Latest Posts

Latest Comments

MS’ answer to Rutkowska: UAC is not about security afterall

By Fjodor on Feb. 14, 2007.

Seems MS has an answer for Joanna Rutkowska (her blog entry), with regards to the situation described in my last post.

Contrary to all statements leading up to the Vista relase, she quotes Mark Russinovich of MS as writing that UAC is not “a security boundary”, and thus that:

Because elevations and ILs don’t define a security boundary, potential avenues of attack, regardless of ease or scope, are not security bugs.

So, not only is the much hyped security measures not reagarded as security measures by MS, and thus their failing to provide security is a non-bug.

Now isn’t that lovely?

Category: Microsoft

  1. One Response to “MS’ answer to Rutkowska: UAC is not about security afterall”

  2. This is great info. I remember where I used to work hanivg a person come in to talk to us about identity theft. This was a couple of years ago but the funny thing is what I remember coming away with from that was that the most common way that people have their identities stolen, actually have the info stolen from their workplace. That may not be the same today as there are mass credit card numbers stolen at a time nowadays. But I remember how much that made me think though. And it is why I now ask more questions about what happens to my info when I have to give it out. I have an unlisted unpublished telephone number but there a are a few times I’ve given it out because I wanted to get a return call at home and i’ve made it clear on each and every occasion that the number is not to be given out or sold and that a note should be made of that. Of course, I’m always reassured that that will not happen but it certainly has happened because someone will forget or not see the note or it will be a completely different person who retrieves the info from a computer screen or whatever and it gets out. This irritates me to no end since I pay every month to keep that number private. Now I have another phone and I only ever give out one phone number and only when I have to. I also don’t believe I should have to be on a Do Not Call list of any type. I should simply be able to ask someone I’m doing business with not to use the number and that should be enough. OOps. Okay, I’ll leave some room now for other commenters. heh. teeni’s last blog post..

    By Alejandriitha on Dec 20, 2015

Post a Comment

*

© 2016 - Fjodor's thoughts
Designed by Shauryadeep Chaudhuri
Coded by XHTML Valid
Minor modifications by Fjodor

Powered by WordPress

FireStats icon Powered by FireStats