Michael Howard's Web Log
A Simple Software Security Guy at Microsoft!
Browse by Tags
All Tags
»
Vista
»
Security
(RSS)
Rant
FAQ about HeapSetInformation in Windows Vista and Heap Based Buffer Overruns
18 February 08 05:26 PM
2/19 - Added some Minor Tweaks Perhaps it's the phase of the moon or something, but over the last few weeks I have received more email about correctly using the HeapSetInformation function than any other topic. I really don't know why! This was added
Read More...
New NX APIs added to Windows Vista SP1, Windows XP SP3 and Windows Server 2008
29 January 08 02:11 PM
In the interests of helping secure the platform, we want more people to opt-in to using Data Execution Prevention (aka DEP aka NX), and we have lowered the barrier to entry for application developers in Windows Vista SP1, Windows XP SP3 and Windows Server
Read More...
Windows Vista Crypto Modules now FIPS 140-2 Certified
18 January 08 01:01 PM
The standard crypto providers such as DSSENH and RSAENH are now certified FIPS 140-2 on Windows Vista. http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm has all the info.
Read More...
VBootkit vs. Bitlocker in TPM mode
08 January 08 08:05 PM
One of the guys in our group, Robert Hensing has an interesting post about VBootkit and whether BitLocker in TPM offers any defense. Short answer: yes, it does. Slightly longer answer: The BitLocker guys anticiated this attack and the really long answer
Read More...
Update on DropMyRights
13 August 07 10:06 AM
It's been a long time since I looked at DropMyRights, a little tool I wrote forever ago to lower a user's privilege level on versions of WIndows prior to Windows Vista. Michael Horowitz has just posted a couple of blog posts about DMR stating that everyone
Read More...
Inspect Your Gadget
23 July 07 08:28 PM
Dave Ross and I recently wrote an article on the in's & out's of writing secure gadgets for Windows Vista. Because gadgets are considered full-trust applications, you must understand some gadget security basics.
Read More...
Windows Vista Integrity Paper
11 July 07 02:25 PM
Howdy from a little coffee shop (no, not Starbucks) at the entrance to our subdivison in Austin! I can't wait to get broadband up and running at the house! Peter Brundrett, the PM behind the integrity levels work in Windows Vista has written a very detailed
Read More...
Lessons Learned from MS07-029: The DNS RPC Interface Buffer Overrun
28 June 07 02:20 PM
I just posted the root cause analysis for the DNS RPC buffer overrun over on the SDL blog.
Read More...
The Most Complex SAL annotation
03 June 07 06:49 AM
While working on " Writing Secure Code for Windows Vista " I spent a good deal of time spelunking the new crypto stuff, CNG . One of the APIs is BCryptResolveProviders , and the last argument is pretty complex: If you pass NULL, it fails and tells you
Read More...
Recent CRN Article comparing Windows XP SP2 and Windows Vista
03 June 07 06:04 AM
Jeff has a post about the recent CRN and Ars Technica articles comparing XPSP2 and Vista security. One thing I love about Jeff is he's blunt. Damned blunt.
Read More...
At TechEd this Week
03 June 07 05:46 AM
Hi from Orlando I'm presenting at TechEd this week - I have two sessions, one is a "chalktalk" tomorrow (Monday 4th) from 10:30 - 11:45 entitled "Everything-Developer-Security." I have no agenda! I'll do what I did last year: open notepad, enter a few
Read More...
Half Of Windows Vista Adoption Driven By Security
22 May 07 11:06 PM
I think I earned my paycheck this week :) http://www.informationweek.com/news/showArticle.jhtml?articleID=199701141
Read More...
Windows Vista ISV Security Paper Available
04 May 07 02:31 PM
Matt Thomlinson and I wrote a document explaining how to take advantage of some of the buffer overrun defenses in Windows Vista. The document is now available here . Enjoy :)
Read More...
Writing Secure Code for Windows Vista is Shipping!
19 April 07 11:20 AM
I've recieved a number of emails from folks saying they have got their copies of our latest book, Writing Secure Code for Windows Vista . David and I got our copies yesterday. The first things that hit me about the book are (a) it's the smallest book
Read More...
CodeGear’s new Delphi 2007 supports ASLR and NX
04 April 07 03:45 PM
From the Helping to Secure the Ecosystem Dept. Here’s some good news for people using CodeGear’s Delphi . The new Delphi 2007 release, available now, supports NX and ASLR . The CodeGear Delphi 2007 compiler supports ASLR via any of these three techniques:
Read More...
More Posts
Next page »
Go
This Blog
Home
Links
Email
Tags
General
Personal
Privacy
Rant
Security
Vista
Archives
July 2008 (1)
June 2008 (1)
May 2008 (1)
April 2008 (5)
March 2008 (5)
February 2008 (4)
January 2008 (9)
December 2007 (4)
November 2007 (4)
October 2007 (6)
September 2007 (1)
August 2007 (2)
July 2007 (4)
June 2007 (13)
May 2007 (6)
April 2007 (8)
March 2007 (11)
February 2007 (4)
January 2007 (8)
December 2006 (4)
November 2006 (14)
October 2006 (5)
September 2006 (6)
August 2006 (6)
July 2006 (2)
June 2006 (7)
May 2006 (8)
April 2006 (2)
March 2006 (5)
February 2006 (6)
January 2006 (10)
December 2005 (2)
November 2005 (2)
October 2005 (1)
September 2005 (4)
August 2005 (5)
July 2005 (5)
June 2005 (3)
May 2005 (9)
April 2005 (8)
March 2005 (5)
February 2005 (9)
January 2005 (7)
December 2004 (7)
November 2004 (9)
October 2004 (11)
August 2004 (13)
July 2004 (4)
June 2004 (12)
May 2004 (17)
April 2004 (2)
March 2004 (2)
February 2004 (3)
January 2004 (2)
Syndication
RSS 2.0
Atom 1.0
