Re: Press seems to be Chinese Whispers ...

["Matt Hargett" <matt () use net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> (http://infoworld.com/article/04/02/24/HNunderattack_1.html)

I am especially amused by this:
"Even while still walking to the podium, Security Architect and Chief
Technology Officer of Microsoft's Security Business Unit David Aucsmith
readily admitted that he is considered a "target" for complaints against his
company's software, but he also stressed that many of the current security
issues could not have been foreseen."

Could not have been foreseen? There are tools available to buy right now
that could've foreseen most of these bugs, one of them being the latest
version of BugScan. Oh, and detecting them had nothing to do with the
patches being available. (Making it so BugScan didn't false alarm when a fix
was in place, on the other hand, did require some work and wasn't possible
without the patch.)

When I get a spare moment, I'm going to run BugScan on all the XP SP2
components and see how many of them actually are compiled with stack
canaries. Hopefully they did a better job this time than with Windows 2003,
which had the same claim.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQD+PhTM37G8Cnu+zEQLrpACg236OLUJOrEl4UCgfwgGUie/fGJsAoKJE
SFky/ygsj3uvF93qCMXJW6zT
=9PdN
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave