August 25, 2002


"Typically with these types of issues it will be six to nine months until we see a massive attempt to start exploiting it," Cooper said, adding that a preemptive patch was critical.

This is from an article, that discusses yet another *sigh* security disclosure by MicroSoft. It is incredible, what this guys cannot do. I mean they teach you this at school. "How-to-code-sensibly-101". And these guys come up with pathetic code, time after time. They are simply amazing. I never knew they had so much of code which could give rise to so many critical bugs.

But that is more irrevelant. What i felt more about was the above statement by Russ Cooper, head of security at TruSecure Corp. What a hell load of crap. How long does it take for a CR4c|<3r to take a vulnerability and mount an attack you said? 6-9 months. WOW. get real. I'd say something like 6-9 hours is more like it. Does the guy know anything about the current state of security? Mebbe he ought to read of a project called the honeynet. Ask them. The script kiddies take that long to get easy to use GUI tools to launch attacks. Not crackers. Atleast not the talented ones.

The only thing we can bank on is that no one does serious work on Office anyway, so it does not matter what crackers do. Yah I was just joking. There is no solace. Those people at Redmond keep churning bad code. These guys at security agencies keep tracking them. Those people keep playing down the seriousness. And cracking continues to be done by kids with ready to use tools. It is sad. Wonder what happened to M$'s trust initiative. Remember sometime back, Bill Gates asked all his programmers to stop coding and sit around fixing bugs. Wow, I mean look at the nerve of the guy. He produces sloppy code, then he is under pressure and asks his own programmers to do what they were supposed to do better, and gets mileage out of it, and establishes M$ as a security focused company because of his initiatives. Simply, pathetic.

Have my end terms starting from next week. Sad. I have eight subjects and five days. Lets see how it goes.

50 10n6 & 7|-|4nk5 f0R h4x0R-5p34|<

No comments: