.

Microsoft Takes LSD to Test Vista Security

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Aug 11, 2006 3:41 pm

Microsoft Takes LSD to Test Vista Security

Remember the LSD—or Last Stage of Delirium—hacking group?

Back in 2003, the group of four Polish security researchers discovered the RPC (Remote Procedure Call) interface vulnerability that would later be used to unleash the Blaster worm, but because of distrust over Microsoft's willingness to address software flaws at the time, LSD members had to be coaxed into sharing their findings.

Today, LSD is on Microsoft's payroll, working on what is being hailed as the "largest ever penetration test" of an operating system coming out of Redmond, Wash.

According to John Lambert, senior group manager in Microsoft's SWI (Secure Windows Initiative), LSD members are part of an "internal team of hackers" conducting simulated attacks against Windows Vista.

The group's members are all graduates of computer science from the Poznan University of Technology and have worked as the security team of the Poznan Supercomputing and Networking Center, in Poznan, Poland.

The hiring of third-party security research outfits and independent hackers is significant on many fronts. It underscores Microsoft's public push to embrace the hacking community and shed its image as a company with a lax approach to security.

The list of external security consultants hired to audit the Vista code to look for weaknesses, technical flaws and vulnerabilities reads like a who's-who list for the infosec industry. Lambert said about 20 well-known researchers who regularly appear at its "Blue Hat" conference have been given access to the full source code, specs and threat models for review.

"We're not blocking them from looking anywhere. They have access to everything. Go everywhere and find all the bugs you absolutely can," Lambert said.


For full story:
http://www.eweek.com/article2/0,1895,1999070,00.asp

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Kev

Post Fri Aug 11, 2006 4:44 pm

Re: Microsoft Takes LSD to Test Vista Security

Jeeze, whats going on with microsoft? Seems like a total 180 from the past. I hope they keep that up!

Return to News from the Outside World

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software