Windows XP Service Pack 2: The Inside Story

An excellent article on how Windows XP SP2 was designed and built. A great many of us spent over a year on this puppy!


Shell Extension for DropMyRights

A reader (hofi)  was kind enough to create a shell extension for the DropMyRights tool I wrote about in “Browsing the Web and Reading E-mail Safely as an Administrator.” Download HShellExtPack from and use ‘Regsvr32.exe {/U} HShellExtPack.dll’ to (Un)install. Thanks, Hofi.


“How can I Trust Firefox” blog by Torr

Peter Torr has joined our group, working with development teams to help them through the Security Development Lifecycle and Final Security Review processes. He just posted an interesting comment about downloading and running Firefox.


Evils of strncat and strncpy – Answers

Ok, so I took a little longer than expected to post the answers, but here they are. BTW, many people worked them out 🙂 // Example #1 (code prior to this verifies pszSrc is <= 50 chars)#define MAX (50)char *pszDest = malloc(sizeof(pszSrc));strncpy(pszDest,pszSrc,MAX);The code is allocating the size of a pointer, 4-bytes on a 32-bit CPU,…


Windows Server 2003 SP1 Release Candidate Available

In case you hadn’t heard, RC1 is avail for download from eWeek has a short write-up about some of the security changes we have made,,1759,1736680,00.asp