New Microsoft Security Intelligence Report Available

The latest Security Intelligence Report is now available. To quote the Web page: The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Each individual report focuses on data and trends observed in either the first or…

1

Dev Tip: Opening Commonly-Accessed Files

When I’m writing code, there’s one file I need to access constantly – WinError.h, the file that lists all the Windows errors constants. SSSSoooo… I had to find a way to get to the file which is buried somewhere in the C:\Program Files\blah blah\Visual Studio blah blah\VC\something\include\lots-of files-starting-with-‘W’-and-ending-in-‘h’ folder, often and quickly. What I did was…

14

News Items that Interested me this Week

Each week (ok, mostly every week!) I’ll post news items that interested me… Security analysis of Checkpoint firewallOf interest is the way around RedHat’s ExecShield buffer overflow defense.http://www.pentest.es/checkpoint_hack.pdf Abusing chrootThis quote caught my attention: “If you have the ability to use chroot() you are root. If you are root you can walk happily out of…

5

Lessons Learned from Five Years of Building More Secure Software

The annual Security issue of MSDN Magazine is now available. This year I wrote a piece about some of the lessons we’ve learned about building more secure software. I think this is the first article I have written in a long time that has no code samples! Also in this month’s issue are a couple…

1

Update on the Threat Modeling Process

At Microsoft, we have been using various forms of threat modeling for years now, and we’re always learning new ways to improve the process. By “improve” I mean make the process faster, a more efficient use of time and easier to understand. Heading this effort is Adam Shostack, and over the last few weeks he…

1

Bluehat Audio Available

http://download.microsoft.com/download/3/2/0/3205AD8C-A0AA-40F0-8998-256B7583D400/DanKaminsky.wma http://download.microsoft.com/download/3/2/0/3205AD8C-A0AA-40F0-8998-256B7583D400/HalvarFlake.wma http://download.microsoft.com/download/3/2/0/3205AD8C-A0AA-40F0-8998-256B7583D400/JeffForristal.wma http://download.microsoft.com/download/3/2/0/3205AD8C-A0AA-40F0-8998-256B7583D400/LureneGrenier.wma http://download.microsoft.com/download/3/2/0/3205AD8C-A0AA-40F0-8998-256B7583D400/MarkRussinovich.wma http://download.microsoft.com/download/3/2/0/3205AD8C-A0AA-40F0-8998-256B7583D400/MattMiller.wma http://download.microsoft.com/download/3/2/0/3205AD8C-A0AA-40F0-8998-256B7583D400/OllieWhitehouse.wma http://download.microsoft.com/download/3/2/0/3205AD8C-A0AA-40F0-8998-256B7583D400/PedramAmini.wma http://download.microsoft.com/download/3/2/0/3205AD8C-A0AA-40F0-8998-256B7583D400/PetrMatoucek.wma http://download.microsoft.com/download/3/2/0/3205AD8C-A0AA-40F0-8998-256B7583D400/RobertoPreatoni.wma http://download.microsoft.com/download/3/2/0/3205AD8C-A0AA-40F0-8998-256B7583D400/ShaneMacauley.wma   Enjoy…

2