Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Bugs and flaws

From: crispin at novell.com (Crispin Cowan)
Date: Fri, 03 Feb 2006 12:12:08 -0800
Gary McGraw wrote:

To cycle this all back around to the original posting, lets talk about
the WMF flaw in particular.  Do we believe that the best way for
Microsoft to find similar design problems is to do code review?  Or
should they use a higher level approach?

Were they correct in saying (officially) that flaws such as WMF are hard
to anticipate? 
  

I have heard some very insightful security researchers from Microsoft
pushing an abstract notion of "attack surface", which is the amount of
code/data/API/whatever that is exposed to the attacker. To design for
security, among other things, reduce your attack surface.

The WMF design defect seems to be that IE has too large of an attack
surface. There are way too many ways for unauthenticated remote web
servers to induce the client to run way too much code with parameters
provided by the attacker. The implementation flaw is that the WMF API in
particular is vulnerable to malicious content.

None of which strikes me as surprising, but maybe that's just me :)

Crispin
-- 
Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
Director of Software Engineering, Novell  http://novell.com
        Olympic Games: The Bi-Annual Festival of Corruption
Previous By Date Next
Previous By Thread Next

Current thread: