lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 12 Nov 2003 00:20:06 -0800
From: "Michael Howard" <mikehow@...rosoft.com>
To: <bugtraq@...urityfocus.com>
Subject: The Developer Implications of Windows XP SP2


Moving forward, Microsoft intends to reduce the attack surface of its
products, such as turning less-often used features off, running more
code in lower privilege, closing network ports and adding more defensive
layers. However, this _may_ cause some applications to fail or behave
inconsistently, but customers have told us they want us to reduce the
attack surface of our products as it is easier to deal with potential
application issues than potential security issues.

Windows XP Service Pack 2, currently in development, substantially
reduces the OS attack surface and we feel it's important that Windows
developers are aware of some of the upcoming changes so they can
determine if their applications are affected.

Please take a look at _Windows XP Service Pack 2: A Developer's View_ at
http://msdn.microsoft.com/library/en-us/dnwxp/html/securityinxpsp2.asp
for further information.

Cheers, Michael

[Writing Secure Code 2nd Edition]
http://www.microsoft.com/mspress/books/5957.asp
[Protect Your PC] http://www.microsoft.com/protect
[Blog] http://blogs.gotdotnet.com/mikehow


Powered by blists - more mailing lists