On Friday 24 January 2003 09:15 am, Richard M. Smith wrote: >FYI: > >-----Original Message----- From: Bill Gates [mailto:[EMAIL PROTECTED]] >Sent: Thursday, January 23, 2003 11:16 PM >To: [EMAIL PROTECTED] >Subject: Security in a Connected World > >
Even though each win32 process runs in its private memory space, device drivers run runs in kernel space. Add to that Win2k does not have any protection on read and writes for the above, allowing a driver to bypass the win2k security entirely. And the win32 API is hoplessly insecure and not likely to be rewritten. Everything else almost becomes moot. More marketing drabble obviously. After their top people met with a security consultant he confirmed that they did indeed not have a clue about security. The fact the some 50,000 programmers are stuck in a booth with minimum help or coordination, told to produce code in a tight development window or else, is not exactly inducive to security either. -- Steve Szmidt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
