(no subject)
I was just going to email this to mtbg, but I figured maybe somebody else will enjoy it the way I did:
The MS08-067 bug and the Security Development Lifecycle.
It's a brief discussion of the new Microsoft bug and how it made it past their layered security analysis.
For those of you who haven't heard, there's a newly-acknowledged vulnerability in pretty much every version of Windows (2000, XP, Vista, others) that allows people to remotely execute code on your computer (execute code = view your files, delete your stuff, etc.)
The hole is apparently a subtle-ish exploitation of the same damn RPC port that's been causing problems for, I don't know, 20 years?
The MS08-067 bug and the Security Development Lifecycle.
It's a brief discussion of the new Microsoft bug and how it made it past their layered security analysis.
For those of you who haven't heard, there's a newly-acknowledged vulnerability in pretty much every version of Windows (2000, XP, Vista, others) that allows people to remotely execute code on your computer (execute code = view your files, delete your stuff, etc.)
The hole is apparently a subtle-ish exploitation of the same damn RPC port that's been causing problems for, I don't know, 20 years?