Office2003/XP Remove Hidden Data tool Available

I’ve been meaning to write about this for ages. So here goes, better late than never! Many people, quite rightly, are concerned that sensitive or private data can reside in the metadata of documents created by productivity applications, such as Microsoft Office. To alleviate such potential risks, the Office team created a tool called the…


Security Fix CD’s now available

Have your friends/family memebers/pets on dial-up connections take advantage of this freebie offer. Security-fix CDs available for Windows XP, Windows 2000, 98 and ME. Go to


Updated Errata for Writing Secure Code 2nd Edition

Entire Book Please replace all references to Windows® .NET Server with Windows® Server 2003.   Chapter 2, Page 44 There is a small typo:   This effect is called the Hawthorn effect.             Should read:   This effect is called the Hawthorne effect.   Chapter 8, Page 284 The sentence that starts “DES encrypts…


The IE Patch (MS04-004) demystified

Many people have asked what the scoop is on the recent IE update- and why did Microsoft disable passwords over HTTP? First, the change only affects URLs of the type: Now, one thing many people are not aware of, is this format is not a supported URL format, as per the RFC 1738: 3.3….


More Integer Overrun Stuff…

I know I keep harping on about integer arithmetic issues; however, my co-author David LeBlanc, has written a great article about the issue, as well as provided a templated C++ class called SafeInt to make life, well, a little more secure! Enjoy: here.