March, 2007

Blog - About

About David LeBlanc's Web Log

This blog is about whatever security topics come to mind, and may occasionally wander off into other areas, like arcane C++ tricks. I'll primarily cover techniques to achieve more secure code, how to use some of the more interesting facets of the Windows operating system, and sometimes my thoughts about the general state of Internet security.

  • David LeBlanc's Web Log

    Impersonation isn't dangerous

    • 12 Comments
    I was called to task because in Writing Secure Code for Windows Vista, I asserted that from the standpoint of a service , the impersonation privilege isn't dangerous. SeImpersonate is one of the newer privileges in Windows, and has only been put there...
  • David LeBlanc's Web Log

    Attackers, Vuln Finders and Exploits – It just ain’t fair!

    • 7 Comments
    Recently took a look at "The Vulnerability Disclosure Game: Are We More Secure?" ( http://www2.csoonline.com/exclusives/column.html?CID=28072 ) by Marcus Ranum, which in turn links to "Schneier: Full Disclosure of Security Vulnerabilities a 'Damned Good...
  • David LeBlanc's Web Log

    Finally starting a blog

    • 6 Comments
    I have been putting this off for a while. Not out of concern with sharing myself in public - I've been posting on the net in various forums for around the last 15 years, and anyone good with a search engine can find all sorts of things I've said and done...
  • David LeBlanc's Web Log

    Word 2007 Blog Feature’s Password Handling

    • 3 Comments
    I knew about the blog feature – hard not to notice when every time you go to make a new document, it gives you the option of making a blog post. I'd known about it for quite a while, as I was part of the group reviewing the threat model. Last night was...
  • David LeBlanc's Web Log

    Economics of the Vulnerability Finding Game

    • 3 Comments
    A friend of mine loaned me a book - "Hidden Order: The Economics of Everyday Life", by David Friedman - It's an interesting read - the overall point is that a lot of human behavior can be explained with economic theory. Basically, it amounts to what we...
  • David LeBlanc's Web Log

    More Fun with Integers

    • 2 Comments
    Just a quick note this morning to share something I found while finishing up SafeInt 3.0. This is something more helpful with 64-bit porting than with general security, though it does have some security side effects. Warning - heavy C++ programming geek...
  • David LeBlanc's Web Log

    What's still exploitable?

    • 2 Comments
    OK, just throwing this out, hoping for some interesting comments - if you have NX, ASLR, and SafeSEH, what's still exploitable? Please note I'm absolutely, positively NOT NOT NOT saying that stuff compiled with all this is unbreakable or any such silliness...
Page 1 of 1 (7 items)