I've had a good bit of fun (for some value of fun) with hardening SafeInt against what I consider to be some nasty compiler tricks. The problem is that as soon as the compiler hits something that's technically undefined by the C++ standard, they're actually...

I've been meaning to write about overzealous compilers, and nice geeky things, but I'm going to use this forum to vent a bit. When I make a bug that messes up a customer, I generally have to fix it. I'm fairly often face to face with the customer, and...

Back in February, 2008, I posted on DLL preloading attacks and how to avoid them here . It seems that the problem has recently gotten a lot of attention – currently called "Binary Planting". You can read more about that at the MSRC blog , the SWI...

The Security Research and Defense blog detailed an integer overflow here . The code looks like this: case DBT_DEVTYP_PORT: pPortW = (PDEV_BROADCAST_PORT_W)lParam; if ((1+wcslen( pPortW->dbcp_name ))*sizeof(WCHAR) + FIELD_OFFSET(DEV_BROADCAST_PORT_W...

We've been helping Adobe to get a sandbox going which is similar to what we used in Office 2010 for Protected View. Their blog post about it is Introducing Adobe Reader Protected Mode . I'm excited that the sandboxing approaches that we've pioneered in...

I'm going to cover the answers to some of the questions that came in after Shelley answered the first round in her post . Q: What will happen if I try to verify a doc signed in 2010 in office 2007/Office 2007 ? A: I'm assuming that the person asking...

Shelley Gu, the program manager for Office signatures, has already posted the PM version of what we've done to improve digital signatures in the Office 2010 Engineering blog back in December. Her post is here . While Shelley did a nice job of an overview...

Hrmph. So they managed to disappear my last post, and now my blog looks really generic. I liked the way it used to look, thankyouverymuch. Then I discovered that while Word on my laptop somehow knew the right password, I didn't have it written down...

Note – this post disappeared during the blog upgrade, recovered due to search cache. Just got done reading Michal Zalewski's really interesting post on the Zero Day blog, found here. His premise, which I don't debate, is that we've done a lousy job...

Yesterday, a BlackHat Europe presentation on Office 2003 encryption was brought to my attention. Seems that Eric Filiol has done quite a bit of work to recover RC4 encrypted Office documents using an issue that was brought to our attention in 2004. Eric...

Just ran into a post by Gene Schultz - http://blog.emagined.com/2009/07/21/trouble-brewing-in-the-cloud/ - I first ran into Gene when I worked back at ISS – interesting guy. I think we share some of the same concerns about the security of moving things...

Now that we've actually shipped SP2, some of you may be curious about how to use the shiny new encryption. Here's the registry settings: Registry keys Base keys (also corresponding Policy keys) HKCU\Software\Microsoft...

Just a quick note on this – a customer had a question about the old RC4 40-bit encryption yesterday, and this prodded me into taking some memory dumps of intermediate steps and figuring out where my own example code wasn't working. Fortunately, it wasn...

Just a quick note that I've updated the examples. I added an example for the CAPI RC4 encryption that does work. Along the way, I got smarter about managed C++ and C# interop, which turned out to be a bit of an adventure. I didn't find the documentation...

In response to some questions I've gotten about details of MS-OFFCRYPTO, I've created a CodePlex project to contain sample code demonstrating the documentation. You can find it at http://www.codeplex.com/offcrypto . I had originally wanted to include...

Larry Seltzer had some interesting comments on my post about the rate of Office vulnerabilities at Vulnerabilities and Office Versions There may be a little flaw in the analysis in that LeBlanc studied reports during the period from 9/18/2007 to...

I've gotten a couple of questions asking how our key derivation function works. The technique is very similar to that described in RFC 2898, also known as PKCS #5. There are two key derivation functions (KDF) documented in this RFC – PBKDF1 and PBKDF2...

If you're enough of an Office crypto geek to stay on top of the most recent changes in MS-OFFCRYPTO, you already know about some of this, but my assumption is that most people aren't going to want to parse something that hard to read. What we're doing...

[update 12-1-08] I now have it completely compiling on gcc, with a test harness that exercises every method of the class for every combination of types (all 15 of them). Version 3.0.12p is now moved to release status. Once I got SafeInt posted on CodePlex...

We now have a pretty neat internal web site where I can easily search for CVE entries and bulletin counts by product. It shows some interesting trends that I hope will continue to hold. First, let me preface this by saying that CVE entry count is a better...

We have a new version of MS-OFFCRYPTO out. The big change is that how CryptDeriveKey was documented on MSDN was incorrect, we copied it, which made our document also incorrect. As it turns out, CryptDeriveKey always uses the same code path for AES as...

I have finally found a stable place to keep SafeInt. It can now be found at http://www.codeplex.com/SafeInt . In terms of the code, this is exactly the same stuff as we're using internally. This version is documented a little better than the master copy...

Put this one in the rant category – I'm honored that Google has been paying attention to my blog and decided to use my sandboxing approach to try and make their app more secure. Very cool stuff, and they did some interesting things that I want to better...

This is because $#@!!!! spammers can screw up anything. I have to disallow anonymous comments, or I get a bazillion blog spam comments, I check comments a week later, and there's 200 of these that I can only delete 10-20 at a time. Annoying to say the...

Well, not really, but here's a code problem that confounded some really smart devs – and it looks so simple! void IncPtr( unsigned int cElements ) { if( m_pMax - m_pCurrent > cElements ) m_pCurrent += cElements; else throw; } ...