Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Computer Security   (RSS)
Friday, May 16, 2008 11:50 PM

Lead my team!

My team (SWI React) is hiring for a lead position . Details: Job Title: Lead Software Development Engineer Job Category: Software Development Product: Trustworthy Computing Date Posted: 02/16/2008 Job Code: 223577 Location: WA - Redmond Travel Required:
Posted by dross | 0 Comments
Monday, March 10, 2008 1:06 PM

XSS-Focused Attack Surface Reduction

All web browsers expose what have been referred to as XSS “attack vectors” – various techniques that XSS attacks can leverage to achieve script execution. The best and most well regarded list of these behaviors is RSnake’s XSS Cheat Sheet . The existence
Posted by dross | 1 Comments
Wednesday, February 06, 2008 10:21 AM

The Kill-Bit FAQ - Part 1 of 3 posted to SVRD blog

Check out my ActiveX Kill-Bit FAQ which is now being posted to the SVRD blog . There are three parts, the first of which is now live. Parts two and three should be up by the end of the week.
Posted by dross | 0 Comments
Thursday, December 27, 2007 7:18 PM

Security Vulnerability Research & Defense blog

My team now has a blog! http://blogs.technet.com/swi/ I'll be contributing to the team blog in the future. But don't worry -- my personal blog (this one) isn't going away!
Posted by dross | 0 Comments
Filed under:
Wednesday, September 12, 2007 10:34 AM

MashupOS

The standard IFRAME-based isolation technique for web apps is starting to show its age. We need something better! Microsoft Research has posted a new paper scheduled to appear at SOSP '07 : Protection and Communication Abstractions for Web Browsers in
Posted by dross | 0 Comments
Wednesday, August 22, 2007 12:48 PM

An innovative new defense against cross-domain vulnerabilities

Cross-domain (or “Universal XSS”) vulnerabilities have long plagued modern script-enabled web browsers. Shuo Chen of Microsoft Research has developed a new type of defense against these vulnerabilities. A paper on this new approach has been accepted to
Posted by dross | 0 Comments
Friday, August 03, 2007 11:17 AM

Pinning / Rebinding / Quick-Swap DNS Links

A group at Stanford has been researching these issues and recently published Protecting Browsers from DNS Rebinding Attacks . Also, Dan Kaminski has published his slides from Blackhat 2007, Black Ops 2007: Design Reviewing The Web .
Posted by dross | 0 Comments
Monday, July 09, 2007 3:15 PM

Notes on DNS Pinning

Christian Matthies has an excellent writeup on DNS Pinning (with diagrams!) If you're tuned into web app security you've probably noticed a lot of discussion around Anti DNS Pinning a.k.a. DNS Rebinding a.k.a. Quick-Swap DNS lately. You're likely to see
Posted by dross | 1 Comments
Tuesday, June 26, 2007 9:57 AM

Inspect Your Gadget

Michael Howard and I have written up some guidance on how to develop secure Vista Sidebar Gadgets: Inspect Your Gadget
Posted by dross | 0 Comments
Friday, December 08, 2006 4:45 PM

De-obfuscation using a standalone Javascript interpreter

Mark Wodrich forwarded me this Websense blog post describing how to use a standalone Javascript interpreter to de-obfuscate some script. Thanks Mark!
Posted by dross | 0 Comments
Thursday, November 16, 2006 1:35 PM

eval() and document.write(), meet Execute and ExecuteGlobal

Be on the lookout for these two VBScript statements that can be used to achieve the same effect as eval() and document.write(): Execute and ExecuteGlobal . Jonathan Ness pointed me to an exploit sample that was using Execute, presumably to trip up any
Posted by dross | 0 Comments
Thursday, October 05, 2006 12:10 PM

Recursive Obfuscation

Thanks to Jonathan Ness for pointing me to an example of a new obfuscation technique that attempts to thwart the eval() à alert() trick . Take a look at the following obfuscation script: 1 <script> 2 function N(F,D) 3 { 4 if (!D) D = ' "#%()-./012348:;<=>@ACEGHILMOPRTVWY\\]_abcdefghijlmnopqrstuvwxyz';
Posted by dross | 0 Comments
Sunday, October 01, 2006 8:28 PM

High-bit ASCII obfuscation

Here’s another new obfuscation technique I’ve seen in use on malicious web sites recently. Check out the following HTML: <html><meta http-equiv=content-type content='text/html; charset=us-ascii'></head><body>¼óãòéðô¾áìåòô¨¢Ôèéó
Posted by dross | 0 Comments
Thursday, September 28, 2006 2:57 PM

Code length dependent obfuscation

Wow, it’s been a long time! Hopefully I can find more time to blog over the next couple of months. In any event, my paper from last year really could use some updates. Among other things there are a whole new slew of “Usual Suspect” vulnerabilities to
Posted by dross | 2 Comments
Monday, June 13, 2005 11:44 AM

Analyzing Browser Based Vulnerability Exploitation Incidents

I've written up a paper that describes some useful tools/techniques for deconstructing web based exploits: Analyzing Browser Based Vulnerability Exploitation Incidents The paper started as a blog entry and it remains a blog entry at its core. But since
Posted by dross | 0 Comments
 
Page view tracker