Dan Kaminsky, who discovered a serious flaw in the Domain Name System (DNS) last year, and Moxie Marlinspike gave presentations at the Black Hat security conference on Wednesday about how someone could acquire certificates for domains they don't own and thus trick people into visiting those illegitimate sites or inadvertently sharing information.

Marlinspike, an independent researcher, said a flaw in the way browsers and mail clients implement Secure Sockets Layer (SSL) allows for so-called man-in-the-middle attacks in which an attacker could trick browsers into presenting the site as legitimate.

The attacker can ensure continued interception of a victim's data, as well, by intercepting the Firefox auto update requests, which depend on SSL, he said in an interview. Marlinspike wrote a software tool to enable this, working with a modified version of Firefox "so that anytime you submit something to a site it sends me a copy," he said.

"The diabolical thing is this is a vulnerability, but the update mechanisms themselves can not be trusted," Marlinspike added.

Chrome and Internet Explorer are also vulnerable to such an attack, but it would be harder on IE since that browser employs an additional step of using code signing certificates, he said. Marlinspike said he had not analyzed Chrome enough to see how serious of an issue it would be.

"They all need to change their implementation of SSL," he said, adding that he has been working with Mozilla.

Marlinspike said he will release his tool as soon as a Firefox patch is out, possibly in the next week or so.

And until Mozilla changes the way its auto update system handles SSL he suggested users turn off the auto update function on Firefox.

Meanwhile, Kaminsky, director of penetration testing for IOActive, said he was able to trick a Certificate Authority into providing a certificate verifying authenticity for a domain that belongs to someone else. He tested his attack using a fake Defcon.org domain and was able to use a naming trick to convince the Certification Authority running SSL to not contact the domain owner to verify the validity of the request.

Kaminsky was able to do this by exploiting a vulnerability in X.509, the protocol for generating SSL connections.

"If a Certificate Authority and a browser disagree about a name being validated, an attacker could impersonate any domain name," he said in an interview following a press conference after his talk.

The vulnerability undermines the system of trust that the Web relies on for e-commerce and other activities, according to Kaminsky. By uncovering it, crisis may have been averted, he said.

"This is our best technology for doing authentication and it failed," he said. "We'll fix it, but it's another sign that we need to revisit how we do the basics; how we do authentication on the Internet."

Kaminsky said extended certificate validation, to prove the identity of the organization behind a Web site, should be used for any site at which phishing is a threat. He also suggested that much of the problem could be solved with the use of DNSSEC, extensions to DNS that provide additional information to servers about the data communication and its origin.

He said he was able to use several different types of attacks to exploit the vulnerability that have been resolved, and one, involving the MD2 hash algorithm standard to sign certificates, that is being phased out.

VeriSign no longer uses the MD2 standard, having transitioned to the SHA-1 algorithm on May 17, said Tim Callan, a vice president of product marketing at the domain registrar.

"We're completely behind any efforts to improve X.509" and DNSSEC, he said.

But is Windows 7 a promising gaming platform? Now that its development is over, it's time to ask questions. What kind of gaming experience will it offer? Does it have features that will help it beat out Windows Vista or Windows XP in the game space?

Let's take a look:

DirectX 11
DirectX 11, which is set to run on both Windows 7 and Windows Vista, is highly anticipated. A recent blog post on Advanced Micro Devices' official blog asserts that DirectX 11, "in combination with new graphics hardware, and in some cases Windows 7, brings significant changes to the computing experience, changes that mean upcoming games and other applications are about to get a lot better."

AMD believes that with the help of "a beast called the tessellator," game developers will be able to create even better-looking games. The company contends that titles will be "smoother, less blocky, and more organic-looking."

Thanks to better support for multithreading and GPGPU compatibility, game developers should be able to get more out of their games on Windows 7 than any previous version of the operating system.

AMD contends that games will have "higher frame rates" and "more realistic characters." It also believes that game development costs might be kept down, thanks to a simplified, more efficient Windows 7.

Performance
In a recent posting on the Windows Partner blog, Intel's Brandon LeBlanc wrote that Windows 7 will be a far more efficient platform than its predecessor. According to LeBlanc, Microsoft worked with Intel to implement "a new feature called SMT parking, which provided additional support for the Windows 7 scheduler for Intel Hyper-Threading Technology, enabling better performance on hyperthreaded, multicore Intel processors."

Nvidia product manager Chris Daniel wrote on the Windows Team blog last week that Windows 7 is "the first Windows operating system to treat the graphics-processing unit as a real peer to the CPU." He went on to say that Windows 7 is doing a fine job of making its platform more appealing to gamers.

"Microsoft is really opening up the immense parallel-computing horsepower of the GPU natively right in the operating system," he wrote.

Those are just a couple examples, but most companies, albeit with a vested interest in seeing Windows 7 succeed, are saying the platform is more powerful than its predecessors. Regardless of the motives, that can only be good for gamers.

Games Explorer
Perhaps Games Explorer won't top the list of the features that will help make Windows 7 a great gaming platform, but it could help.

Although that feature originally launched with Windows Vista, Microsoft has promised that the Windows 7 version of Games Explorer will make gamers much happier with what they find.

Once they add titles to their PCs, gamers will be able to update those games from the Games Explorer pane, rather than open up each title and download updates in the software. If they want in-game statistics, they can have that too.

Compatibility
Compatibility is always a major concern for gamers. Will the games they enjoy work on Windows 7?

From Crysis to Call of Duty to Far Cry, most major games will work with Windows 7. If you're looking for a full list, compiled by Windows 7 beta users, follow this link. It has all the games that work and don't work with Windows 7.

Project Natal
In an interview with CNET News earlier this month, Bill Gates said that Project Natal will also work with Windows PCs.

He said Windows PCs could be using Natal not just for games, "but for media consumption as a whole, and even if (users) connect it up to Windows PCs for interacting, in terms of meetings and collaboration and communication." But it will all start with gaming.

Bottom Line
Will Windows 7 be a great gaming platform? Until we get our hands on the final build, there's no guarantee. What we do know now is that Windows 7 has some features that should make it far more appealing than its predecessor. And by the looks of things, as development for the platform becomes easier over time, and hardware continues to improve, we could be enjoying a stellar PC-gaming experience.

We'll just have to wait and see if that really happens.