I knew about the blog feature – hard not to notice when every time you go to make a new document, it gives you the option of making a blog post. I'd known about it for quite a while, as I was part of the group reviewing the threat model. Last night was...

Recently took a look at "The Vulnerability Disclosure Game: Are We More Secure?" ( http://www2.csoonline.com/exclusives/column.html?CID=28072 ) by Marcus Ranum, which in turn links to "Schneier: Full Disclosure of Security Vulnerabilities a 'Damned Good...

OK, just throwing this out, hoping for some interesting comments - if you have NX, ASLR, and SafeSEH, what's still exploitable? Please note I'm absolutely, positively NOT NOT NOT saying that stuff compiled with all this is unbreakable or any such silliness...

I was called to task because in Writing Secure Code for Windows Vista, I asserted that from the standpoint of a service , the impersonation privilege isn't dangerous. SeImpersonate is one of the newer privileges in Windows, and has only been put there...

A friend of mine loaned me a book - "Hidden Order: The Economics of Everyday Life", by David Friedman - It's an interesting read - the overall point is that a lot of human behavior can be explained with economic theory. Basically, it amounts to what we...

Just a quick note this morning to share something I found while finishing up SafeInt 3.0. This is something more helpful with 64-bit porting than with general security, though it does have some security side effects. Warning - heavy C++ programming geek...

I have been putting this off for a while. Not out of concern with sharing myself in public - I've been posting on the net in various forums for around the last 15 years, and anyone good with a search engine can find all sorts of things I've said and done...