David LeBlanc's Web Log

I've said a lot of times that incorrect use of exception handlers will get you hacked. I go into some detail on this in WSCV, due out shortly. It's recently come up in regards to the .ani issue currently making the rounds. From the full disclosure list...

My friend Tim Dodd found this presentation back when we worked together at ISS somewhere around '96-'97. It's by John Ousterhout, who worked at Sun Microsystems Laboratories – the deck is dated 9/28/95. We found it hilarious, because we worked with a...

Hannes Reuscher of the PowerPoint team turned me on to this cool C++ trick, and I used it extensively in SafeInt 2.0. There's a bunch of neat things about it – for one thing, it's the only way in C++ to actually overload something based on return type...

Some interesting tid-bits from the password crackers: http://www.lostpassword.com/office.htm Word 2007 and Excel 2007 use an industry-strength AES encryption algorithm that makes password search speed slow: 20-100 passwords per second on an average...

Previously, I claimed that impersonation wasn't dangerous - to the impersonator – this is NOT true for the one being impersonated if it's a high level account – it's actually a fairly hazardous thing to be doing, since a lot of people make mistakes doing...

It's interesting to see what happens when you get slashdotted… Let's go back and see what I said in the first place, and let me elaborate just a little – if the code crashes, we have roughly the following scenarios: It's exploitable, customers aren...

One of the comments to my last post asked how someone could be part of the solution, as opposed to part of the problem. Here are some thoughts on the issue, based on my experiences of being one of the people finding problems from outside, and one of the...

OK, so this is just utterly geeky, and would really only come in handy if you're writing something like SafeInt – How to tell if a numeric template type is a bool at compile time: isBool = ((T)1 == (T)2) if type T is a bool, then this is true...

There's some things that just aren't vulnerabilities. If the exploit starts with "First become admin…", it might not be a vulnerability. Likewise, if the exploit starts with "First, you steal the computer, boot a rogue operating system, and then, BWAHAHAHAHA...

As I alluded to previously, this has gotten to be a more and more interesting question lately. One of the things I've been kicking around is a sort of flowchart so that people who don't study this stuff will come to the correct conclusion more often....

I was presenting at the Software Security Summit yesterday – good little conference. It's a shame that conferences that show off ways to be a problem draw huge crowds, and this one is all about being part of the solution, but it's still really small after...