Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Share my latest security research and techniques
Part 1 of this installment discussed the unsafe nature of MultiByteToWideChar and...
Date: 11/15/2008
There are a few well-known unsafe APIs in the standard C library, such as strcpy and memcpy. ...
Date: 11/06/2008
What are your favorite security blogs or podcasts? Here are mine. Please leave yours in...
Date: 10/23/2008
Out of Band security patch MS08-067 is released today. Microsoft strives to keep our monthly...
Date: 10/23/2008
Technorati Tags: Security Every second Tuesday, MSRC releases security patches for Microsoft...
Date: 10/15/2008
<script>alert()</script>
Date: 03/25/2008
I had a very strange networking issue last weekend. After connecting to corpnet via VPN and direct...
Date: 11/05/2007
As a security guy, I can safely say that there is no magic bullet to mitigate any security problems...
Date: 10/19/2007
If you chuckle at this comic strip, congratulations! You are a security geek. If you don't chuckle,...
Date: 10/11/2007
"Given enough eyeballs all bugs are shallow." I do agree if more right-minded folks look at a piece...
Date: 10/11/2007
Phishing attack can be caused by users inadvertently clicking on malicious links in emails or web...
Date: 10/10/2007
I have just published a Technet article. This is geared for administrators and developers as an...
Date: 10/10/2007
Microsoft will open up source code of .Net Framework to the public. It allows outsiders to review...
Date: 10/04/2007
Working for Microsoft means that I become de facto technical support for my friends and family. That...
Date: 09/26/2007
HTTP Response Splitting was discovered several years ago. It allows attackers to split a HTTP...
Date: 09/23/2007
This is a well hidden trick in Outlook. Not sure why this needs to be hidden. You can open...
Date: 09/23/2007
I have submitted an article proposal to MSDN to write about Silverlight security with my buddy in...
Date: 09/21/2007
I work for ACE team, and want to cross-post from https://blogs.msdn.com/esiu to...
Date: 09/20/2007
I was browsing IE blog articles to get research ideas. I came across IE Developer Toolbar, and...
Date: 09/19/2007
Exchange 2007 RPC interfaces have retired support of various legacy RPC bindings, including...
Date: 05/08/2007
I have read many articles about the benefits of using passphrases in contrast to passwords. For more...
Date: 05/08/2007
Distribution list is used for grouping users together, and emails can be sent to all members...
Date: 04/30/2007
Most folks know that cross-site scripting (XSS) bugs can be used to steal logon cookies, as this...
Date: 02/22/2007
I like the idea behind Extended Validation Cert a lot. It is designed to combat phishing problems....
Date: 02/09/2007
You may wonder why OWA 2007 show cert warnings by default on most browsers. At the back of your...
Date: 02/03/2007
Set-IPBlockListProvider -Name "Spamhaus Example" -Identity sbl-xbl.spamhaus.org -AnyMatch:$true If...
Date: 01/29/2007
Running a service as Local System is bad because it has powerful access to local resources, and...
Date: 07/19/2005
I find some well-written documentation on NTLM/Kerberos and Constrained Delegation in W2k3 to share...
Date: 03/09/2005
The concept of LDAP injection is similar to SQL injection, except that the target is Active...
Date: 03/09/2005
It is inconvenient that I cannot open Date and Time Properties as non-admin. Non-admins should not...
Date: 02/10/2005
After hearing from many that Power Users are still admin, I have converted myself to a regular user....
Date: 01/26/2005
As a security tester, we need to ensure that our product works under minimal privilege. Yes, test...
Date: 01/19/2005
When I right clicked on IE 6 to save a JPG file, Save Picture dialog box only shows BMP as the only...
Date: 12/29/2004
ASP applications are protected, but what happens to non-ASP requests? Currently, there is no...
Date: 11/18/2004
You should check out err.exe available from...
Date: 11/10/2004
Remembering today's date is not my forte. In order to set up an appointment/meeting for tomorrow, I...
Date: 11/10/2004