Ginger & Photon

Recently at the CanSec West conference, Window Snyder from Microsoft gave a talk about Windows XP SP2 security internals. Looking past a bulk of the talk, one portion of it stuck out in the minds of many vulnerability researchers. Unfortunately, the press has only given it a small blurb in the various articles so far.

From http://www.theregister.co.uk/2005/05/09/microsoft_on_sp2_security_process/:

Moreover, the company found and fixed two classes of vulnerabilities that have not been discovered elsewhere, she said.

“These are entire classes of vulnerabilities that I haven’t seen externally,” Snyder said. “When they found these, (the developers) went on a mission, found them in all parts of the system, and got rid of them.”

Snyder remained mum on the details, however, even giving the families of vulnerabilities fake code names: “Ginger” and “Photon.”

Two entire classes of vulnerabilities discovered and fixed, that have never been seen externally? This seems a bit difficult to believe to me. I recall over the last few years during various conversations and email discussions where I challenged someone to name the last class of vulnerabilities that surfaced. Not counting these, I believe it has been years?

Anyone have fun speculation regarding what Ginger and Photon might be? Could they be found nowhere else because they are native to Microsoft/Windows? Could it be a big PR gig to further promote trustworthy computing?

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 5,408 other followers

%d bloggers like this: