February, 2008

Blog - About

About David LeBlanc's Web Log

This blog is about whatever security topics come to mind, and may occasionally wander off into other areas, like arcane C++ tricks. I'll primarily cover techniques to achieve more secure code, how to use some of the more interesting facets of the Windows operating system, and sometimes my thoughts about the general state of Internet security.

  • David LeBlanc's Web Log

    DLL Preloading Attacks

    • 2 Comments
    A DLL preloading attack is something that can get you on a lot of different platforms. One of the first variants I heard about was in an ancient telnet daemon on certain versions of UNIX where you could specify environment variables, and one of the things...
  • David LeBlanc's Web Log

    Terminating your app on heap corruption

    • 3 Comments
    Michael Howard has a FAQ on this here – there's also more information on this and related defenses in one of my chapters in Writing Secure Code for Windows Vista. One of the things I'd like to point out about enabling this, and several other defenses...
  • David LeBlanc's Web Log

    HD vs. Blu-ray (2)

    • 6 Comments
    I promise I'll get back to security stuff shortly, but over the weekend I ran into a couple of articles that explain the issues a lot better. So HD-DVD is quite likely going the way of the 8-track – no need to fight the tide (and no, I have no internal...
  • David LeBlanc's Web Log

    HD vs. Blu-Ray

    • 2 Comments
    OK, so this isn't security related at all, just felt like grumbling about the latest development. If you're not interested in my thoughts on this, skip it now. A few years ago, I remodeled my basement, and took an odd room with only one window and wired...
  • David LeBlanc's Web Log

    15 Most Influential Security People

    • 2 Comments
    This isn't exactly the list I would have drawn up, and I must be having a bad year, since I'm not on it <g>, but my friend Michael Howard is on the list. You can check it out here: http://www.eweek.com/c/a/Security/The-15-Most-Influential-People...
  • David LeBlanc's Web Log

    MulDiv Mayhem

    • 5 Comments
    Here's another episode in my ongoing quest to stamp out integer overflows. MulDiv is a Windows API that was around before we had 64-bit integers as native types. MulDiv is defined like so: int MulDiv(int a, int b, int c) Ironically, the problem...
  • David LeBlanc's Web Log

    Unsafe String Handling with strncpy

    • 0 Comments
    I recently ran into a piece of code that looked like this: int len = cchIn; strncpy(dest, src, len - 1); This is bad, because strncpy is defined as so: char *strncpy( char * strDest , const char * strSource , size_t count ); The original...
Page 1 of 1 (7 items)