Michael Howard's Web Log
A Simple Software Security Guy at Microsoft!
June 2004 - Posts
Article: "Inside Windows XP Service Pack 2 RC2"
30 June 04 05:51 PM
It doesn't go deep, indeed, it covers nothing below the UI really, but this is a pretty nice article about some of the stuff we've done in Windows XP SP2... http://www.securitypipeline.com/22102982
Read More...
Internet Explorer and "trust prompts" in Windows XPSP2
27 June 04 01:34 PM
Perhaps this one will be a little less controversial than my previous post! When I review threat models, I often target it on the mitigations, making sure they are good, solid and well thought out. One mitigation type that worries me is when a team mitigates
Read More...
Some of the new stuff in Windows XP SP2
27 June 04 12:15 AM
We're on the home stretch for Windows XP SP2! I can't begin to tell you what a relief it is to see it almost done. Anyone, over the next few weeks I want to outline some of the new features in the product. Ok, here's the the first, I call it protecting
Read More...
"Assessing Network Security" is released
24 June 04 11:20 PM
Kevin Lam, David LeBlanc, & Ben Smith have released a new book, “Assessing Network Security” from MSPress. To quote Ben in an email he sent, “The book is primarily aimed at security professionals new to penetration testing and IT
Read More...
"Threat Modeling" is Released
23 June 04 11:45 AM
I finally have in my sweaty little paws a copy of “Threat Modeling” from MSPress, written by Swiderski and Snyder. It's a great read, you'll learn a ton. And at 255pp, you'll read it in one sitting :) In my opinion, it's probably one of the
Read More...
Why Sasser did not infect Windows Server 2003
16 June 04 11:31 PM
The Sasser worm took advantage of a defect in logging code within the Local Security Authority Subsystem (LSASS.) The entry point for this functionality is through an RPC interface, which is open by default for all users to access on Windows 2000 and
Read More...
TCP & UDP Ports Used by Microsoft Apps
16 June 04 11:18 PM
Did you ever want to know which ports are used by the Cluster Service or Exchange? Well, there's a list available entitled, “Network Ports Used by Key Microsoft Server Products” at http://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/ref_net_ports_ms_prod.mspx
Read More...
Windows XP SP2 Release Candidate 2 is out!
15 June 04 01:31 PM
Build 2149 is RC2 http://www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx
Read More...
Debugging an ASP.NET application as a non-admin
15 June 04 11:33 AM
I have to admit, I don't do much ASP.NET work, I mainly write Win32 apps in C++ and C#, but when I do use ASP.NET I invariably have to use the debugger. Mainly because I use the technology so infrequently. So here is the problem - I'm not an admin! When
Read More...
Threat Modeling
14 June 04 11:02 AM
I have been a big supporter of threat modeling since a bunch of us started defining and using the process within Microsoft. It's a very useful way to determine how bad guys will attempt to compromise a piece of software, and define appropriate mitigations.
Read More...
Microsoft Security Bulletin RSS Feed
08 June 04 11:24 AM
From the “Well-waddya-know Dept.” I just found out this morning there's an RSS feed for Microsoft Security bulletins. You learn something every day! Point your reader at http://www.microsoft.com/technet/security/bulletin/secrss.aspx .
Read More...
Updated Writing Secure Code 2nd Ed Errata
02 June 04 03:36 PM
Big thanks to Peter Gutmann and Morten Andersen for their comments.I have highlighted what's new in RED . Errata for Writing Secure Code 2 nd Edition By Michael Howard and David LeBlanc Last Updated 2-Jun-2004 Entire Book Please replace all references
Read More...
Go
This Blog
Home
Links
Email
Tags
General
Personal
Privacy
Rant
Security
Vista
Archives
April 2008 (5)
March 2008 (5)
February 2008 (4)
January 2008 (9)
December 2007 (4)
November 2007 (4)
October 2007 (6)
September 2007 (1)
August 2007 (2)
July 2007 (4)
June 2007 (13)
May 2007 (6)
April 2007 (8)
March 2007 (11)
February 2007 (4)
January 2007 (8)
December 2006 (4)
November 2006 (14)
October 2006 (5)
September 2006 (6)
August 2006 (6)
July 2006 (2)
June 2006 (7)
May 2006 (8)
April 2006 (2)
March 2006 (5)
February 2006 (6)
January 2006 (10)
December 2005 (2)
November 2005 (2)
October 2005 (1)
September 2005 (4)
August 2005 (5)
July 2005 (5)
June 2005 (3)
May 2005 (9)
April 2005 (8)
March 2005 (5)
February 2005 (9)
January 2005 (7)
December 2004 (7)
November 2004 (9)
October 2004 (11)
August 2004 (13)
July 2004 (4)
June 2004 (12)
May 2004 (17)
April 2004 (2)
March 2004 (2)
February 2004 (3)
January 2004 (2)
Syndication
RSS 2.0
Atom 1.0