Security Holes That Run Deep

Security Holes That Run Deep
Mark Burnett, 2004-12-20

How a seemingly simply Microsoft bug betrayed its author's disdain for a wide range of secure coding principles.

Security Holes That Run Deep 2004-12-20
Anonymous (2 replies)

How can an application "bypass NTFS permissions?" Presumably you mean the application is running with administrative access privileges. This I can understand - it is incredibly difficult to write a Windows application that runs properly without administrative privileges, and to get it installed so that it doesn't magically grab them.

The place where Microsoft has to get really serious about security is in making it easy to write and run programs that use the file system, and difficult to write and run programs that "must" have admin privileges. If they fix the security issues at the OS intefaces, many, many of the other security problems just go away.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/285/29599#29599

Security Holes That Run Deep 2004-12-22
michaels (1 replies)

Security Holes That Run Deep 2004-12-23
Anonymous

Security Holes That Run Deep 2004-12-26
Anonymous

Nothing new from MS here... 2004-12-21
Anonymous

Security Holes That Run Deep 2004-12-21
bazzargh

Failing Open vs. Closed 2004-12-22
Andy S.

Security Holes That Run Deep 2004-12-23
Anonymous

Security Holes That Run Deep 2004-12-29
Anonymous-Philippines (1 replies)

Re: Security Holes That Run Deep 2009-06-10
Anonymous - US