April 2007 - Posts
A good friend of mine bought a new Sony Vaio with Windows Vista preinstalled. But there was a problem: every minute or so, the computer would enter sleep mode. So he emailed me to ask if I knew of any issues (of course, I'm the local tech support!) I
Read More...
I just posted an analysis over on the SDL blog of the lessons we learned from the recent animated curser (ANI) bug.
Read More...
We have started a new blog, the SDL blog - we have an interesting array of folks working on the blog, all of them are deeply involved with SDL here at Microsoft, as we want to open up the inner workings a little more. Enjoy.
Read More...
I've recieved a number of emails from folks saying they have got their copies of our latest book, Writing Secure Code for Windows Vista . David and I got our copies yesterday. The first things that hit me about the book are (a) it's the smallest book
Read More...
At the end of June my family and I are moving to Austin, Texas. I’ll still be doing a lot of the same stuff I’m doing now, but from Austin rather than Redmond. I’ll really miss Redmond, but Austin offers an excellent opportunity; I’ll spend almost 100%
Read More...
From the Helping to Secure the Ecosystem Dept. Here’s some good news for people using CodeGear’s Delphi . The new Delphi 2007 release, available now, supports NX and ASLR . The CodeGear Delphi 2007 compiler supports ASLR via any of these three techniques:
Read More...
Feliciano Intini (a senior security guy in Microsoft Italy) has posted an excellent analysis of the MS07-017 bulletin released today. Essentially, it's a roll up of graphic-related fixes. Of the seven discrete fixes: All seven affected Windows 2000. Six
Read More...
As y’all know, the Visual C++ /GS compiler flag adds prolog and epilog code to certain functions to help detect some classes of stack based buffer overruns at runtime. In VC++ 2005, the code looks like this: Function prolog sub esp, 8 mov eax, DWORD PTR
Read More...