August 2004 - Posts

More people warming up to Threat Modeling
31 August 04 05:47 PM
A nice article on the subject, focused firmly on infrastructure, written by Pete Lindstrom at Information Security Magazine: http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss446_art927,00.html The two opening para's sum it up nicely: The time Read More...
Postedby michael_HOWARD | 2 Comments    
Filed under:
Random Threat Modeling Thoughts
31 August 04 05:45 PM
I talk to many people about threat modeling. All the time! Invariably, an idea pops into my head about about ways to streamline things, or make them more concrete or usable. Just recently, I scribbled down some notes about threat modeling. I assume you Read More...
Postedby michael_HOWARD | 2 Comments    
Filed under:
IIS Auth Diagnostic tool now available
31 August 04 09:49 AM
Ages ago, I wrote a little DHTML tool to help people determine the appropriate authentication settings to use with different browsers, servers and Web servers. It helped a good many people, but it was simple. Today, the IIS team has released a much more Read More...
Postedby michael_HOWARD | 1 Comments    
Filed under:
Ya Gotta Larf
30 August 04 04:24 PM
http://www.jinx.com/scripts/details.asp?affid=-1&s=1&productID=143 :-) Read More...
Postedby michael_HOWARD | 1 Comments    
Filed under:
Windows XP SP2 Application Compat Guide Available
25 August 04 12:40 PM
"Application Compatibility Testing and Mitigation Guide for Windows XP Service Pack 2" is now available here . From the abstract: Windows® XP Service Pack 2 introduces a number of security features and technologies to help protect against attacks on computers Read More...
Postedby michael_HOWARD | 0 Comments    
Filed under:
Windows XP SP2 and Nikon Software
20 August 04 10:24 AM
Last night I bought a shiny new PC for home; it's based on an AMD Athlon 64 FX, with 2x160Gb SATA RAID-0 drives, 1Gig of RAM and an nVidia GeForce 6800 Ultra. It's pretty quick :) I got the AMD Athlon CPU primarily for the Data Execution Protection support. Read More...
Postedby michael_HOWARD | 4 Comments    
Filed under:
Updated MBSA now available
17 August 04 11:25 AM
Blurb from http://www.microsoft.com/mbsa : New version, MBSA 1.2.1, needed for Windows XP SP2 compatibility: Users of Windows XP Service Pack 2 will need to update their MBSA to version 1.2.1 for compatibility with SP2 security improvements. Windows XP Read More...
Postedby michael_HOWARD | 1 Comments    
Filed under:
Windows XP SP2 Privacy Statements Released
16 August 04 01:01 PM
The Windows Privacy Statement highlights 27 components that have historically been of interest to privacy advocates and customers, and the 6 page IE Privacy Statement highlights some of the new IE features including “Pop up Blocker”, “Untrusted Publishers”, Read More...
Postedby michael_HOWARD | 0 Comments    
Filed under:
Writing Secure Code 2nd Ed Errata
16 August 04 12:57 PM
I'm just gonna give a diff this time Chapter 16, Page 515 The URL for SiteLock is now incorrect – the new link is http://msdn.microsoft.com/archive/default.asp?url=/archive/en-us/samples/internet/components/sitelock . Read More...
Postedby michael_HOWARD | 0 Comments    
Filed under:
A little more info on raw sockets and Windows XP SP2
12 August 04 10:10 AM
There's been a little confusion about raw sockets and Windows XP SP2. Hopefully, this little entry from the "Changes in functionality..." doc (see my last blog entry for an URL to the doc) should explain things a little better: A very small number of Read More...
Postedby michael_HOWARD | 11 Comments    
Filed under:
"Changes in Functionality in Microsoft Windows XP SP2" now available
11 August 04 09:34 AM
I would highly recommend you read this! http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2chngs.mspx Read More...
Postedby michael_HOWARD | 2 Comments    
Filed under:
My Daily list o' Links
04 August 04 08:51 PM
I was asked by a TechEd attendee which web sites often visit. I scan the following every morning, just to see if there's any little tidbits of useful stuff: http://security-protocols.com/ http://www.csoonline.com/ http://www.governmentsecurity.org/ http://johnny.ihackstuff.com/ Read More...
Postedby michael_HOWARD | 5 Comments    
Filed under:
A list of Code Secure columns
02 August 04 06:02 PM
I'm in New Zealand right now, talking at TechEd. A customer asked me where he could find list of all my old “Code Secure” columns on MSDN. I wasn't aware but things have moved around a little on msdn.microsoft.com, making it a little hard Read More...
Postedby michael_HOWARD | 2 Comments    
Filed under:
Page view tracker