Free Download: Writing Secure Code for Windows Vista

“For 25 years, Microsoft Press books have focused on helping you take your skills and knowledge to the next level. Celebrate our 25th Anniversary with a “Free E-Book of the Month” offer! Simply sign up for the Microsoft Press Book Connection Newsletter for notification of offers, register, and download the selection of the month.”…


Volume 5 of the Microsoft Security Intelligence Report is out

Volume 5 of the Microsoft Security Intelligence Report is now out, highlights include: Security vulnerability disclosures – Microsoft and third-party software Vulnerability Exploits – Microsoft software Browser-based exploits – Microsoft and third-party software Security and privacy breaches Malicious and potentially unwanted software trends Volume 5 of the SIR also includes a detailed examination of the…


How Very True


FAQ about HeapSetInformation in Windows Vista and Heap Based Buffer Overruns

2/19 – Added some Minor Tweaks Perhaps it’s the phase of the moon or something, but over the last few weeks I have received more email about correctly using the HeapSetInformation function than any other topic. I really don’t know why! This was added last year as an SDL requirement. So here’s a quick FAQ:…


New NX APIs added to Windows Vista SP1, Windows XP SP3 and Windows Server 2008

In the interests of helping secure the platform, we want more people to opt-in to using Data Execution Prevention (aka DEP aka NX), and we have lowered the barrier to entry for application developers in Windows Vista SP1, Windows XP SP3 and Windows Server 2008. We’ve added some new APIs that allow a developer to…


VBootkit vs. Bitlocker in TPM mode

One of the guys in our group, Robert Hensing has an interesting post about VBootkit and whether BitLocker in TPM offers any defense. Short answer: yes, it does. Slightly longer answer: The BitLocker guys anticiated this attack and the really long answer is in his post. Chalk up another one for Vista 🙂


Update on DropMyRights

It’s been a long time since I looked at DropMyRights, a little tool I wrote forever ago to lower a user’s privilege level on versions of WIndows prior to Windows Vista. Michael Horowitz has just posted a couple of blog posts about DMR stating that everyone on Windows XP should use the tool. The articles…


Inspect Your Gadget

Dave Ross and I recently wrote an article on the in’s & out’s of writing secure gadgets for Windows Vista. Because gadgets are considered full-trust applications, you must understand some gadget security basics.


Windows Vista Integrity Paper

Howdy from a little coffee shop (no, not Starbucks) at the entrance to our subdivison in Austin! I can’t wait to get broadband up and running at the house! Peter Brundrett, the PM behind the integrity levels work in Windows Vista has written a very detailed whitepaper on the subject,