Sunday, July 29, 2012

Windows 8 much more secure than Windows 7

Researchers Chris Valasek (Senior Security Researcher at Coverity) and Tarjei Mandt (senior vulnerability researcher at Azimuth Security) spend their days seeking ways to compromise security in Windows. They're good guys; if they find a problem they report it, rather than exploiting it for illicit gain. At the Black Hat conference they reported on their analysis of new low-level security features in Windows 8.
The precise details of what they discovered were barely within the realm of my comprehension. Apparently many doubly-linked lists within Windows 8 are now protected by "pool cookies." To avoid exploits that involve forcing arbitrary code or data into places it doesn't belong, Windows 8 randomizes locations for memory allocation and adds "guard pages" as needed. That sort of thing.
In between slides filled with code and intense details, Valasek and Mandt displayed a couple that anybody could understand. The column for Windows Vista was all red, meaning not secure. Windows 7 was close, with just a few green checkmarks. And of course Windows 8 displayed a column of solid green checkmarks. Expert or not, we know that green is good.
After the talk I checked in with Valasek.
Rubenking: Back in the day I would write TSR (Terminate and Stay Resident) programs in DOS, and they were great, and useful. But the malware writers used the same DOS features to write bad stuff. Microsoft could have shut them down, but they would have shut me down too. It seems from your talk like they don't plan to shut anybody down. They're doing fine-tuning, working really hard to ensure that everything still works while they crank up security. Do you think it's conceivable you could write an operating system that just wouldn't be vulnerable to attack?
Valasek: No, that doesn't exist. Not as long as humans are writing the code. Once Skynet takes over and humans don't write code any more that might be possible. They have to have a certain amount of data and algorithms and structures that are needed, so there's always a potential to use this stuff for exploitation purposes. Here's the thing. If you don't make it impossible, but you make it severely difficult so only a tenth of one percent of the population can do it, you've effectively lowered the threat to decent levels.
Rubenking: And if you hire that one tenth of one percent…
Valasek: That's just what Google and Microsoft have done. Hire that one tenth of one percent, then you're good.
Rubenking: Thank you Chris!
Indeed, Windows 8 isn't perfect. Valasek and Mandt laid out a number of possible avenues that hackers might conceivably exploit. But as Valasek said, it will be severely difficult, and only the most adept will come close to exploiting the tiny vulnerabilities that remain.

Sunday, July 15, 2012

iPhone 5 coming on August 7 2012

Apple's next-generation iPhone popularly being referred to as iPhone 5 is launching on August 7, claims a blog on Know Your Mobile website. The website makes this claim citing "a reliable industry source" who, it says, has stated that the Cupertino-based tech giant will launch the device during a keynote speech.

Earlier, the same website had reported that the launch date of iPhone 5 has been pushed ahead to August in order to compete better against Samsung Galaxy S III.

11 Things You Didn’t Know About Facebook Pages

Do you manage a Facebook brand page? With all the recent changes, you may have felt a little lost on the social platform. To help you out, we’ve put together some useful tips and tricks.

Know more

Wednesday, July 11, 2012

Android 4.0 source code now available: Google

Google has rolled out the source code of Android4.1 (Jelly Bean) for developers, who can receive it from Android Open Source Project.

With this release, the manufacturers who use Android in their smartphones and tablets can begin working on the latest edition of Google's open source mobile operating system for existing and upcoming devices.

Custom firmware providers like CyanogenMOD and MIUI will also use the source code for JellyBean to build the next iteration of their firmware. The team at CyanogenMOD has already stated that it will commence working on CM10, whereas the plans for the previous edition of its custom firmware are on schedule.

On the official Android building group, Android team's Jean-Baptiste Queru posted that the search giant has also rolled out the 'proprietary binaries' for devices like Nexus 7 and Galaxy Nexus. The same for Nexus S and Motorola Xoom are expected soon.


Shared Button