| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: cesarc56 at yahoo.com (Cesar) Subject: FW: Security in a Connected World I agree. Microsoft has done some little effort in improving security in its top products Windows, Office, SQL Server, etc. But if you take a look at other Microsoft products in only 5 minutes you can find a lot of holes, believe me, try it. Why they don't improve security in non top products? Because they only care were the money is. Cesar. --- Georgi Guninski <guninski@...inski.com> wrote: > For me this is pure marketing propaganda without any > confirmation from reality. > Just look at the number and severity of bugs - any > change after this hype? > From this I have the impression that if I buy newer > windozes, they will be more > secure, lol. > IMHO billyg is a luser and his marketing rants > should not be taken seriously. > > Georgi Guninski > http://www.guninski.com > > Richard M. Smith wrote: > > FYI: > > > > -----Original Message----- > > From: Bill Gates > [mailto:BillGates@...irman.microsoft.com] > > Sent: Thursday, January 23, 2003 11:16 PM > > To: rms@...puterbytesman.com > > Subject: Security in a Connected World > > > > > > Jan. 23, 2003 > > > > As we increasingly rely on the Internet to > communicate and conduct > > business, a secure computing platform has never > been more important. > > Along with the vast benefits of increased > connectivity, new security > > risks have emerged on a scale that few in our > industry fully > > anticipated. > > > > As everyone who uses a computer knows, the > confidentiality, integrity > > and availability of data and systems can be > compromised in many ways, > > from hacker attacks to Internet-based worms. These > security breaches > > carry significant costs. Although many companies > do not detect or report > > attacks, the most recent computer crime and > security survey performed by > > the Computer Security Institute and the Federal > Bureau of Investigation > > totaled more than $455 million in quantified > financial losses in the > > United States alone in 2001. Of those surveyed, 74 > percent cited their > > Internet connection as a key point of attack. > > > > As a leader in the computing industry, Microsoft > has a responsibility to > > help its customers address these concerns, so they > no longer have to > > choose between security and usability. This is a > long-term effort. As > > attacks on computer networks become more > sophisticated, we must innovate > > in many areas - such as digital rights management, > public key > > cryptology, multi-site authentication, and > enhanced network and PC > > protection - to enable people to manage their > information securely. > > > > A year ago, I challenged Microsoft's 50,000 > employees to build a > > Trustworthy Computing environment for customers so > that computing is as > > reliable as the electricity that powers our homes > and businesses today. > > To meet Microsoft's goal of creating products that > combine the best of > > innovation and predictability, we are focusing on > four specific areas: > > security, privacy, reliability and business > integrity. Over the past > > year, we have made significant progress on all > these fronts. In > > particular, I'd like to report on the advances > we've made and the > > challenges we still face in the security area. As > a subscriber to > > Executive Emails from Microsoft, I hope you will > find this information > > helpful. > > > > In order to realize the full potential of > computers to advance > > e-commerce, enable new kinds of communication and > enhance productivity, > > security will need to improve dramatically. Based > on discussions with > > customers and our own internal reviews, it was > clear that we needed to > > create a framework that would support the kind of > innovation, > > state-of-the-art processes and cultural shifts > necessary to make a > > fundamental advance in the security of our > software products. In the > > past year we have created new product-design > methodologies, coding > > practices, test procedures, security-incident > handling and > > product-support processes that meet the objectives > of this security > > framework: > > > > SECURE BY DESIGN: In early 2002 we took the > unprecedented step of > > stopping the development work of 8,500 Windows > engineers while the > > company conducted 10 weeks of intensive security > training and analyzed > > the Windows code base. Although engineers receive > formal academic > > training on developing security features, there is > very little training > > available on how to write secure code. Every > Windows engineer, plus > > several thousand engineers in other parts of the > company, was given > > special training covering secure programming, > testing techniques and > > threat modeling. The threat modeling process, rare > in the software > > world, taught program managers, architects and > testers to think like > > attackers. And indeed, fully one-half of all bugs > identified during the > > Windows security push were found during threat > analysis. > > > > We have also made important breakthroughs in > minimizing the amount of > > security-related code in products that is > vulnerable to attack, and in > > our ability to test large pieces of code more > efficiently. Because > > testing is both time-consuming and costly, it's > important that defects > > are detected as early as possible in the > development cycle. To optimize > > which tests are run at what points in the design > cycle, Microsoft has > > developed a system that prioritizes the > application's given set of > > tests, based on what changes have been made to the > program. The system > > is able to operate on large programs built from > millions of lines of > > source code, and produce results within a few > minutes, when previously > > it took hours or days. > > > > The scope of our security reviews represents an > unprecedented level of > > effort for software manufacturers, and it's begun > to pay off as > > vulnerabilities are eliminated through offerings > like Windows XP Service > > Pack 1. We also put Visual Studio .NET through an > incredibly vigorous > > design review, threat modeling and security push, > and in the coming > > months we will be releasing other major products > that have gone through > > our Trustworthy Computing security review cycle: > Windows Server 2003, > > the next versions of SQL and Exchange Servers, and > Office 11. > > > > Looking ahead, we are working on a new > hardware/software architecture > > for the Windows PC platform (initially codenamed > "Palladium"), which > > will significantly enhance the integrity, privacy > and data security of > > computer systems by eliminating many "weak links." > For example, today > > anyone can look into a graphics card's memory, > which is obviously not > > good if the memory contains a user's banking > transactions or other > > sensitive information. Part of the focus of this > initiative is to > > provide "curtained" memory - pages of memory that > are walled off from > > other applications and even the operating system > to prevent > > surreptitious observation - as well as the ability > to provide security > > along the path from keyboard to monitor. This > technology will also > > attest to the reliability of data, and provide > sealed storage, so > === message truncated === __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Powered by blists - more mailing lists