Is it me....

or does this sound a little sinister?

Man works in Team A working on product X.

Man leaves Team A and set's up company to find problems with product X?

Could he have actually designed in a flaw into Team A's Product X to make himself rich and famous?

Surely this is a vendor issue?

Ok, I'm no MS apologist but:

"SCardFuzz creates a heap-based buffer overflow in the unnamed vendor’s plug-in for Microsoft Vista"

So, nothing really to do with Vista, just a crap vendor writing crap drivers?

Cheers,

Mike

Causing a process to crash

If he has physical access to the machine, and has developed something that allows him to cause a process to crash, wouldn't it be a lot easier and quicker if he just took a hammer to the inside of the thing? That'd surely make it crash. Or even just unplug the power chord.

Yes it's you....

Man works in Team A working on Product X

Man find problem in Product X , reports it, it is not fixed ..

Man leaves to join Company B working on amongst other things Product X (which is why they hired him), points out that the bug still exists and could cause problems

Man announces to the world he will demo the bug to the world (thus allowing Team A to actually have time to fix it...)

Sounds like closed source development to me ....when you don't tell anyone there is a problem don't let anyone leave unless they tell someone....

@Mike

I'd agree, but for the unfortunate issue of WHQL-certification, which I'll bet it has.

(WHQL - A "quality" certification from MS which appears to mean: "This is a beta release driver of limited functionality - but it won't crash your OS on installation unless you try really hard".)

here be title

Reminds me of a Dilbert strip where PHB says that engineers get $100 bonus for every bug they find in the product - so they go away and create some bugs to be found later...

@ Mike Dolan

I agree with you, the problem seems to be with the vendor who plugs into Vista. However Vista should probably do a better job of validating the data that it's receiving from the smart card. Buffer overflows, once again.

Idle thought, is it possible to prevent buffer overflows by changing the design of the hardware, say something on the cpu rather than in software?

Paris because she might know more about CPU design than me.

@ Phil Rigby

"is it possible to prevent buffer overflows by changing the design of the hardware, say something on the cpu rather than in software?"

Yes, and it was done a good 50 years ago. The Burroughs (now Unisys) "Large Systems" have a stack-oriented, tagged-memory, architecture with descriptor-based memory references. The memory tags allow the hardware to distinguish code and data, code being read-only. The descriptors result in array references being boundary-checked by the hardware.

Rather like wearing a belt and suspenders ("braces" to UKoids): not only can you not overwrite code, you can't even run off the end of an array and overwrite other data.

I believe there have been other hardware designs with similar feature sets, thinking of Honeywell, GE, Philco, and Bendix. Don't have personal knowledge of those so I'll leave them to the cyber-historians.

However, on reflection, it isn't clear to me how resistant such an architecture would be to a determined attempt at subversion. A mainframe presents a totally different environment from a personal computer where the owner is also the sysop.

@Stu

Twist you noodle on this:

A man works for Company A; enough about the man, Company A makes software most of the world uses. Company A management and brain trust thought that the internet was a flash in the pan. Little did Company A realize that the "flash in the pan" would turn into the largest attack vector for their software products. The brain trust of Company A is bombarded by wave after wave of exploits that he has to declare "security is extremely important" to staff and clients alike. To address this new important focus Company A buys Company B and C to protect their products. Now company A sells software to protect their software which they should have done a better job securing in the first place. As for the man, if he wants to start/work for Company D after leaving Company A selling security services for Company A's insecure software; good on him! Company A will buy Company D anyway so they can use Company D's software to find holes they shouldn't have created in the first place.

Only in US are software companies like Company A exempt from the RICO Act. Its a travesty that they are allowed to sell "Protection" for committing lousy software development. Maybe someone can lobby the Gov't to add incompetent on a grand scale to RICO.

I chose Paris because she knows more about "Protection" than Company A although she doesn't get paid for it ;-)

@toby

Who is this mysterious "Mac" you speak of? Perhaps you mean Apple?

MS don't have a bad security reputation because they are popular... It's because for years they simply didn't give a toss. Apple is unlikely to start caring less about security.

@Fatty Treats

RE: "Care to share what this unnamed ahead-of-its-time used by a multitude of unnamed infamous companies is?"

AS/400 with OS/400.