Windows XP Service Pack 2: The Inside Story

An excellent article on how Windows XP SP2 was designed and built. A great many of us spent over a year on this puppy!


Shell Extension for DropMyRights

A reader (hofi)  was kind enough to create a shell extension for the DropMyRights tool I wrote about in “Browsing the Web and Reading E-mail Safely as an Administrator.” Download HShellExtPack from and use ‘Regsvr32.exe {/U} HShellExtPack.dll’ to (Un)install. Thanks, Hofi.


“How can I Trust Firefox” blog by Torr

Peter Torr has joined our group, working with development teams to help them through the Security Development Lifecycle and Final Security Review processes. He just posted an interesting comment about downloading and running Firefox.


Evils of strncat and strncpy – Answers

Ok, so I took a little longer than expected to post the answers, but here they are. BTW, many people worked them out 🙂 // Example #1 (code prior to this verifies pszSrc is <= 50 chars)#define MAX (50)char *pszDest = malloc(sizeof(pszSrc));strncpy(pszDest,pszSrc,MAX);The code is allocating the size of a pointer, 4-bytes on a 32-bit CPU,…


Windows Server 2003 SP1 Release Candidate Available

In case you hadn’t heard, RC1 is avail for download from eWeek has a short write-up about some of the security changes we have made,,1759,1736680,00.asp


Microsoft Security Education

I probably get asked this question every other day, “is there any security education available from Microsoft for my developers?” and the answer is, of course, yes. Here are my top picks: Course 2806 Microsoft Security Guidance Training for Developers ( Course 2840 Implementing Security for Applications ( Course 2300 Developing Security-Enhanced Web Applications (


SAMBA Users should apply this patch ASAP

If you use SAMBA 3.0.7 or prior (appears, 2.x is not vulnerable) you should read this, here’s a snippet: Vulnerability Note VU#457622 Samba QFILEPATHINFO handling routine contains a remotely exploitable buffer overflow Overview Samba is vulnerable to a buffer overflow that may allow a remote attacker to execute arbitrary code with root privileges. I….