Michael Howard's Web Log
A Simple Software Security Guy at Microsoft!
November 2004 - Posts
Microsoft Security Education
23 November 04 10:21 AM
I probably get asked this question every other day, "is there any security education available from Microsoft for my developers?" and the answer is, of course, yes. Here are my top picks: Course 2806 Microsoft Security Guidance Training for Developers
Read More...
New Code Secure Column - "Browsing the Web and Reading E-mail Safely as an Administrator"
18 November 04 03:54 PM
I just posted a new Code Secure article on MSDN about running as an admin, but executing browsers and email clients in lower privilege. http://msdn.microsoft.com/security/securecode/columns/default.aspx?pull=/library/en-us/dncode/html/secure11152004.as
Read More...
SAMBA Users should apply this patch ASAP
18 November 04 03:52 PM
If you use SAMBA 3.0.7 or prior (appears, 2.x is not vulnerable) you should read this http://www.kb.cert.org/vuls/id/457622 , here's a snippet: Vulnerability Note VU#457622 Samba QFILEPATHINFO handling routine contains a remotely exploitable buffer overflow
Read More...
The Election and Signed Integers
08 November 04 12:56 PM
A colleague sent me a link to an interesting article that looks just like an integer overflow issue: http://www.palmbeachpost.com/politics/content/news/epaper/2004/11/05/a29a_BROWVOTE_1105.html Broward machines count backward By Eliot Kleinberg Palm Beach
Read More...
Ya Gotta Larf
05 November 04 12:55 AM
A nasty set of security bug fixes by Mandrake in xorg-x11 had the funniest text I've seen in a security bulletin. Ever! I have highlighted the funny part in red. http://www.linuxsecurity.com/advisories/mandrake_advisory-5081.html Problem Description:
Read More...
Spam senders convicted in first felony case
04 November 04 11:30 AM
Wow, 9 years recommended for spamming! http://www.msnbc.msn.com/id/6401091/
Read More...
A Phishing Attempt in my Inbox
04 November 04 10:57 AM
Normally, most phishing attacks don't get past the spam filters, but this one did, not sure why... anyway here it is, complete with an appropriate level of bad grammar! Oh, and the IP address points to China! Dear Customer: Recently there have been a
Read More...
NSA Posts Mac OS X 10.3.x security guide
02 November 04 02:59 PM
Weighing in at a hefty 3Mb and 109pp, the NSA has posted the "Apple Mac OS Security Configuration Guide." If you use Macs you should read this doc at http://www.nsa.gov/snac/os/applemac/osx_client_final_v.1.pdf This is goodness.
Read More...
The Evils of strncat and strncpy redux
02 November 04 01:54 PM
Following my previous post about the Apache 'fix', I was asked what code examples I had showing lousy instances of strncpy and strncat. <rant> Many developers think that because they are using a counted string copy function the code is safe from
Read More...
Go
This Blog
Home
Links
Email
Tags
General
Personal
Privacy
Rant
Security
Vista
Archives
April 2008 (5)
March 2008 (5)
February 2008 (4)
January 2008 (9)
December 2007 (4)
November 2007 (4)
October 2007 (6)
September 2007 (1)
August 2007 (2)
July 2007 (4)
June 2007 (13)
May 2007 (6)
April 2007 (8)
March 2007 (11)
February 2007 (4)
January 2007 (8)
December 2006 (4)
November 2006 (14)
October 2006 (5)
September 2006 (6)
August 2006 (6)
July 2006 (2)
June 2006 (7)
May 2006 (8)
April 2006 (2)
March 2006 (5)
February 2006 (6)
January 2006 (10)
December 2005 (2)
November 2005 (2)
October 2005 (1)
September 2005 (4)
August 2005 (5)
July 2005 (5)
June 2005 (3)
May 2005 (9)
April 2005 (8)
March 2005 (5)
February 2005 (9)
January 2005 (7)
December 2004 (7)
November 2004 (9)
October 2004 (11)
August 2004 (13)
July 2004 (4)
June 2004 (12)
May 2004 (17)
April 2004 (2)
March 2004 (2)
February 2004 (3)
January 2004 (2)
Syndication
RSS 2.0
Atom 1.0