Linux Today: Linux News On Internet Time.

More on LinuxToday

ZDNN: Security expert blasts shoddy software

Jul 09, 1999, 13:54 (4 Talkback[s])
(Other stories by Robert Lemos)

"Security experts and so-called 'white-hat' hackers meeting at the Black Hat Security Conference lambasted current corporate security and the companies that make security products that are anything but. ...a common theme at security conferences -- that, in the rush to beat competitors to market, product security plays second fiddle to adding new (and possibly insecure) features."

"Rebecca Bace, president of security penetration testing firm Infidel Inc., agreed... "We really need methods to push for software quality," she said. She pointed out examples of major security flaws in many products from Microsoft Corp... including SiteServer 3.0, Windows NT and demo code that ships with IIS 4.0. ...pounding on Microsoft's insecurities became a common theme at the conference as well."

"On Wednesday, Mudge [an 'old-school hacker who does not give out his real name', head of L0pht Heavy Industries] and noted cryptographer Bruce Schneier... published a paper critical of Microsoft's software for creating virtual private networks... secure channels across insecure networks like the Internet. ...Microsoft's protocol -- known as PPTP and included free with Windows NT -- can be hacked..."

"During his keynote, Mudge relented to some degree... [on his criticisms of Microsoft]. 'I use Microsoft as an example, because everyone knows them,' he said. 'Others have these problems as well.' "

Complete Story

Related Stories: