Michael Howard's Web Log
A Simple Software Security Guy at Microsoft!
Browse by Tags
All Tags
»
Rant
»
Security
(RSS)
Privacy
Vista
Kim Cameron on GOOGs single sign on design vulnerability
15 September 08 06:25 AM
I spoke with Kim Cameron a few days ago about Google's single sign-on (SSO) design bug . I wanted his take on the bug because he's one of the best in the area of identity, single sign-on etc etc... his response can only be described as scathing.
Read More...
The First Step on the Road to More Secure Software is admitting you have a Problem
21 February 08 06:31 AM
I just wrote an article over on the SDL blog about my observations from the industry to Jeff Jones' vulnerability analysis and the lack of security progress by our competitors.
Read More...
"Open-source projects certified as secure" – huh?
10 January 08 05:35 PM
I really got a chuckle out of this news item , especially this line: “Coverity, which creates automated source-code analysis tools, announced late Monday its first list of open-source projects that have been certified as free of security defects.” So
Read More...
Common Criteria: Is it Safe?
20 December 07 01:02 PM
My colleague, Eric Bidstrup, has posted a thought provoking commentary about the Common Criteria. I think it's fair to say Eric is simply voicing what a great many people think about the (lack of) value of CC.
Read More...
Recent CRN Article comparing Windows XP SP2 and Windows Vista
03 June 07 06:04 AM
Jeff has a post about the recent CRN and Ars Technica articles comparing XPSP2 and Vista security. One thing I love about Jeff is he's blunt. Damned blunt.
Read More...
Security Education v. Security Training
03 May 07 08:49 PM
David Ladd, a partner in crime, has just made a post on the SDL blog about Security Education. He starts: "There has been a lot of hoopla lately around "secure programming skills" – with not-so-thinly veiled condemnations of academicians and the role
Read More...
My Take on Windows Vista Security “Vulnerabilities”
16 March 07 05:04 PM
I love looking at and analyzing security bugs, but I also enjoy observing how people react to knowledge of security bugs. Over the last few weeks, I’ve seen a number of interesting articles about Windows Vista security that made me smile. So I thought
Read More...
UAC BS
08 February 07 01:30 PM
Howdy once again from RSA. It's raining. So much for sunny California! Jeff and I just gave our talk about Windows Vista Security Engineering. It was a packed room. In fact, when we got to the room we saw a bunch of people milling around outside. We went
Read More...
What is it that makes security hard?
02 February 07 04:20 PM
I’ve been asked this question numerous times, often in the guise of a question like, “why can’t you guys simply fix the security problem?” or “reliability and scalability problems are understood and solvable, why can’t you do the same with security?”
Read More...
A couple of interesting security blog posts
19 January 07 02:09 PM
Jeff has an uncanny ability to dig into details that most folks gloss over: Exposed? : Examining Secunia Unpatched Warnings - Part 3 I have to concur with Kai: People like this just frost me: Security considered a burden for users
Read More...
My Take on Visual Studio 2005 SP1 and Windows Vista
04 January 07 02:51 PM
Over the last couple of days, many people have asked for my take on the fact that Visual Studio 2005 SP1 requires admin privileges to run on Windows Vista, and pops up a dialog saying so when it starts up. So, here’s my take, and I don't work for the
Read More...
NNNNNOOOOooooo......!
23 February 05 09:28 PM
From "Making Windows XP Start Faster" at http://www.pcmag.com/article2/0,1759,1768883,00.asp Two of the services listed under "Stopping Unneeded Startup Services" Automatic Updates: This service enables Windows XP to check the Web automatically for updates.
Read More...
Go
This Blog
Home
Links
Email
Tags
General
Personal
Privacy
Rant
Security
Vista
Archives
October 2008 (1)
September 2008 (7)
August 2008 (5)
July 2008 (3)
June 2008 (1)
May 2008 (1)
April 2008 (5)
March 2008 (5)
February 2008 (4)
January 2008 (9)
December 2007 (4)
November 2007 (4)
October 2007 (6)
September 2007 (1)
August 2007 (2)
July 2007 (4)
June 2007 (13)
May 2007 (6)
April 2007 (8)
March 2007 (11)
February 2007 (4)
January 2007 (8)
December 2006 (4)
November 2006 (14)
October 2006 (5)
September 2006 (6)
August 2006 (6)
July 2006 (2)
June 2006 (7)
May 2006 (8)
April 2006 (2)
March 2006 (5)
February 2006 (6)
January 2006 (10)
December 2005 (2)
November 2005 (2)
October 2005 (1)
September 2005 (4)
August 2005 (5)
July 2005 (5)
June 2005 (3)
May 2005 (9)
April 2005 (8)
March 2005 (5)
February 2005 (9)
January 2005 (7)
December 2004 (7)
November 2004 (9)
October 2004 (11)
August 2004 (13)
July 2004 (4)
June 2004 (12)
May 2004 (17)
April 2004 (2)
March 2004 (2)
February 2004 (3)
January 2004 (2)
Syndication
RSS 2.0
Atom 1.0
