---

ZDNN: Security expert blasts shoddy software

“Security experts and so-called ‘white-hat’ hackers meeting at
the Black Hat Security Conference lambasted current corporate
security and the companies that make security products that are
anything but. …a common theme at security conferences —
that, in the rush to beat competitors to market, product security
plays second fiddle to adding new (and possibly insecure)
features.”

“Rebecca Bace, president of security penetration testing firm
Infidel Inc., agreed… “We really need methods to push for
software quality,” she said. She pointed out examples of major
security flaws in many products from Microsoft Corp… including
SiteServer 3.0, Windows NT and demo code that ships with IIS 4.0.
…pounding on Microsoft’s insecurities became a common theme at
the conference as well.”

“On Wednesday, Mudge [an ‘old-school hacker who does not give
out his real name’, head of L0pht Heavy Industries] and noted
cryptographer Bruce Schneier… published a paper critical of
Microsoft’s software for creating virtual private networks…
secure channels across insecure networks like the Internet.
…Microsoft’s protocol — known as PPTP and included free with
Windows NT — can be hacked…”

“During his keynote, Mudge relented to some degree… [on his
criticisms of Microsoft]. ‘I use Microsoft as an example, because
everyone knows them,’ he said. ‘Others have these problems as
well.’ “

Complete
Story