Michael Howard's Web Log
A Simple Software Security Guy at Microsoft!
May 2004 - Posts
Updated info about Threat Modeling tool
28 May 04 02:45 PM
If you are getting a user breakpoint when generating a threat model report or using the threat model preview for a threat model with Visio diagrams and you have Visio installed, it may be because stdole’s primary interop assembly (PIA) wasn’t
Read More...
Threat Modeling tool now available
24 May 04 10:25 PM
Finally, it has been posted - Frank Swiderski's Threat modeling tool is now available for free download on MSDN. From the blurb: The Threat Modeling Tool allows users to create threat model documents for applications. It organizes relevant data points,
Read More...
Why Blaster did not infect Windows Server 2003
23 May 04 04:22 PM
I've been meaning to write about this for some time, but while pondering over my very dead laptop (it won't even get to the “Choose an OS to boot' option”, I remembered. The code which Blaster took advantage of was in the released version
Read More...
The Antivirus Defense-in-Depth Guide Released to Web
21 May 04 04:33 PM
Finally got out of war, and saw this in my inbox... The Microsoft Solutions for Security (MSS) team has released The Antivirus Defense-in-Depth Guide on the Web ( http://go.microsoft.com/fwlink/?LinkId =28734 ) I just had a look at it, and it's a pretty
Read More...
Hackers Hacked by Hackers (!?)
21 May 04 02:19 PM
Here I am, in Windows XPSP2 war again, and there's another debate about how best to binplace some DLLs. So while catching up on some email I saw this funny (as in - “ha ha ha”) story. http://www.theinquirer.net/?article=16050
Read More...
Do you hate security updates?
20 May 04 04:53 PM
I realize the weekend is almost upon us, so I thought I'd share something a little light-hearted. The folks at Microsoft Japan know how to make security bulletins lively and “unboring“. Check this out... www.microsoft.com/japan/security/security_bulletins/ms04-011e.asp
Read More...
Security Management
19 May 04 08:11 AM
I'm really not a security infrastructure guy, I leave that to others, from whom I learn a great deal. One such person is my colleague, Jesper Johansson. He now has his own column on TechNet entitled, “Security Management.” If you manage a
Read More...
Transmeta chips to support 'NX'
18 May 04 09:59 AM
It' 9:55AM and I'm sitting in Windows XP SP2 War; there's a little debate going on which has nothing to do with security, so I thought I'd write this :) As you may be aware Windows XP SP2 will support “No Execute” or “NX”, which
Read More...
IT Security at Microsoft Overview
17 May 04 09:18 AM
Very, very cool doc. From the document “Overview discussion on what the Microsoft Corporate Security group does to prevent malicious or unauthorized use of digital assets at Microsoft. This asset protection takes place through a formal risk management
Read More...
Security Guidance Training for Developers
12 May 04 01:58 PM
Over the last few weeks a bunch of security Microsofties have been talking to customers about some of the lessons we have learned, best practices and so on. We have now made that training available through an eLearning center. There are three courses
Read More...
How to think about Security
12 May 04 07:47 AM
Rewind to Yesterday I remember the early days very well; I’d get an email from someone asking for the best way to do something securely. It would usually be a relatively vague email, like, “how do we protect our network traffic?” or
Read More...
Security in Microsoft Products - a chat with Mike Nash
11 May 04 08:26 PM
Join me on Thursday (May 13, 2004 9:00am Pacific/12:00pm Eastern) in our monthly security chat with Mike Nash, VP of the Security Business and Technology unit, of which I'm a part. The Chat room is at http://communities2.microsoft.com/home/chatroom.aspx?siteid=34000081
Read More...
Administering Windows Servers through one port
11 May 04 12:02 AM
A couple of months ago, I presented at a Financial Services Chief Security Officer’s forum here in Redmond about threat modeling and secure design. One question, totally unrelated to secure design, but still a great question, was how an admin can
Read More...
The Spread of the Witty Worm
10 May 04 12:05 PM
Thanks to Joel Scambray (coauthor of the Hacking Exposed series of books) for bringing this to my attention. Not many people paid much attention to this worm, because it affected a non-Microsoft product, but the analysis is interesting nevertheless. What
Read More...
Sasser Arrest
08 May 04 04:56 PM
Just in case you haven't seen this, there's been an arrest in Germany of an 18yr old accused of creating the Sasser worm. Read an article by Rob Lemos of C|Net here .
Read More...
An Update on the Windows Server 2003 Vulnerability Count
04 May 04 11:08 PM
A few weeks back, I posted an article about some of the progress we had made after 292d of the release of Windows 2000 and Windows Server 2003. One criticism I have heard of these figures is that we measured security bulletins differently in Windows 2000
Read More...
Why 'Sasser' does not affect Win2003
02 May 04 09:41 PM
As you may be aware, a new worm has emerged named, 'Sasser', and Windows Server 2003 is not infected. Why? Because the RPC interface, which is accessible to anyone (ie; anonymous) on Windows XP and Win2000, was changed in Win2003 so that it requires a
Read More...
Go
This Blog
Home
Links
Email
Tags
General
Personal
Privacy
Rant
Security
Vista
Archives
April 2008 (5)
March 2008 (5)
February 2008 (4)
January 2008 (9)
December 2007 (4)
November 2007 (4)
October 2007 (6)
September 2007 (1)
August 2007 (2)
July 2007 (4)
June 2007 (13)
May 2007 (6)
April 2007 (8)
March 2007 (11)
February 2007 (4)
January 2007 (8)
December 2006 (4)
November 2006 (14)
October 2006 (5)
September 2006 (6)
August 2006 (6)
July 2006 (2)
June 2006 (7)
May 2006 (8)
April 2006 (2)
March 2006 (5)
February 2006 (6)
January 2006 (10)
December 2005 (2)
November 2005 (2)
October 2005 (1)
September 2005 (4)
August 2005 (5)
July 2005 (5)
June 2005 (3)
May 2005 (9)
April 2005 (8)
March 2005 (5)
February 2005 (9)
January 2005 (7)
December 2004 (7)
November 2004 (9)
October 2004 (11)
August 2004 (13)
July 2004 (4)
June 2004 (12)
May 2004 (17)
April 2004 (2)
March 2004 (2)
February 2004 (3)
January 2004 (2)
Syndication
RSS 2.0
Atom 1.0