March 2007 - Posts
Like a good Microsoft security citizen I installed BitLocker on my Infineon TPM-enabled laptop ages ago, well before we shipped the OS in late 2006. The nice thing is that I don't even know BitLocker is ‘doing its thing’ as there is no performance degradation
Read More...
From Symantec: With the advent of Vista and the continued use of the Security Development Lifecycle, it is likely that Microsoft-authored code will become more difficult to exploit. As a result, attackers may turn their focus to common third-party applications
Read More...
Wow, the folks from Symantec claim "Microsoft is doing better overall than its leading commercial competitors [in security]" http://www.internetnews.com/security/article.php/3667201
Read More...
Jeff Jones just posted a blog looking at vulnerability counts in various operating systems after 90 days of product release. It's an interesting read.
Read More...
David is one of the most insightful security guys I know. Wicked smart, and damned opinionated, but who isn't? http://blogs.msdn.com/david_leblanc/
Read More...
A few weeks back I wrote how my 5 year old son, Blake, decided to hack into our computer. Well, it gets better. Blake is reading pretty well now, and can write too. But he still comes across words he needs to sound out phonetically. Yesterday, my wife
Read More...
I love looking at and analyzing security bugs, but I also enjoy observing how people react to knowledge of security bugs. Over the last few weeks, I’ve seen a number of interesting articles about Windows Vista security that made me smile. So I thought
Read More...
Before I get started, I want to point out this is my opinion, not necessarily anyone else’s viewpoint. Now that we have shipped Windows Vista and researchers are starting to prod and probe for security bugs, I want to spend a couple of minutes to explain
Read More...
Chris Corio and Jonathan Schwartz did an hour-long deep dive into the UAC architecture, goals and issues over on Channel9. I've known Jon for more years than I care to remember, and he is one of the smartest guys I know, but don't tell him I said that!
Read More...
We have just published the list of SDL-banned APIs, and their replacements. http://msdn2.microsoft.com/en-us/library/bb288454.aspx
Read More...
Even though we (kinda) promised our wives we wouldn’t do it, David LeBlanc and I have just wrapped up another book, Writing Secure Code for Windows Vista . (ISBN: 9780735623934, ISBN-10: 0-7356-2393-7.) It should be available around mid-April 2007. It’s
Read More...