May 2004 - Posts
If you are getting a user breakpoint when generating a threat model report or using the threat model preview for a threat model with Visio diagrams and you have Visio installed, it may be because stdole’s primary interop assembly (PIA) wasn’t
Read More...
Finally, it has been posted - Frank Swiderski's Threat modeling tool is now available for free download on MSDN. From the blurb: The Threat Modeling Tool allows users to create threat model documents for applications. It organizes relevant data points,
Read More...
I've been meaning to write about this for some time, but while pondering over my very dead laptop (it won't even get to the “Choose an OS to boot' option”, I remembered. The code which Blaster took advantage of was in the released version
Read More...
Finally got out of war, and saw this in my inbox... The Microsoft Solutions for Security (MSS) team has released The Antivirus Defense-in-Depth Guide on the Web ( http://go.microsoft.com/fwlink/?LinkId =28734 ) I just had a look at it, and it's a pretty
Read More...
Here I am, in Windows XPSP2 war again, and there's another debate about how best to binplace some DLLs. So while catching up on some email I saw this funny (as in - “ha ha ha”) story. http://www.theinquirer.net/?article=16050
Read More...
I realize the weekend is almost upon us, so I thought I'd share something a little light-hearted. The folks at Microsoft Japan know how to make security bulletins lively and “unboring“. Check this out... www.microsoft.com/japan/security/security_bulletins/ms04-011e.asp
Read More...
I'm really not a security infrastructure guy, I leave that to others, from whom I learn a great deal. One such person is my colleague, Jesper Johansson. He now has his own column on TechNet entitled, “Security Management.” If you manage a
Read More...
It' 9:55AM and I'm sitting in Windows XP SP2 War; there's a little debate going on which has nothing to do with security, so I thought I'd write this :) As you may be aware Windows XP SP2 will support “No Execute” or “NX”, which
Read More...
Very, very cool doc. From the document “Overview discussion on what the Microsoft Corporate Security group does to prevent malicious or unauthorized use of digital assets at Microsoft. This asset protection takes place through a formal risk management
Read More...
Over the last few weeks a bunch of security Microsofties have been talking to customers about some of the lessons we have learned, best practices and so on. We have now made that training available through an eLearning center. There are three courses
Read More...
Rewind to Yesterday I remember the early days very well; I’d get an email from someone asking for the best way to do something securely. It would usually be a relatively vague email, like, “how do we protect our network traffic?” or
Read More...
Join me on Thursday (May 13, 2004 9:00am Pacific/12:00pm Eastern) in our monthly security chat with Mike Nash, VP of the Security Business and Technology unit, of which I'm a part. The Chat room is at http://communities2.microsoft.com/home/chatroom.aspx?siteid=34000081
Read More...
A couple of months ago, I presented at a Financial Services Chief Security Officer’s forum here in Redmond about threat modeling and secure design. One question, totally unrelated to secure design, but still a great question, was how an admin can
Read More...
Thanks to Joel Scambray (coauthor of the Hacking Exposed series of books) for bringing this to my attention. Not many people paid much attention to this worm, because it affected a non-Microsoft product, but the analysis is interesting nevertheless. What
Read More...
Just in case you haven't seen this, there's been an arrest in Germany of an 18yr old accused of creating the Sasser worm. Read an article by Rob Lemos of C|Net here .
Read More...
A few weeks back, I posted an article about some of the progress we had made after 292d of the release of Windows 2000 and Windows Server 2003. One criticism I have heard of these figures is that we measured security bulletins differently in Windows 2000
Read More...
As you may be aware, a new worm has emerged named, 'Sasser', and Windows Server 2003 is not infected. Why? Because the RPC interface, which is accessible to anyone (ie; anonymous) on Windows XP and Win2000, was changed in Win2003 so that it requires a
Read More...
