Re: FW: Security in a Connected World

[Steve <steve () videogroup com>]

On Friday 24 January 2003 09:15 am, Richard M. Smith wrote:
> FYI:
>
> -----Original Message-----
From: Bill Gates [mailto:BillGates () chairman microsoft com]
> Sent: Thursday, January 23, 2003 11:16 PM
> To: rms () computerbytesman com
> Subject: Security in a Connected World

Even though each win32 process runs in its private memory space, device 
drivers run runs in kernel space. Add to that Win2k does not have any 
protection on read and writes for the above, allowing a driver to 
bypass the win2k security entirely. And the win32 API is hoplessly 
insecure and not likely to be rewritten.

Everything else almost becomes moot.

More marketing drabble obviously. After their top people met with a 
security consultant he confirmed that they did indeed not have a clue 
about security.

The fact the some 50,000 programmers are stuck in a booth with minimum 
help or coordination, told to produce code in a tight development 
window or else, is not exactly inducive to security either.


-- 
 
Steve Szmidt



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html