Minding &s and @s?

It’s important to check one’s text carefully. I know I’ve let too many typos and grammatical missteps stay in my own writing. In the case of Microsoft, though, it’s apparently a much more costly mistake.

Extra ‘&’ in Microsoft development code gave hackers IE exploit Company’s security development expert confirms reports by outside researchers
By Gregg Keizer
July 29, 2009 07:33 AM ET

Computerworld – Microsoft yesterday confirmed that a single superfluous character in its own development code is responsible for the bug that has let hackers exploit Internet Explorer (IE) since early July.

A pair of German researchers who analyzed a vulnerability in a Microsoft-made ActiveX control came to the same conclusion three weeks ago.

“The bug is simply a typo,” Michael Howard, a principal security program manager in Microsoft’s security engineering and communications group, said in a post Tuesday to the Security Development Lifecycle (SDL) blog. Howard, who is probably best known for co-authoring Writing Secure Code, went on to say that the typo — an errant “&” character — is the “core issue” in the MSVidCtl ActiveX control.

Link to the full story.


Leave a comment

Filed under Amusements, Technology

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s