Eugene Siu's Thoughts on Security
Share my latest security research and techniques
Part 1 of this installment discussed the unsafe nature of MultiByteToWideChar and...
Date: 11/15/2008
There are a few well-known unsafe APIs in the standard C library, such as strcpy and memcpy. ...
Date: 11/06/2008
What are your favorite security blogs or podcasts? Here are mine. Please leave yours in...
Date: 10/23/2008
Out of Band security patch MS08-067 is released today. Microsoft strives to keep our monthly...
Date: 10/23/2008
Technorati Tags: Security Every second Tuesday, MSRC releases security patches for Microsoft...
Date: 10/15/2008
<script>alert()</script>
Date: 03/25/2008
I had a very strange networking issue last weekend. After connecting to corpnet via VPN and direct...
Date: 11/05/2007
As a security guy, I can safely say that there is no magic bullet to mitigate any security problems...
Date: 10/19/2007
If you chuckle at this comic strip, congratulations! You are a security geek. If you don't chuckle,...
Date: 10/11/2007
"Given enough eyeballs all bugs are shallow." I do agree if more right-minded folks look at a piece...
Date: 10/11/2007
Phishing attack can be caused by users inadvertently clicking on malicious links in emails or web...
Date: 10/10/2007
I have just published a Technet article. This is geared for administrators and developers as an...
Date: 10/10/2007
Microsoft will open up source code of .Net Framework to the public. It allows outsiders to review...
Date: 10/04/2007
Working for Microsoft means that I become de facto technical support for my friends and family. That...
Date: 09/26/2007
HTTP Response Splitting was discovered several years ago. It allows attackers to split a HTTP...
Date: 09/23/2007
This is a well hidden trick in Outlook. Not sure why this needs to be hidden. You can open...
Date: 09/23/2007
I have submitted an article proposal to MSDN to write about Silverlight security with my buddy in...
Date: 09/21/2007
I work for ACE team, and want to cross-post from https://blogs.msdn.com/esiu to...
Date: 09/20/2007
I was browsing IE blog articles to get research ideas. I came across IE Developer Toolbar, and...
Date: 09/19/2007
Exchange 2007 RPC interfaces have retired support of various legacy RPC bindings, including...
Date: 05/08/2007
I have read many articles about the benefits of using passphrases in contrast to passwords. For more...
Date: 05/08/2007
Distribution list is used for grouping users together, and emails can be sent to all members...
Date: 04/30/2007
Most folks know that cross-site scripting (XSS) bugs can be used to steal logon cookies, as this...
Date: 02/22/2007
I like the idea behind Extended Validation Cert a lot. It is designed to combat phishing problems....
Date: 02/09/2007
You may wonder why OWA 2007 show cert warnings by default on most browsers. At the back of your...
Date: 02/03/2007
Set-IPBlockListProvider -Name "Spamhaus Example" -Identity sbl-xbl.spamhaus.org -AnyMatch:$true If...
Date: 01/29/2007
Running a service as Local System is bad because it has powerful access to local resources, and...
Date: 07/19/2005
I find some well-written documentation on NTLM/Kerberos and Constrained Delegation in W2k3 to share...
Date: 03/09/2005
The concept of LDAP injection is similar to SQL injection, except that the target is Active...
Date: 03/09/2005
It is inconvenient that I cannot open Date and Time Properties as non-admin. Non-admins should not...
Date: 02/10/2005
After hearing from many that Power Users are still admin, I have converted myself to a regular user....
Date: 01/26/2005
As a security tester, we need to ensure that our product works under minimal privilege. Yes, test...
Date: 01/19/2005
When I right clicked on IE 6 to save a JPG file, Save Picture dialog box only shows BMP as the only...
Date: 12/29/2004
ASP applications are protected, but what happens to non-ASP requests? Currently, there is no...
Date: 11/18/2004
You should check out err.exe available from...
Date: 11/10/2004
Remembering today's date is not my forte. In order to set up an appointment/meeting for tomorrow, I...
Date: 11/10/2004