RE: Old code in Windows is security threat

[InfoSec News <isn () c4i org>]

Forwarded from: Andrew Weaver <Andrew.Weaver () tecnomen fi>

Hmmm... So their "quickfix" is to set the insecure off by default. OK, but
what if I need the feature? Are they going to fix it or not?

> -----Original Message-----
> From: InfoSec News [SMTP:isn () c4i org]
> Sent: Monday, June 10, 2002 1:13 PM
> To:   isn () attrition org
> Subject:      [ISN] Old code in Windows is security threat 
>
> http://news.com.com/2100-1001-934363.html?tag=fd_top
>
> By Robert Lemos 
> Staff Writer, CNET News.com
> June 9, 2002, 11:00 PM PT
>
> Microsoft will more quickly retire old code in its Windows operating
> system and other software as a result of the company's
> four-month-old "trustworthy computing" initiative, the company's
> lead bug basher said in an interview.
>
> The revelation follows last week's warning that a serious
> vulnerability in Microsoft's Internet Explorer occurred in the
> software supporting a decade-old protocol that has rarely been used
> since the World Wide Web became popular.
>
> "A lot of the (coming) design changes are to remove this feature or
> turn that one off by default," said Steve Lipner, director of
> security assurance for Microsoft and the man on the ground for the
> company's trustworthy computing initiative.

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.