lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <88499.1233944099@turing-police.cc.vt.edu>
Date: Fri, 06 Feb 2009 13:14:59 -0500
From: Valdis.Kletnieks@...edu
To: Miller Grey <vigilantgregorius@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Windows 7 UAC compromised

On Fri, 06 Feb 2009 12:02:56 CST, Miller Grey said:

> ...knowing all this, how does it get fixed?  What is the proper way for MS
> to enforce UAC?

I'm quite frankly not convinced that there is in fact any economically feasible
way for MS to ship a "proper" UAC.  Both Vista and the upcoming Windows 7 were
at first seen by outsiders as a good chance for MS to do the needed disruptive
house cleaning, and they didn't do it for either of those releases.  They still
took a major beating on their cash flow with the Vista failure, and it would
have been worse if it had been the amount of changes that were needed to
actually fix things.

And since there's a good chance that the world economy will remain in the
toilet until after the follow-on for Windows 7 arrives, I'm not holding my
breath for MS to do the major clean-up there either.  There's good reason to
suspect that they will *never* actually do so.

Bottom line: MS can do only one of the following:

1) Ship something that fixes UAC (and all the other related issues)
2) Ship something that fixes their profit/loss sheets.


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