April 2007 - Posts

Fun with Template Specialization
Hannes Reuscher of the PowerPoint team turned me on to this cool C++ trick, and I used it extensively in SafeInt 2.0. There's a bunch of neat things about it – for one thing, it's the only way in C++ to actually overload something based on return type. Read More...
Posted 26 April 07 11:25 by david_leblanc | 5 Comments   
Why Threads Are A Bad Idea
My friend Tim Dodd found this presentation back when we worked together at ISS somewhere around '96-'97. It's by John Ousterhout, who worked at Sun Microsystems Laboratories – the deck is dated 9/28/95. We found it hilarious, because we worked with a Read More...
Posted 19 April 07 11:26 by david_leblanc | 5 Comments   
Some Failures Are Better Than Others
I was presenting at the Software Security Summit yesterday – good little conference. It's a shame that conferences that show off ways to be a problem draw huge crowds, and this one is all about being part of the solution, but it's still really small after Read More...
Posted 17 April 07 09:57 by david_leblanc | 0 Comments   
Crashes Are Bad, OK?
It's interesting to see what happens when you get slashdotted… Let's go back and see what I said in the first place, and let me elaborate just a little – if the code crashes, we have roughly the following scenarios: It's exploitable, customers aren't Read More...
Posted 16 April 07 08:48 by david_leblanc | 3 Comments   
It Might Not Be A Vulnerability If…
There's some things that just aren't vulnerabilities. If the exploit starts with "First become admin…", it might not be a vulnerability. Likewise, if the exploit starts with "First, you steal the computer, boot a rogue operating system, and then, BWAHAHAHAHA…", Read More...
Posted 09 April 07 11:06 by david_leblanc | 3 Comments   
Don’t Impersonate If You Don’t Have To
Previously, I claimed that impersonation wasn't dangerous - to the impersonator – this is NOT true for the one being impersonated if it's a high level account – it's actually a fairly hazardous thing to be doing, since a lot of people make mistakes doing Read More...
Posted 07 April 07 07:34 by david_leblanc | 3 Comments   
What’s Exploitable?
As I alluded to previously, this has gotten to be a more and more interesting question lately. One of the things I've been kicking around is a sort of flowchart so that people who don't study this stuff will come to the correct conclusion more often. Read More...
Posted 04 April 07 10:21 by david_leblanc | 3 Comments   
Exception Handlers Are Baaad
I've said a lot of times that incorrect use of exception handlers will get you hacked. I go into some detail on this in WSCV, due out shortly. It's recently come up in regards to the .ani issue currently making the rounds. From the full disclosure list: Read More...
Posted 03 April 07 11:09 by david_leblanc | 3 Comments   
Don’t Forget the Document Password!
Some interesting tid-bits from the password crackers: http://www.lostpassword.com/office.htm Word 2007 and Excel 2007 use an industry-strength AES encryption algorithm that makes password search speed slow: 20-100 passwords per second on an average PC. Read More...
Posted 01 April 07 09:37 by david_leblanc | 0 Comments   
Even More Cool Integer Tricks
OK, so this is just utterly geeky, and would really only come in handy if you're writing something like SafeInt – How to tell if a numeric template type is a bool at compile time: isBool = ((T)1 == (T)2) if type T is a bool, then this is true, else it's Read More...
Posted 01 April 07 08:57 by david_leblanc | 2 Comments   
Being Part of the Solution
One of the comments to my last post asked how someone could be part of the solution, as opposed to part of the problem. Here are some thoughts on the issue, based on my experiences of being one of the people finding problems from outside, and one of the Read More...
Posted 01 April 07 12:23 by david_leblanc | 2 Comments   
Page view tracker