Integer Overflow and operator::new

As Raymond Chen pointed out last year (, there is a potential integer overflow when calling operator::new. The C++ compiler in Visual Studio 2005 automatically generates defensive code to mitigate this potential vulnerability.   Code like this:   class CFoo { public:       CFoo() {m_p = NULL;} private:       void *m_p; };   void *func(size_t…


"Doing a Dave" : UK Developer Security Site

This is freakin’ hilarious – gotta love the British sense of humo[u]r. Is this the new ‘blackhat’? er, black cat?  


More Attack Surface Reduction in IIS7

As y’all know, the attack surface of IIS6 is low because: It’s not installed by default When you do install it, it serves up static files only All user interaction is handled by a low-privilege process But there is still quite a bit of code installed, for example authentication code, which could have vulnerabilities. So the…


ACLs on Sockets

A friend from Foundstone sent me an email asking how to set ACLs on sockets in Windows. He’d heard that we’d added the capability recently. Yup, it’s true, ACL support for sockets was added to Windows Server 2003 SP1, and is in current builds of Windows Vista too. Here’s how you do it (I could explain it, but…


Security Smposium @ the PDC Wrap-up

Well, the Professional Developer’s Conference in LA is over (ok, I admit it, I’m late, it finished ages ago) and the Security Symposium we held on the last day was a hit with attendees. I don’t know what experiences you’ve had pulling this kind of thing together, but it’s always pretty stressful. You have to…


Address Space Layout Randomization for Windows

A small company named Wehnus run by Matt Miller has put together a comprehensive Windows Based host-based intrusion prevention system (HIPS) system called WehnTrust ( that uses Address Space Layout Randomization (ASLR) among other techniques (see below) to provide added security to Windows. If you’re familiar with grsecurity/PaX on Linux, then you’ll be familiar with…


New Security Features in Visual Studio 2005

It’s all very well having security tools and technologies within Microsoft, but VS.NET 2005 includes a bunch of these tools we use everday built in. And by built-in, I mean BUILT-IN, as-in, in the UI. No silly command-line settings, you just set the appropriate settings and hit ‘Build’ Very cool…


Security Symposium @ the PDC

I’ve been meaning to write about this, but I’ve been a little busy of late. On day 4 of the PDC (this Friday) we’re holding a Security Symposium. The morning is 100% focused on the Security Development Lifecycle (SDL), including threat modeling (I’ll be presenting this material), risk assessement, fuzz testing and much MUCH more. Following the…