June 2007 - Posts
Well, today is my last day in Redmond. It's pretty sad, but I'm really looking forward to being in Austin. It's been a long stretch selling the house, buying a house, dealing with builders (if you're considering building, let me know, and I'll give you
Read More...
I just posted the root cause analysis for the DNS RPC buffer overrun over on the SDL blog.
Read More...
Some months back I was interviewed by howsoftwareisbuilt.com, we talked about everything you could imagine that relates to security. After reading it, it looks like they minimal editing too. I like that. http://howsoftwareisbuilt.com/2007/06/24/michael-howard-microsoft-interview
Read More...
Over the last few weeks I've been experimenting with the Visual Studio 2005 macro and extensibility framework to build security-related tools. I'm a big believer in "learning by doing" so I thought I would create a macro to help me do some code reviews.
Read More...
Dave Ladd has just made a post over on the SDL blog about some SDL training we gave for partners at the Microsoft Security Response and Safety Summit. It's an interesting read, but more importantly, I have no doubt we'll be doing more of this as start
Read More...
It's official. I'm old. I have no freakin' clue what my kids are talking about. They love Pokemon, and they spend ages together (which is cool) talking about this stuff. My son can recite the relationship between each and every Pokeman; what they do,
Read More...
My wife's got a pretty spec'd out box at home with a 30inch widescreen LCD flat panel and a Microsoft Bluetooth keyboard and mouse . She loves it. But every now and then the keyboard simply stops working. To make matters worse, I can't find my wired keyboard.
Read More...
Yesterday, based on some negative feedback, I made a post stating I would keep my blog a tech blog rather than adding anything personal. Oh-my-God did the floodgates open! Basically, I got twenty times more email and comments saying, "No, post the personal
Read More...
Yesterday, I decided to add a more personal angle to my blog by posting about my kids. Well, I got a ton of email saying, "keep it technical." OK! I listened. It's tech from now on :)
Read More...
While working on " Writing Secure Code for Windows Vista " I spent a good deal of time spelunking the new crypto stuff, CNG . One of the APIs is BCryptResolveProviders , and the last argument is pretty complex: If you pass NULL, it fails and tells you
Read More...
A few weeks ago someone in my group suggested I blog about more than security. I asked, "Why?" He said, "So people will realize you're not a droid!" So here is my first post that has nothing to do with security, it's about parenting. More to the point,
Read More...
Jeff has a post about the recent CRN and Ars Technica articles comparing XPSP2 and Vista security. One thing I love about Jeff is he's blunt. Damned blunt.
Read More...
Hi from Orlando I'm presenting at TechEd this week - I have two sessions, one is a "chalktalk" tomorrow (Monday 4th) from 10:30 - 11:45 entitled "Everything-Developer-Security." I have no agenda! I'll do what I did last year: open notepad, enter a few
Read More...
