Blog - About

About David LeBlanc's Web Log

This blog is about whatever security topics come to mind, and may occasionally wander off into other areas, like arcane C++ tricks. I'll primarily cover techniques to achieve more secure code, how to use some of the more interesting facets of the Windows operating system, and sometimes my thoughts about the general state of Internet security.

  • David LeBlanc's Web Log

    Is it a Read, Write or Execute AV?

    • 1 Comments
    I didn't find this documented in the Visual Studio documentation, but it is in the latest Windows SDK. In case anyone was interested, and would like to be able to tell from inside an app whether an AV was triggered by NX, this will do it:   DWORD...
  • David LeBlanc's Web Log

    Fun with Template Specialization

    • 5 Comments
    Hannes Reuscher of the PowerPoint team turned me on to this cool C++ trick, and I used it extensively in SafeInt 2.0. There's a bunch of neat things about it – for one thing, it's the only way in C++ to actually overload something based on return type...
  • David LeBlanc's Web Log

    Why Threads Are A Bad Idea

    • 5 Comments
    My friend Tim Dodd found this presentation back when we worked together at ISS somewhere around '96-'97. It's by John Ousterhout, who worked at Sun Microsystems Laboratories – the deck is dated 9/28/95. We found it hilarious, because we worked with a...
  • David LeBlanc's Web Log

    Some Failures Are Better Than Others

    • 0 Comments
    I was presenting at the Software Security Summit yesterday – good little conference. It's a shame that conferences that show off ways to be a problem draw huge crowds, and this one is all about being part of the solution, but it's still really small after...
  • David LeBlanc's Web Log

    Crashes Are Bad, OK?

    • 3 Comments
    It's interesting to see what happens when you get slashdotted… Let's go back and see what I said in the first place, and let me elaborate just a little – if the code crashes, we have roughly the following scenarios: It's exploitable, customers aren...
  • David LeBlanc's Web Log

    It Might Not Be A Vulnerability If…

    • 3 Comments
    There's some things that just aren't vulnerabilities. If the exploit starts with "First become admin…", it might not be a vulnerability. Likewise, if the exploit starts with "First, you steal the computer, boot a rogue operating system, and then, BWAHAHAHAHA...
  • David LeBlanc's Web Log

    Don’t Impersonate If You Don’t Have To

    • 3 Comments
    Previously, I claimed that impersonation wasn't dangerous - to the impersonator – this is NOT true for the one being impersonated if it's a high level account – it's actually a fairly hazardous thing to be doing, since a lot of people make mistakes doing...
  • David LeBlanc's Web Log

    What’s Exploitable?

    • 3 Comments
    As I alluded to previously, this has gotten to be a more and more interesting question lately. One of the things I've been kicking around is a sort of flowchart so that people who don't study this stuff will come to the correct conclusion more often....
  • David LeBlanc's Web Log

    Exception Handlers Are Baaad

    • 3 Comments
    I've said a lot of times that incorrect use of exception handlers will get you hacked. I go into some detail on this in WSCV, due out shortly. It's recently come up in regards to the .ani issue currently making the rounds. From the full disclosure list...
  • David LeBlanc's Web Log

    Don’t Forget the Document Password!

    • 1 Comments
    Some interesting tid-bits from the password crackers: http://www.lostpassword.com/office.htm Word 2007 and Excel 2007 use an industry-strength AES encryption algorithm that makes password search speed slow: 20-100 passwords per second on an average...
  • David LeBlanc's Web Log

    Even More Cool Integer Tricks

    • 2 Comments
    OK, so this is just utterly geeky, and would really only come in handy if you're writing something like SafeInt – How to tell if a numeric template type is a bool at compile time: isBool = ((T)1 == (T)2) if type T is a bool, then this is true...
  • David LeBlanc's Web Log

    Being Part of the Solution

    • 2 Comments
    One of the comments to my last post asked how someone could be part of the solution, as opposed to part of the problem. Here are some thoughts on the issue, based on my experiences of being one of the people finding problems from outside, and one of the...
  • David LeBlanc's Web Log

    Word 2007 Blog Feature’s Password Handling

    • 3 Comments
    I knew about the blog feature – hard not to notice when every time you go to make a new document, it gives you the option of making a blog post. I'd known about it for quite a while, as I was part of the group reviewing the threat model. Last night was...
  • David LeBlanc's Web Log

    Attackers, Vuln Finders and Exploits – It just ain’t fair!

    • 7 Comments
    Recently took a look at "The Vulnerability Disclosure Game: Are We More Secure?" ( http://www2.csoonline.com/exclusives/column.html?CID=28072 ) by Marcus Ranum, which in turn links to "Schneier: Full Disclosure of Security Vulnerabilities a 'Damned Good...
  • David LeBlanc's Web Log

    What's still exploitable?

    • 2 Comments
    OK, just throwing this out, hoping for some interesting comments - if you have NX, ASLR, and SafeSEH, what's still exploitable? Please note I'm absolutely, positively NOT NOT NOT saying that stuff compiled with all this is unbreakable or any such silliness...
  • David LeBlanc's Web Log

    Impersonation isn't dangerous

    • 12 Comments
    I was called to task because in Writing Secure Code for Windows Vista, I asserted that from the standpoint of a service , the impersonation privilege isn't dangerous. SeImpersonate is one of the newer privileges in Windows, and has only been put there...
  • David LeBlanc's Web Log

    Economics of the Vulnerability Finding Game

    • 3 Comments
    A friend of mine loaned me a book - "Hidden Order: The Economics of Everyday Life", by David Friedman - It's an interesting read - the overall point is that a lot of human behavior can be explained with economic theory. Basically, it amounts to what we...
  • David LeBlanc's Web Log

    More Fun with Integers

    • 2 Comments
    Just a quick note this morning to share something I found while finishing up SafeInt 3.0. This is something more helpful with 64-bit porting than with general security, though it does have some security side effects. Warning - heavy C++ programming geek...
  • David LeBlanc's Web Log

    Finally starting a blog

    • 6 Comments
    I have been putting this off for a while. Not out of concern with sharing myself in public - I've been posting on the net in various forums for around the last 15 years, and anyone good with a search engine can find all sorts of things I've said and done...
Page 4 of 4 (94 items) 1234