October 2007 - Posts
The latest Security Intelligence Report is now available. To quote the Web page: The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits,
Read More...
When I'm writing code, there's one file I need to access constantly - WinError.h, the file that lists all the Windows errors constants. SSSSoooo... I had to find a way to get to the file which is buried somewhere in the C:\Program Files\blah blah\Visual
Read More...
Each week (ok, mostly every week!) I'll post news items that interested me... Security analysis of Checkpoint firewall Of interest is the way around RedHat's ExecShield buffer overflow defense. http://www.pentest.es/checkpoint_hack.pdf Abusing chroot
Read More...
The annual Security issue of MSDN Magazine is now available. This year I wrote a piece about some of the lessons we've learned about building more secure software. I think this is the first article I have written in a long time that has no code samples!
Read More...
At Microsoft, we have been using various forms of threat modeling for years now, and we're always learning new ways to improve the process. By "improve" I mean make the process faster, a more efficient use of time and easier to understand. Heading this
Read More...
http://download.microsoft.com/download/3/2/0/3205AD8C-A0AA-40F0-8998-256B7583D400/DanKaminsky.wma http://download.microsoft.com/download/3/2/0/3205AD8C-A0AA-40F0-8998-256B7583D400/HalvarFlake.wma http://download.microsoft.com/download/3/2/0/3205AD8C-A0AA-40F0-8998-256B7583D400/JeffForristal.wma
Read More...