Michael Howard's Web Log

I've recieved a number of emails from folks saying they have got their copies of our latest book, Writing Secure Code for Windows Vista . David and I got our copies yesterday. The first things that hit me about the book are (a) it's the smallest book...

A good friend of mine bought a new Sony Vaio with Windows Vista preinstalled. But there was a problem: every minute or so, the computer would enter sleep mode. So he emailed me to ask if I knew of any issues (of course, I'm the local tech support!...

Feliciano Intini (a senior security guy in Microsoft Italy) has posted an excellent analysis of the MS07-017 bulletin released today. Essentially, it's a roll up of graphic-related fixes. Of the seven discrete fixes: All seven affected Windows...

As y’all know, the Visual C++ /GS compiler flag adds prolog and epilog code to certain functions to help detect some classes of stack based buffer overruns at runtime. In VC++ 2005, the code looks like this: Function prolog sub esp, 8 mov eax...

At the end of June my family and I are moving to Austin, Texas. I’ll still be doing a lot of the same stuff I’m doing now, but from Austin rather than Redmond. I’ll really miss Redmond, but Austin offers an excellent opportunity; I’ll spend almost 100...

I just posted an analysis over on the SDL blog of the lessons we learned from the recent animated curser (ANI) bug.

From the Helping to Secure the Ecosystem Dept. Here’s some good news for people using CodeGear’s Delphi . The new Delphi 2007 release, available now, supports NX and ASLR . The CodeGear Delphi 2007 compiler supports ASLR via any of these three...

We have started a new blog, the SDL blog - we have an interesting array of folks working on the blog, all of them are deeply involved with SDL here at Microsoft, as we want to open up the inner workings a little more. Enjoy.