Yoggie CEO Blog

Yoggie Security Systems, being a security company, is part of a very serious industry. We pride ourselves at trying to provide the best products that will provide the best security for our customers. As such, we are constantly monitoring and researching the latest news in the security world and, as everyone knows today, the risks are there. New threats, vulnerabilities and attacks are discovered daily. Economically, both corporations and individual consumers lose billions of dollars annually due to security-related damages. But, one must be aware that there is also a lot of FUD (Fear, uncertainty and doubt) spread around by sensationalists.

Case in point: Just last week amazing headlines started to appear around the net. Headlines like:

• Vista’s Security Rendered Completely Useless by New Exploit
• Vista Blown Open By Unstoppable Hack
• Researchers use browser to elude Vista memory protections
• Vista security discovered to be even more useless
• Vista’s Security Rendered Completely Useless by New Exploit

…and others, similar in tone.

In a nutshell, the reports described a Windows Vista “super-vulnerability” announced in the Black Hat security conference going on right now that essentially can load and run any code on your browser. Moreover, the vulnerability was described as so powerful and low-level that no fix is possible for this.

This created a brief storm of buzz describing just how disastrous this super-hack is and how Windows Vista is completely dead now. (And I quote from one site “Expect that chairs to be flying over at Microsoft HQ about this…”).

This whole story made the rounds for a couple of days until finally it died down when some bona fide security researchers examined the actual report and explained that the discovery is far from the beast that was described.

One great article that explains this was published yesterday by Ed Bott, titled Windows security rendered useless? Uh, not exactly.

What Ed wrote, in short, is that the discovery made by Sotirov and Dowd does indeed exist but it can only work on computers that have been exploited previously. Bottom line? It’s far from the security risk presented initially.

Another great explanation of this was published by Peter Bright at Ars Technica, titled The sky isn’t falling: a look at a new Vista security bypass.

And here is where I get to my point. The security risks out there on the internet do exist. There is no need to invent non-existent ones as there are more than enough real threats out there.

The second point? Don’t immediately jump to conclusions over any headline, let true security researchers examine the actual technical papers before screaming the sky is falling.

Tags: Security

This entry was posted on Wednesday, August 13th, 2008 at 3:34 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.