Microsoft Windows Vista Security "rendered useless."
During the BlackHat security conferences, researchers submitted a report about a fundamental change to the way to attack Microsoft Windows Vista. This report if proved true could alter the security scene for Microsoft's newest operating system.
"The genius of this is that it's completely reusable," said Dino Dai Zovi, a well-known security researcher and author. "They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over."
However further review indicates that this not quite as bad as some have pointed out. It turns out that many of the people citing the Chicken Little attitudes have not actually read the paper presented by the researchers.
While HLP does not believe that this results in a "completely game over" issue, we as always, recognize that security is more than just a single point. It requires "defense in depth" utilizing multiple techniques and programs to assure you of security. This include good hardware, software, security patches, adequate firewalls AND training for the users to reduce potential social engineering exploits.
As always, if you have any questions, please feel free to contact us.
Derek Rowan
President
HLP Associates, Inc.
http://www.hlp.net/
"The genius of this is that it's completely reusable," said Dino Dai Zovi, a well-known security researcher and author. "They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over."
However further review indicates that this not quite as bad as some have pointed out. It turns out that many of the people citing the Chicken Little attitudes have not actually read the paper presented by the researchers.
While HLP does not believe that this results in a "completely game over" issue, we as always, recognize that security is more than just a single point. It requires "defense in depth" utilizing multiple techniques and programs to assure you of security. This include good hardware, software, security patches, adequate firewalls AND training for the users to reduce potential social engineering exploits.
As always, if you have any questions, please feel free to contact us.
Derek Rowan
President
HLP Associates, Inc.
http://www.hlp.net/
posted by Derek Rowan at
10:28 AM
