Blog - About

About David LeBlanc's Web Log

This blog is about whatever security topics come to mind, and may occasionally wander off into other areas, like arcane C++ tricks. I'll primarily cover techniques to achieve more secure code, how to use some of the more interesting facets of the Windows operating system, and sometimes my thoughts about the general state of Internet security.

  • David LeBlanc's Web Log

    Office SP3 and File formats

    • 14 Comments
    In Office 2007, we changed the default to disable a number of older file formats where we saw very low usage and a high security risk in our code that loads these formats. From the security standpoint, this is the right thing to do. From the data we have...
  • David LeBlanc's Web Log

    Impersonation isn't dangerous

    • 12 Comments
    I was called to task because in Writing Secure Code for Windows Vista, I asserted that from the standpoint of a service , the impersonation privilege isn't dangerous. SeImpersonate is one of the newer privileges in Windows, and has only been put there...
  • David LeBlanc's Web Log

    New File Converter Coming Soon

    • 11 Comments
    You might have recently heard something about the new "Microsoft Office Isolated Conversion Environment", a tool we are providing to help protect Office 2003 users from malicious content in Office files. You might be asking yourself what it is, and why...
  • David LeBlanc's Web Log

    DREADful

    • 8 Comments
    Both the STRIDE and DREAD systems Michael and I documented in Writing Secure Code have been criticized quite a bit. Neither of them were developed with any real academic rigor, and from a scientific standpoint, neither of them tend to hold up very well...
  • David LeBlanc's Web Log

    Threat Modeling the Bold Button is Boring

    • 8 Comments
    I've been reading Larry Osterman's blog lately – he's a smart guy, and one of the very first people at Microsoft I ever met (virtually anyway – it was years before we met in person). Larry came to my defense when Seattle Lab tried to tell us that Windows...
  • David LeBlanc's Web Log

    Attackers, Vuln Finders and Exploits – It just ain’t fair!

    • 7 Comments
    Recently took a look at "The Vulnerability Disclosure Game: Are We More Secure?" ( http://www2.csoonline.com/exclusives/column.html?CID=28072 ) by Marcus Ranum, which in turn links to "Schneier: Full Disclosure of Security Vulnerabilities a 'Damned Good...
  • David LeBlanc's Web Log

    Office Crypto Follies

    • 7 Comments
    What I've been working on lately that has kept me from doing nearly anything else can be found at: http://msdn.microsoft.com/en-us/library/cc313071.aspx MS-OFFCRYPTO is very detailed documentation of exactly how we do cryptography for binary and...
  • David LeBlanc's Web Log

    HD vs. Blu-ray (2)

    • 6 Comments
    I promise I'll get back to security stuff shortly, but over the weekend I ran into a couple of articles that explain the issues a lot better. So HD-DVD is quite likely going the way of the 8-track – no need to fight the tide (and no, I have no internal...
  • David LeBlanc's Web Log

    Finally starting a blog

    • 6 Comments
    I have been putting this off for a while. Not out of concern with sharing myself in public - I've been posting on the net in various forums for around the last 15 years, and anyone good with a search engine can find all sorts of things I've said and done...
  • David LeBlanc's Web Log

    Why Threads Are A Bad Idea

    • 5 Comments
    My friend Tim Dodd found this presentation back when we worked together at ISS somewhere around '96-'97. It's by John Ousterhout, who worked at Sun Microsystems Laboratories – the deck is dated 9/28/95. We found it hilarious, because we worked with a...
  • David LeBlanc's Web Log

    Fun with Template Specialization

    • 5 Comments
    Hannes Reuscher of the PowerPoint team turned me on to this cool C++ trick, and I used it extensively in SafeInt 2.0. There's a bunch of neat things about it – for one thing, it's the only way in C++ to actually overload something based on return type...
  • David LeBlanc's Web Log

    Practical Windows Sandboxing – Part 3

    • 5 Comments
    The third tool we need in order to create a sandboxed app is a desktop. We've said in many places that the desktop is a security boundary. Unfortunately, there's little real security within a desktop – and this isn't something unique to Windows – the...
  • David LeBlanc's Web Log

