Yet another security researcher gets misquoted

Tuesday

Vista's security features have all been bypassed and CAN'T be fixed!!! No really, just kidding. Read on.

First, HD Moore got misquoted in the press when his exploit was turned against one of his ISP DNS servers but it seemed like he was hacked himself. Then Christofer Hoff got misquoted for his Blackhat presentation on security virtualization. Both fell in bad graces with their employer through the incident while they essentially did nothing wrong. Now it seems, there is a third victim in a short while. Alexander Sotirov gave a presentation on new techniques to bypass security measures on XP and Vista and everybody started talking about unfixable security features. Don't worry, it's not the end of the world.

Ed Bott from Zdnet luckily gives a complete picture on what happened and provides the correct view on the presentation. Read his article and the followup article:

Windows security rendered useless? Uh, not exactly (Zdnet.com)
Alarmed about Vista security? Black Hat researcher Alexander Sotirov speaks out (Zdnet.com)

I hope it won't become a trend. HD, Christofer and Alexander are people who contribute a lot of their free time in their research. Research that benefits us all and helps us making systems more secure. Try to think critical and don't believe everything you read at face value.
This reminds me on a story on hakiri.org about critical thinking. It features a video 'Here be Dragons'. Just have a look.

(Photo under Creative Commons from CarbonNYC's Photostream)