Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

Nice weather!

Well, we are finally starting to see some nice weather in Seattle! I don't know if there is a better place to be on a sunny day! Read More...
Posted Wednesday, May 09, 2007 10:26 AM by rsamona | 0 Comments

Microsoft Threat Analysis & Modeling v2.0

BETA2 of Microsoft Threat Analysis & Modeling v2.0 (formerly codenamed “ACE Torpedo”) is now available for download here . Check out this blog for more info: http://blogs.msdn.com/threatmodeling/ For those of you that haven't downloaded it yet, you Read More...
Posted Monday, March 13, 2006 9:16 PM by rsamona | 0 Comments

Spot the Bug - March 13, 2006

It seems like more and more developers are making security mistakes when dealing with sockets. See if you can Spot the Bug. void Socket_Setup(void) { WORD wVersionRequested; WSADATA wsaData; wVersionRequested = MAKEWORD( 2, 2 ); ::WSAStartup(wVersionRequested, Read More...
Posted Monday, March 13, 2006 9:00 PM by rsamona | 25 Comments
Filed under:

Spot the Bug - Feb 2, 2006

Great discussion on the last bug. For those of you that took a look at it, it dealt with insecure use of cryptography resulting in exposure to dictionary attacks. Here's a new one: class CDatabase { private: HANDLE m_hwndMutex; public: void InitDBConnection(void); Read More...
Posted Thursday, February 02, 2006 4:19 PM by rsamona | 6 Comments
Filed under:

Spot the Bug - Jan 5, 2006

Wow, we had great feedback on the last bug. Someone emailed me and said that the biggest bug was the blue font on the black background. :) Here is another fun bug - Courtesy of Neelay Shah, Consultant, Foundstone class CUserManager { public: void CreateLogin(String Read More...
Posted Thursday, January 05, 2006 7:26 PM by rsamona | 23 Comments
Filed under:

1 inch of snow equals 100% panic!

For those of you that don't know, Seattle doesn't typically get snow. Sure, it snows in the mountains and keeps us snowboarders and skiers happy, but the city is fairly mild. It actually snowed today in Seattle, Redmond, and surrounding cities, and people Read More...
Posted Friday, December 02, 2005 5:15 AM by rsamona | 18 Comments
Filed under:

Spot the Bug - November 28, 2005

Some people commented that the last bug was too easy, and it was, but buffer overruns are still common enough that I wanted to send the point home. This one is a bit more challenging. Courtesy of Neelay Shah, Consultant, Foundstone void Socket_Setup( Read More...
Posted Monday, November 28, 2005 6:34 PM by rsamona | 17 Comments
Filed under:

Spot the Bug - October 24, 2005

It has been a while since the last bug was up. We certainly had some great discussion around it. I will try to get more bugs up on the site on a regular basis to keep everyone on their toes at all times :-) Courtesy of Neelay Shah, Consultant (Foundstone) Read More...
Posted Monday, October 24, 2005 8:34 PM by rsamona | 14 Comments
Filed under:

Spot the Bug - August 31, 2005

It's been a little while since we've had a new bug up. We had some good feedback on the last one. Here is a shorter one: Courtesy of Shanit Gupta, Consultant (Foundstone) try { ElevatePrivilege(); ReadSecretFile(); LowerPrivilege(); } catch(FileException Read More...
Posted Wednesday, August 31, 2005 6:13 PM by rsamona | 15 Comments
Filed under:

Spot the Bug - August 16, 2005

If you haven't taken a look at the solution to the last bug, please do so. There were 4 bugs in that short chink of code -- all of which are found in Visual Studio 2005! One is issued as a compiler warning and the other 3 are found by PREfast. Here is Read More...
Posted Tuesday, August 16, 2005 7:42 PM by rsamona | 9 Comments
Filed under:

Spot the Bug - August 14, 2005

I created this bug a couple of weeks ago for a conference I spoke at to illustrate how so few lines of code could be so buggy. Where's the bug here? char dest[50], src[100]; int x, y; if (x=1) { strcpy(dest,src); dest[50] = '\0'; } return y; Solution: Read More...
Posted Sunday, August 14, 2005 11:02 PM by rsamona | 9 Comments
Filed under:

Spot the Bug - August 4, 2005

I think the last bug stumped a few people. Can you find the security vulnerability in this one? Courtesy of Neelay Shah, Consultant, Foundstone #define STD_HASH_LEN 11 #define MAX_HASH_LEN 31 char * strPassHash = (char*)malloc(sizeof(char)*STD_HASH_LEN); Read More...
Posted Thursday, August 04, 2005 4:41 PM by rsamona | 5 Comments
Filed under:

Spot the Bug - July 27, 2005

Alright all, here is the next bug. This one is courtesy of Mike Howard. __ declspec ( noinline ) void * AllocBlocks(size_t cBlocks) { // allocating no blocks is an error if (cBlocks == 0) return NULL; // Allocate enough memory // Upcast the result to Read More...
Posted Wednesday, July 27, 2005 11:31 PM by rsamona | 2 Comments
Filed under:

Escape Yesterworld - funny!

If you have a few minutes, check this out. It is hilarious!!! www.escapeYESTERWORLD.com Read More...
Posted Tuesday, July 26, 2005 4:38 PM by rsamona | 1 Comments
Filed under:

Spot the Bug - July 23, 2005

The first bug was just a warm-up and people were asking for a more difficult bug. What's wrong with this chunk of code, and better yet, how do you fix it? Courtesy of Shanit Gupta, Consultant, Foundstone private HttpCookie SessionIdentifier () { HttpCookie Read More...
Posted Saturday, July 23, 2005 12:37 PM by rsamona | 11 Comments
Filed under:
More Posts Next page »
 
Page view tracker