“Section 419” scammers arrested in Netherlands; Danish flag flies proudly

Dutch police have arrested 52 people suspected of defrauding gullible Internet users in one of the largest busts of the infamous “Nigerian e-mail” scam. Hooray for the Dutch police. Their next target: Web sites that illustrate a Dutch article with the Danish flag. (I must sheepishly admit that I too mistakenly identified the home of…

9

The format of string resources

Unlike the other resource formats, where the resource identifier is the same as the value listed in the *.rc file, string resources are packaged in “bundles”. There is a rather terse description of this in Knowledge Base article Q196774. Today we’re going to expand that terse description into actual code. The strings listed in the…

34

How do we decide what features make it into a product?

David Lemson has an excellent article titled How do we decide what features make it into Exchange?. Although he’s talking about Exchange specifically, the general principles apply to many products.


Integer overflow in the new[] operator

Integer overflows are becoming a new security attack vector. Mike Howard’s article discusses some of the ways you can protect yourself against integer overflow attacks. One attack vector he neglects to mention is integer overflow in the new[] operator. This operator performs an implicit multiplication that is unchecked: int *allocate_integers(int howmany) { return new int[howmany];…

21

Ikea walk-through

Jeff Davis tipped me off to this Ikea walk-through. Frustratingly, the walkthrough doesn’t include any cheat codes. Even though Ikea was founded by a Swede, its company colors match the Swedish national colors, all its product names are Swedish, and it is clearly associated with Sweden in the minds of everyone, it is in fact…

29

Another reason not to do anything scary in your DllMain: Inadvertent deadlock

Your DllMain function runs inside the loader lock, one of the few times the OS lets you run code while one of its internal locks is held. This means that you must be extra careful not to violate a lock hierarchy in your DllMain; otherwise, you are asking for a deadlock. (You do have a…

17

Passenger announcements in the airport

While in Seattle-Tacoma International Airport yesterday, waiting for my flight to eventually be cancelled due to weather, then waiting for a replacement itinerary (um, the weather is the same at the destination; doesn’t matter which plane you take), then waiting for the replacement to be cancelled also (wow imagine that), I heard an announcement on…

4

Some reasons not to do anything scary in your DllMain

As everybody knows by now, you’re not supposed to do anything even remotely interesting in your DllMain function. Oleg Lvovitch has written two very good articles about this, one about how things work, and one about what goes wrong when they don’t work. Here’s another reason not to do anything remotely interesting in your DllMain:…

24

Undermining your own proclamation

I’m pulling for the Mars rovers as much as the next geek, but you still have to scratch your head at the following statement: Charles Elachi, the JPL director, said: “I am completely confident, without any hesitation, that I think we will get that rover back to full operation.” So he’s absolutely sure that he…

4

Blog going on autopilot for a while

I will be out of town for a few weeks, so I have set my blog on autopilot. There will still be an article every weekday at 7am Pacific time (assuming the autopilot machine doesn’t suffer a power outage or something), but I won’t be around (much) to respond to comments.

3