Blog - About

About David LeBlanc's Web Log

This blog is about whatever security topics come to mind, and may occasionally wander off into other areas, like arcane C++ tricks. I'll primarily cover techniques to achieve more secure code, how to use some of the more interesting facets of the Windows operating system, and sometimes my thoughts about the general state of Internet security.

  • David LeBlanc's Web Log

    Compilers, Integers and Optimizations

    • 2 Comments
    I've had a good bit of fun (for some value of fun) with hardening SafeInt against what I consider to be some nasty compiler tricks. The problem is that as soon as the compiler hits something that's technically undefined by the C++ standard, they're actually...
  • David LeBlanc's Web Log

    Bugs and Consequences

    • 0 Comments
    I've been meaning to write about overzealous compilers, and nice geeky things, but I'm going to use this forum to vent a bit. When I make a bug that messes up a customer, I generally have to fix it. I'm fairly often face to face with the customer, and...
  • David LeBlanc's Web Log

    Another technique for Fixing DLL Preloading attacks

    • 3 Comments
    Back in February, 2008, I posted on DLL preloading attacks and how to avoid them here . It seems that the problem has recently gotten a lot of attention – currently called "Binary Planting". You can read more about that at the MSRC blog , the SWI...
  • David LeBlanc's Web Log

    MS10-048 – Getting the Math Right

    • 1 Comments
    The Security Research and Defense blog detailed an integer overflow here . The code looks like this: case DBT_DEVTYP_PORT: pPortW = (PDEV_BROADCAST_PORT_W)lParam; if ((1+wcslen( pPortW->dbcp_name ))*sizeof(WCHAR) + FIELD_OFFSET(DEV_BROADCAST_PORT_W...
  • David LeBlanc's Web Log

    Acrobat is Getting a Sandbox

    • 1 Comments
    We've been helping Adobe to get a sandbox going which is similar to what we used in Office 2010 for Protected View. Their blog post about it is Introducing Adobe Reader Protected Mode . I'm excited that the sandboxing approaches that we've pioneered in...
  • David LeBlanc's Web Log

    DSig Q & A

    • 0 Comments
    I'm going to cover the answers to some of the questions that came in after Shelley answered the first round in her post . Q: What will happen if I try to verify a doc signed in 2010 in office 2007/Office 2007 ? A: I'm assuming that the person asking...
  • David LeBlanc's Web Log

    Office 2010 Digital Signatures and XAdES

    • 3 Comments
    Shelley Gu, the program manager for Office signatures, has already posted the PM version of what we've done to improve digital signatures in the Office 2010 Engineering blog back in December. Her post is here . While Shelley did a nice job of an overview...
  • David LeBlanc's Web Log

    New “Improved” Site

    • 1 Comments
    Hrmph. So they managed to disappear my last post, and now my blog looks really generic. I liked the way it used to look, thankyouverymuch. Then I discovered that while Word on my laptop somehow knew the right password, I didn't have it written down...
  • David LeBlanc's Web Log

    You don’t have to be faster than the bear

    • 2 Comments
    Note – this post disappeared during the blog upgrade, recovered due to search cache. Just got done reading Michal Zalewski's really interesting post on the Zero Day blog, found here. His premise, which I don't debate, is that we've done a lousy job...
  • David LeBlanc's Web Log

    Don’t Use Office RC4 Encryption. Really. Just don’t do it.

    • 1 Comments
    Yesterday, a BlackHat Europe presentation on Office 2003 encryption was brought to my attention. Seems that Eric Filiol has done quite a bit of work to recover RC4 encrypted Office documents using an issue that was brought to our attention in 2004. Eric...
  • David LeBlanc's Web Log

    Before We Had MSRC

    • 1 Comments
    Just ran into a post by Gene Schultz - http://blog.emagined.com/2009/07/21/trouble-brewing-in-the-cloud/ - I first ran into Gene when I worked back at ISS – interesting guy. I think we share some of the same concerns about the security of moving things...
  • David LeBlanc's Web Log

    Office 2007 SP2 Encryption Settings

    • 2 Comments
    Now that we've actually shipped SP2, some of you may be curious about how to use the shiny new encryption. Here's the registry settings: Registry keys Base keys (also corresponding Policy keys) HKCU\Software\Microsoft...
  • David LeBlanc's Web Log

