All the latest UK technology news, reviews and analysis
|
|
|
05 Aug 2009
2. Microsoft
In the past, Microsoft has taken to advanced security like a duck to
volcanic lava, but the company is making serious efforts to engage the community
to solve its security problems.
At the conference this year Microsoft showed its commitment to working with the hacking and IT community. Microsoft code isn't necessarily less secure than any other company's, but its near-monopoly position makes it the number-one target and, with the global cracking community going after it, stern remedies are needed.
This time Microsoft released a new tool that allows IT administrators to scan the hexadecimal code behind its documents, which would let someone with limited technical skill find out whether malware was embedded in one of its files, a favourite method of attackers.
In addition Microsoft reinforced its Exploitability Index, which allows IT managers to manage risk more effectively and decide what areas need addressing more quickly than others. V3.co.uk will have a video interview on the topic online tomorrow, but in the meantime I was very impressed by the company's commitment to community security and its willingness to avoid mistakes in the future.
1. Secure Socket Layer
Secure Socket Layer (SSL) security is now key to the global economy. As
researcher Dan Kaminsky put it, SSL is what persuades millions of internet users
to hand over their credit card details and engage in e-commerce. That's why his
paper on how to crack it was the best attended talk of the show.
Kaminsky and his partners Len Sassaman and Meredith Patterson showed how SSL could be subverted by a 'man in the middle' attack. Another researcher, Moxie Marlinspike, showed another attack vector on the technology, even more elegant than the first. Not surprisingly, both talks were packed out, so much so that every available inch of floor space was taken and people were crowding round the doorways trying to get a look.
Thankfully the industry has rallied round to deal with the issue, but it was the highlight (or low-light for the security-paranoid) of the show.
Latest stories from Management
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
BUSINESS SYSTEMS DIRECTOR (You will ideally have worked...
Application Production Engineer - Application Engineer...
C#/ C++ * Software Engineer* 3D Graphics skills - Global...
Senior Low Latency Consultant, Low Latency Project Management...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?