CNet 3 part series on Securing Microsoft (complete list of articles)


Here are the URL’s for the 3 part series on ‘Securing Microsoft’ which is a pretty good behind the scenes look at the organization I work in.


Day 1: http://www.news.com/At-software-giant%2C-pain-gives-rise-to-progress/2009-7349_3-6220566.html


Day 2: http://www.news.com/Inviting-the-hackers-inside/2009-7349_3-6221138.html


Day 3: http://www.news.com/The-next-generation-of-security-threats/2009-7349_3-6221150.html


Now to be fair – I don’t think I said exactly this “That’s one thing I want you to take away from this,” Hensing tells the Microsoft developers. “Applications are dangerous.”


The point I was trying to drive home in my presentation is that all applications that parse complex file formats are potentially dangerous – even seemingly innocuous ones like PowerPoint. 🙂
I then drove the point home by showing the Microsoft developers how simply double clicking a PPT file on an un-patched version of PowerPoint could get you own3d (using a PPT file that was used in an actual targeted attack this year) and then I talked about mitigation strategies like running as a non-admin user (Vista makes this really easy) and using MOICE to convert the old Office 2003 and lower files to the newer Office 2007 file formats before opening.


Comments (0)

Skip to main content