    Legacy RC4 Example on Codeplex

    • 2 Comments
    Just a quick note on this – a customer had a question about the old RC4 40-bit encryption yesterday, and this prodded me into taking some memory dumps of intermediate steps and figuring out where my own example code wasn't working. Fortunately, it wasn...
  • David LeBlanc's Web Log

    MS-Offcrypto Example Update

    • 0 Comments
    Just a quick note that I've updated the examples. I added an example for the CAPI RC4 encryption that does work. Along the way, I got smarter about managed C++ and C# interop, which turned out to be a bit of an adventure. I didn't find the documentation...
  • David LeBlanc's Web Log

    MS-Offcrypto Examples

    • 2 Comments
    In response to some questions I've gotten about details of MS-OFFCRYPTO, I've created a CodePlex project to contain sample code demonstrating the documentation. You can find it at http://www.codeplex.com/offcrypto . I had originally wanted to include...
  • David LeBlanc's Web Log

    CVE Count and Statistics

    • 1 Comments
    Larry Seltzer had some interesting comments on my post about the rate of Office vulnerabilities at Vulnerabilities and Office Versions There may be a little flaw in the analysis in that LeBlanc studied reports during the period from 9/18/2007 to...
  • David LeBlanc's Web Log

    Office Crypto KDF Details

    • 0 Comments
    I've gotten a couple of questions asking how our key derivation function works. The technique is very similar to that described in RFC 2898, also known as PKCS #5. There are two key derivation functions (KDF) documented in this RFC – PBKDF1 and PBKDF2...
  • David LeBlanc's Web Log

    New, Improved Office Crypto

    • 2 Comments
    If you're enough of an Office crypto geek to stay on top of the most recent changes in MS-OFFCRYPTO, you already know about some of this, but my assumption is that most people aren't going to want to parse something that hard to read. What we're doing...
  • David LeBlanc's Web Log

    SafeInt Compiles on gcc!

    • 4 Comments
    [update 12-1-08] I now have it completely compiling on gcc, with a test harness that exercises every method of the class for every combination of types (all 15 of them). Version 3.0.12p is now moved to release status. Once I got SafeInt posted on CodePlex...
  • David LeBlanc's Web Log

    Improvements in Office Security

    • 3 Comments
    We now have a pretty neat internal web site where I can easily search for CVE entries and bulletin counts by product. It shows some interesting trends that I hope will continue to hold. First, let me preface this by saying that CVE entry count is a better...
  • David LeBlanc's Web Log

    MS-OFFCRYPTO, W7 Engineering blog, etc

    • 1 Comments
    We have a new version of MS-OFFCRYPTO out. The big change is that how CryptDeriveKey was documented on MSDN was incorrect, we copied it, which made our document also incorrect. As it turns out, CryptDeriveKey always uses the same code path for AES as...
  • David LeBlanc's Web Log

    SafeInt 3 on CodePlex!

    • 1 Comments
    I have finally found a stable place to keep SafeInt. It can now be found at http://www.codeplex.com/SafeInt . In terms of the code, this is exactly the same stuff as we're using internally. This version is documented a little better than the master copy...
  • David LeBlanc's Web Log

    Chrome Getting a Bit Rusty

    • 2 Comments
    Put this one in the rant category – I'm honored that Google has been paying attention to my blog and decided to use my sandboxing approach to try and make their app more secure. Very cool stuff, and they did some interesting things that I want to better...
  • David LeBlanc's Web Log

    Why can't you comment?

    • 0 Comments
    This is because $#@!!!! spammers can screw up anything. I have to disallow anonymous comments, or I get a bazillion blog spam comments, I check comments a week later, and there's 200 of these that I can only delete 10-20 at a time. Annoying to say the...
  • David LeBlanc's Web Log

    Ptrdiff_t is evil

    • 5 Comments
    Well, not really, but here's a code problem that confounded some really smart devs – and it looks so simple! void IncPtr( unsigned int cElements ) { if( m_pMax - m_pCurrent > cElements ) m_pCurrent += cElements; else throw; } ...
Page 1 of 4 (94 items) 1234