Michael Howard's Web Log

I wrote an article about performing security code reviews that appears in the July/August 2006 edition of IEEE Security & Privacy . Oh, and by the way, there's a little typo in the article; my name is Michael Howard, not Michael A. Howard. Unlike...

I suppose someone has to keep the home fires burning! Seriously, it's great to see the Windows Vista presentations were well received at Black Hat 2006: Microsoft gets good reception at Black Hat . That being said, one of the advantages of half the team...

These papers are aimed at IT type folks and non-technical users. Skip this blog post if you're a developer! Protecting Clients from Network Attacks Securing Remote Clients and Portable Computers How to Configure Windows Firewall in a Small Business...

In a prior post, " Protecting against Pointer Subterfuge (Kinda!) " I described the algorithm we used to encode and decode long-lived pointers in memory to make them harder to exploit after a buffer overrun. A couple of days after the post, I received...

I just noticed these blog posts related to Windows Vista security that may interest y'all. Built-in Administrator Account Disabled Sidebar Security Elevations Are Now Blocked in the User's Logon Path

In June 2006, Microsoft released Dynamics AX 4.0, which was the first full version to be developed in Microsoft using the Security Development Lifecycle (SDL). A key deliverable by this team is a document on security considerations for Dynamics AX development...