2005!

One of my goals for this year has been to post regular blogs. The problem I keep running into is thinking up topics to post that are not an insult to your intelligence - e.g. describing stuff that is already mentioned in MSDN, and that, if you have taken the trouble to browse to https://weblogs.asp.net, you probably know already.

Sure, I could describe what I do at work, but people are unlikely to be impressed by (or interested in) regular stuff and the non-regular stuff could get me into trouble if shared. For example, we in the developer division recently did a security review where we went over the product looking for potential & real security issues. (BTW, I don't think I am divulging any trade secrets if I mention that a lot of our security training comes from Writing Secure Code , also consider this a shameless plug, since the author is a MS guy and hangs out in my building's cafeteria to boot.)

This review was in my opinion a lot more in-depth than we have done earlier (I guess we are more experienced now, practice improves form), and we came up with some interesting attack surfaces that we hadn't thought of earlier. This might seem like a teaser but I cannot blog the techniques we used since that might facilitate hackers, though I would suspect at least some of the hackers out there (the l337 u83rh4x0rz)*  know at least some of these techniques and have indeed tried them against our software. Ergo, no real bloggable content over several weeks of work.

Be that as it may, I really enjoy having people ask questions via the blog email link, and I try to answer them the best I can. If you have any discussion topic, feel welcome to suggest it. In the meantime if I cannot think of anything significant, I will try to keep in touch with little tidbits.

Have a great 2005!

* means elite uber-hackers