Wednesday, February 14, 2007

We can only hope

Two of the 20, that's right twenty security fixes released this month by Microsoft for Windows are as a result of vulnerabilities reported by HD Moore, the Director of Security Research at Breaking Point Systems.

You may remember Moore as a peripheral player in the bogus wifi exploit saga, and for his involvement in the Month of Kernel Bugs, as well as being a contributor to those layabout Moabites.

With any luck this points to at least one esteemed security researcher tiring of never finding any problems with Tiger and moving to look at an OS with enough flaws to keep him busy for the next couple of years. We can only hope that this is really the case.

Reports are also starting to surface of a serious security flaw in Vista's much vaunted User Access Control module. So much for Gates' most secure OS ever.

2 comments:

iransofaraway said...

Twenty security fixes that are normal due to the patching cycle that Microsoft has set up (patches released the second Tuesday of every month.) Also, these are all patches for XP, not for Vista.

As for the UAC "flaw"; there is none, and calling it a flaw is deceptive.

OS X has a similiar "flaw", then:

http://www.macintouch.com/opener.html

Artie said...

The fact that you think that 20 patches per month is normal is pretty sad. Are you that used to just accepting that your software is going to be insecure?

I didn't claim that the 20 patches were for Vista, but don't you think its remarkable that XP still has so many new problems each month five years after being released.

As for the UAC flaw, the comments left on the post I originally link to provides an adequate response.