Why Vista cursors got hacked

Microsoft has explained how the .ANI animated cursor vulnerability that hackers exploited last month was accidentally allowed into the supposedly more secure Windows Vista.

Michael Howard, an authority on Microsoft's Security Development Lifecycle (SDL) - which aims to get developers to design more secure code - posted an extensive entry on the brand-new SDL blog that outlined lessons learned from the ANI vulnerability.

"SDL is not perfect, nor will it ever be perfect," Howard acknowledged. "We still have work to do, and this bug shows that." Techworld.com - Why Vista cursors got hacked

Linked by shanmuga Tuesday, 1st May 2007 2:28AM