Michael Howard's Web Log

There's been a little confusion about raw sockets and Windows XP SP2. Hopefully, this little entry from the "Changes in functionality..." doc (see my last blog entry for an URL to the doc) should explain things a little better: A very small number of...

The Windows Privacy Statement highlights 27 components that have historically been of interest to privacy advocates and customers, and the 6 page IE Privacy Statement highlights some of the new IE features including “Pop up Blocker”, “Untrusted Publishers...

Ages ago, I wrote a little DHTML tool to help people determine the appropriate authentication settings to use with different browsers, servers and Web servers. It helped a good many people, but it was simple. Today, the IIS team has released a much more...

I talk to many people about threat modeling. All the time! Invariably, an idea pops into my head about about ways to streamline things, or make them more concrete or usable. Just recently, I scribbled down some notes about threat modeling. I assume you...

Last night I bought a shiny new PC for home; it's based on an AMD Athlon 64 FX, with 2x160Gb SATA RAID-0 drives, 1Gig of RAM and an nVidia GeForce 6800 Ultra. It's pretty quick :) I got the AMD Athlon CPU primarily for the Data Execution Protection support...

A nice article on the subject, focused firmly on infrastructure, written by Pete Lindstrom at Information Security Magazine: http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss446_art927,00.html The two opening para's sum it up nicely: The time...

I'm in New Zealand right now, talking at TechEd. A customer asked me where he could find list of all my old “Code Secure” columns on MSDN. I wasn't aware but things have moved around a little on msdn.microsoft.com, making it a little hard...

I was asked by a TechEd attendee which web sites often visit. I scan the following every morning, just to see if there's any little tidbits of useful stuff: http://security-protocols.com/ http://www.csoonline.com/ http://www.governmentsecurity...

Blurb from http://www.microsoft.com/mbsa : New version, MBSA 1.2.1, needed for Windows XP SP2 compatibility: Users of Windows XP Service Pack 2 will need to update their MBSA to version 1.2.1 for compatibility with SP2 security improvements. Windows XP...

I would highly recommend you read this! http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2chngs.mspx

http://www.jinx.com/scripts/details.asp?affid=-1&s=1&productID=143 :-)

"Application Compatibility Testing and Mitigation Guide for Windows XP Service Pack 2" is now available here . From the abstract: Windows® XP Service Pack 2 introduces a number of security features and technologies to help protect against attacks on computers...

I'm just gonna give a diff this time Chapter 16, Page 515 The URL for SiteLock is now incorrect – the new link is http://msdn.microsoft.com/archive/default.asp?url=/archive/en-us/samples/internet/components/sitelock .