative

    You are absolutely correct. Just because he's not going to leave until July 2008, and just because he is giving up his day-to-day activities while remaining chairman of the board and "advisor for key development projects" doesn't mean he should still be considered at all a leader of any kind over at MS right now in August of 2006.

    --
    Stop Global Warming!
    Just say no to irreversible processes!