Targetting the OS is old hat….



The Register sums up the Black Hat briefings pretty well. The Operating System level has received a lot of scrutiny in recent years for security flaws and as a result there has been a good deal of improvement there and so now, researchers are heading to the low hanging fruit of the REST of the software stack, be it the drivers, or browsers, or office software. Another area of software were those class of programs that run checking for updates for OTHER software. It’s time to realize that most ANY piece of software could compromise system security and updates need to be expected for most any part of the “software stack”.


What’s troubling though is reports that many of these software vendors are unprepared for security disclosures from researchers. Many do not have an easy way to be contacted with security related issues. What this mean is that we may be in for somewhat of a rocky ride as malware writers would seem to gain an upper hand by software developers lack of preparedness. Hopefully though, it will force most all shops (large and small) to adopt standard was of dealing with security related issues and announcements.

BTW, the original article showed up at Security Focus and was redistributed by the Register.

   Send article as PDF   

Similar Posts