Keygen routine producing valid WinXP product keys?. Sounds like bad news for Microsoft's WPA... [The Register] 

10:46:33 AM   

DEMO 2002 gets down to business. Sort of.

Demo 2002 Cuts the Fluff. Most offerings at this annual high-tech product show are now quite businesslike. Some, though, are still just plain cool [Business Week: Technology] 

8:30:14 AM   

Well now, that didn't take long.

Security researchers at Northern Virginia's Cigital yesterday announced a security flaw in Microsoft's new Visual Studio .NET. The researchers pointed to a problem in a compiler in Visual C++.NET. Microsoft reportedly had modified the compiler to aid in preventing buffer overflows. Cigital CTO Gary McGraw said Microsoft apparently adopted a technique for improving its compiler that has been used with the Linux operating system - and that has been shown to be vulnerable to attack. Instead of being safer, McGraw says the new compiler could lead to an increased number of buffer overflow vulnerabilities.

For its part, Microsoft spokespeople responded by suggesting that the flaw was very technical and narrow, and that Cigital was only motivated by a desire to embarrass Microsoft since the firm wasn't selected by Redmond to perform vulnerability testing. Microsoft was also reportedly distressed that Cigital didn't comply with its "don't ask, don't tell" philosophy over security bugs, where researchers keep flaws secret so the bad guys don't figure it out. Cigital responds that while it normally would hold disclosure of a vulnerability until a fix could be delivered for software in use, since this is a new product it believes early disclosure could prevent users from inadvertantly introducing weaknesses into programs. Subscription Required

A Microsoft technology for plugging a common security hole is vulnerable to the very attack it was designed to prevent, a security consultancy says. [Wall Street Journal] 

8:12:34 AM