(In)Security of MultiByteToWideChar and WideCharToMultiByte (Part 2)

Part 1 of this installment discussed the unsafe nature of MultiByteToWideChar and WideCharToMultiByte.  They do not guarantee terminating strings properly.  In this installment, I want to focus on the count parameters.  There are three count parameters that warrant your attention in order to use these two functions properly. Since these two functions deal with conversion,…

1

(In)Security of MultiByteToWideChar and WideCharToMultiByte (Part 1)

There are a few well-known unsafe APIs in the standard C library, such as strcpy and memcpy.  These routines are unsafe as buffer and destination buffer size are not taken into consideration.  Buffer overflows may take place because destination buffer is not large enough to hold incoming data.  Safe version of APIs checks that destination…

1

My favorite security blogs and podcasts

What are your favorite security blogs or podcasts?  Here are mine.  Please leave yours in the comment section. Podcasts Security Now (http://www.grc.com/securitynow.htm) CNet Security Bites (http://securitybites.cnet.com) Blogs Schneier on Security http://feeds.feedburner.com/schneier/fulltext Security Vulnerability Research & Defense http://blogs.technet.com/swi/rss.xml The Microsoft Security Response Center (MSRC) http://blogs.technet.com/msrc/rss.xml Dark Reading http://www.darkreading.com/ The Security Development Lifecycle http://blogs.msdn.com/sdl/rss.xml Microsoft Hackers blog…

1

“Out of Band” security patch MS08-067

Out of Band security patch MS08-067 is released today.  Microsoft strives to keep our monthly patch Tuesday release cycle so that enterprise administrators can plan ahead for their testing and deployment.  When out of band is released, it must be very urgent due to serious ramifications or presence of known exploits in the wild.  You…

1

What is unique about patch Tuesday of October 2008?

Technorati Tags: Security Every second Tuesday, MSRC releases security patches for Microsoft products that have fixed vulnerabilities.  The best is to have no patches for patch Tuesdays, and many administrators can take a break from installing patches across their server farms and enterprise desktops.  It will be a long road ahead before Microsoft can get…

0