    Ptrdiff_t is evil

    • 5 Comments
    Well, not really, but here's a code problem that confounded some really smart devs – and it looks so simple! void IncPtr( unsigned int cElements ) { if( m_pMax - m_pCurrent > cElements ) m_pCurrent += cElements; else throw; } ...
  • David LeBlanc's Web Log

    MulDiv Mayhem

    • 5 Comments
    Here's another episode in my ongoing quest to stamp out integer overflows. MulDiv is a Windows API that was around before we had 64-bit integers as native types. MulDiv is defined like so: int MulDiv(int a, int b, int c) Ironically, the problem...
  • David LeBlanc's Web Log

    Evil Compiler Tricks, and Checking for Pointer Math

    • 4 Comments
    My favorite programming geek hobby being integer overflows, this caught my eye – "gcc silently discards some wraparound checks" http://www.kb.cert.org/vuls/id/162289 Basically, what it says is that code which looks like this: ============ snip...
  • David LeBlanc's Web Log

    SafeInt Compiles on gcc!

    • 4 Comments
    [update 12-1-08] I now have it completely compiling on gcc, with a test harness that exercises every method of the class for every combination of types (all 15 of them). Version 3.0.12p is now moved to release status. Once I got SafeInt posted on CodePlex...
  • David LeBlanc's Web Log

    Securing Existing Code

    • 4 Comments
    Just read Michael Howard's post about differentiating secure features, security features and security response, found at http://blogs.msdn.com/sdl/archive/2007/12/17/security-is-not-all-about-security-updates.aspx , and wanted to offer some counterpoints...
  • David LeBlanc's Web Log

    Avoiding C++ vulnerabilities

    • 4 Comments
    Just returned from Blackhat – it always seems that the presentations I most want to see happen at the same time as I'm scheduled to talk. Neel Mehta, John McDonald and Mark Dowd were talking about finding exploitable C++ specific flaws, and I was only...
  • David LeBlanc's Web Log

    Practical Windows Sandboxing, Part 2

    • 4 Comments
    Once you have a process in a restricted token, the next tool you can use to limit what it can do is a job object. Like restricted tokens, these shipped in Windows 2000. A job object is similar to how ulimits work on UNIX(ish) OS's, but don't do some of...
  • David LeBlanc's Web Log

    Economics of the Vulnerability Finding Game

    • 3 Comments
    A friend of mine loaned me a book - "Hidden Order: The Economics of Everyday Life", by David Friedman - It's an interesting read - the overall point is that a lot of human behavior can be explained with economic theory. Basically, it amounts to what we...
  • David LeBlanc's Web Log

    Security Dependencies

    • 3 Comments
    There's been an interesting little tempest in a teapot going on WRT IE and Firefox. I in general don't pay a whole lot of attention to the browser vuln du jour, but this one caught my eye - http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId...
  • David LeBlanc's Web Log

    C++ operator overloading trivia

    • 3 Comments
    Learned something interesting this week that I'll be working into SafeInt 3. It all started out because if you declare a SafeInt class instance, and then try to use it as an array index, the compiler can't figure out which of the several available integer...
  • David LeBlanc's Web Log

    Exception Handlers Are Baaad

    • 3 Comments
    I've said a lot of times that incorrect use of exception handlers will get you hacked. I go into some detail on this in WSCV, due out shortly. It's recently come up in regards to the .ani issue currently making the rounds. From the full disclosure list...
  • David LeBlanc's Web Log

    What’s Exploitable?

    • 3 Comments
    As I alluded to previously, this has gotten to be a more and more interesting question lately. One of the things I've been kicking around is a sort of flowchart so that people who don't study this stuff will come to the correct conclusion more often....
  • David LeBlanc's Web Log

    Don’t Impersonate If You Don’t Have To

    • 3 Comments
    Previously, I claimed that impersonation wasn't dangerous - to the impersonator – this is NOT true for the one being impersonated if it's a high level account – it's actually a fairly hazardous thing to be doing, since a lot of people make mistakes doing...
Page 1 of 4 (94 items) 1234