I probably get asked this question every other day, "is there any security education available from Microsoft for my developers?" and the answer is, of course, yes. Here are my top picks: Course 2806 Microsoft Security Guidance Training for Developers...

I just posted a new Code Secure article on MSDN about running as an admin, but executing browsers and email clients in lower privilege. http://msdn.microsoft.com/security/securecode/columns/default.aspx?pull=/library/en-us/dncode/html/secure11152004.asp

If you use SAMBA 3.0.7 or prior (appears, 2.x is not vulnerable) you should read this http://www.kb.cert.org/vuls/id/457622 , here's a snippet: Vulnerability Note VU#457622 Samba QFILEPATHINFO handling routine contains a remotely exploitable buffer overflow...

A colleague sent me a link to an interesting article that looks just like an integer overflow issue: http://www.palmbeachpost.com/politics/content/news/epaper/2004/11/05/a29a_BROWVOTE_1105.html Broward machines count backward By Eliot Kleinberg Palm Beach...

A nasty set of security bug fixes by Mandrake in xorg-x11 had the funniest text I've seen in a security bulletin. Ever! I have highlighted the funny part in red. http://www.linuxsecurity.com/advisories/mandrake_advisory-5081.html Problem Description:...

Wow, 9 years recommended for spamming! http://www.msnbc.msn.com/id/6401091/

Normally, most phishing attacks don't get past the spam filters, but this one did, not sure why... anyway here it is, complete with an appropriate level of bad grammar! Oh, and the IP address points to China! Dear Customer: Recently there have been a...

Weighing in at a hefty 3Mb and 109pp, the NSA has posted the "Apple Mac OS Security Configuration Guide." If you use Macs you should read this doc at http://www.nsa.gov/snac/os/applemac/osx_client_final_v.1.pdf This is goodness.

Following my previous post about the Apache 'fix', I was asked what code examples I had showing lousy instances of strncpy and strncat. <rant> Many developers think that because they are using a counted string copy function the code is safe from...