Partager via


Michael Howard's Web Log

A Simple Software Security Guy at Microsoft!

Windows Vista Crypto Modules now FIPS 140-2 Certified

The standard crypto providers such as DSSENH and RSAENH are now certified FIPS 140-2 on Windows...

Author: Michael Howard Date: 01/18/2008

Crispin Cowan joins the Windows Security Team!

I am delighted to announce that Crispin Cowan has joined the core Windows Security Team! For those...

Author: Michael Howard Date: 01/17/2008

Timely Microsoft Office 2003 SP3 Advice from David LeBlanc

https://blogs.msdn.com/david_leblanc/archive/2008/01/16/a-good-reason-to-install-sp3.aspx

Author: Michael Howard Date: 01/16/2008

Cry or Smile? You Decide...

On Wednesday Mark Curphey emailed me about a conversation his team had with a customer. I see he has...

Author: Michael Howard Date: 01/11/2008

"Open-source projects certified as secure" – huh?

I really got a chuckle out of this news item, especially this line: “Coverity, which creates...

Author: Michael Howard Date: 01/10/2008

VBootkit vs. Bitlocker in TPM mode

One of the guys in our group, Robert Hensing has an interesting post about VBootkit and whether...

Author: Michael Howard Date: 01/08/2008

Recent Symantec and IBM vulnerabilities, giblets, banned APIs and the SDL

I just posted some commentary on the SDL blog about some recent Symantec and IBM vulnerabilities,...

Author: Michael Howard Date: 01/04/2008

Common Criteria: Is it Safe?

My colleague, Eric Bidstrup, has posted a thought provoking commentary about the Common Criteria. I...

Author: Michael Howard Date: 12/20/2007

It's Official: Jeff Jones has WWAYYY Too Much Time on His Hands

I think I'm a girl-elf in this, however!

Author: Michael Howard Date: 12/17/2007

Counterpoint to my SDL post

David has an interesting counterpoint post to my SDL post this morning. As expected he makes some...

Author: Michael Howard Date: 12/17/2007

Security is not all about Security Updates

I just posted an article about the SDL goals over on the SDL blog....

Author: Michael Howard Date: 12/17/2007

Today's Dilbert :)

Perhaps I should change my name to "Mordac" From...

Author: Michael Howard Date: 11/16/2007

Reminder: Microsoft Security Intelligence Report - Webcast on Wed 7 Nov

Wednesday, November 07, 2007 10:00 AM Pacific TimeSupport WebCast: Microsoft Security Intelligence...

Author: Michael Howard Date: 11/06/2007

Oracle’s Original Unbreakable Paper

I know a lot of you have heard of, or know of, Oracle’s Unbreakable claims. I’m not going to get...

Author: Michael Howard Date: 11/06/2007

I'm at TechEd in Barcelona this week

I'll be there all week, I have a bunch of talks: SEC201 - The Security Development Lifecycle (5...

Author: Michael Howard Date: 11/04/2007

New Microsoft Security Intelligence Report Available

The latest Security Intelligence Report is now available. To quote the Web page: The Microsoft...

Author: Michael Howard Date: 10/23/2007

Dev Tip: Opening Commonly-Accessed Files

When I'm writing code, there's one file I need to access constantly - WinError.h, the file that...

Author: Michael Howard Date: 10/19/2007

News Items that Interested me this Week

Each week (ok, mostly every week!) I'll post news items that interested me... Security analysis of...

Author: Michael Howard Date: 10/19/2007

Lessons Learned from Five Years of Building More Secure Software

The annual Security issue of MSDN Magazine is now available. This year I wrote a piece about some of...

Author: Michael Howard Date: 10/12/2007

Update on the Threat Modeling Process

At Microsoft, we have been using various forms of threat modeling for years now, and we're always...

Author: Michael Howard Date: 10/12/2007

Bluehat Audio Available

https://download.microsoft.com/download/3/2/0/3205AD8C-A0AA-40F0-8998-256B7583D400/DanKaminsky.wma...

Author: Michael Howard Date: 10/04/2007

New Version of Application Verifier (appverif) available

AppVerif is one of my favorite run-time analysis tools for unmanaged Windows apps, it's also an...

Author: Michael Howard Date: 09/04/2007

Update on DropMyRights

It's been a long time since I looked at DropMyRights, a little tool I wrote forever ago to lower a...

Author: Michael Howard Date: 08/13/2007

Privacy Tip o' the Day

I'm stunned at how much private data the average citizen will divulge. I was buying some stuff...

Author: Michael Howard Date: 08/08/2007

Some of us won't be at Blackhat

I am sitting at Austin airport about to catch a plane to Redmond to help a cadre of us deliver...

Author: Michael Howard Date: 07/31/2007

Iron Chef at BlackHat

Eric Bidstrup has just posted some commentary about Iron Chef at Blackhat event over on the SDL...

Author: Michael Howard Date: 07/26/2007

Inspect Your Gadget

Dave Ross and I recently wrote an article on the in's & out's of writing secure gadgets for...

Author: Michael Howard Date: 07/23/2007

Windows Vista Integrity Paper

Howdy from a little coffee shop (no, not Starbucks) at the entrance to our subdivison in Austin! I...

Author: Michael Howard Date: 07/11/2007

My Last Day in Redmond

Well, today is my last day in Redmond. It's pretty sad, but I'm really looking forward to being in...

Author: Michael Howard Date: 06/29/2007

Lessons Learned from MS07-029: The DNS RPC Interface Buffer Overrun

I just posted the root cause analysis for the DNS RPC buffer overrun over on the SDL blog.

Author: Michael Howard Date: 06/28/2007

"How Software is Built" Interview

Some months back I was interviewed by howsoftwareisbuilt.com, we talked about everything you could...

Author: Michael Howard Date: 06/25/2007

SDL Crypto Code Review Macro

Over the last few weeks I've been experimenting with the Visual Studio 2005 macro and extensibility...

Author: Michael Howard Date: 06/14/2007

SDL Training at the Microsoft Security Response and Safety Summit

Dave Ladd has just made a post over on the SDL blog about some SDL training we gave for partners at...

Author: Michael Howard Date: 06/14/2007

The Bluetooth Keyboard Mystery: Solved.

My wife's got a pretty spec'd out box at home with a 30inch widescreen LCD flat panel and a...

Author: Michael Howard Date: 06/05/2007

Well, I never expected this. Take 2

Yesterday, based on some negative feedback, I made a post stating I would keep my blog a tech blog...

Author: Michael Howard Date: 06/05/2007

Well, I wasn't expecting that!

Yesterday, I decided to add a more personal angle to my blog by posting about my kids. Well, I got a...

Author: Michael Howard Date: 06/04/2007

The Most Complex SAL annotation

While working on "Writing Secure Code for Windows Vista" I spent a good deal of time spelunking the...

Author: Michael Howard Date: 06/03/2007

From the Mouths of Babes

A few weeks ago someone in my group suggested I blog about more than security. I asked, "Why?" He...

Author: Michael Howard Date: 06/03/2007

At TechEd this Week

Hi from Orlando I'm presenting at TechEd this week - I have two sessions, one is a "chalktalk"...

Author: Michael Howard Date: 06/03/2007

Oil Change or Culture Change

Dave Ladd has just posted a very interesting and thought provoking post over on the SDL blog:...

Author: Michael Howard Date: 06/01/2007

Half Of Windows Vista Adoption Driven By Security

I think I earned my paycheck this week :)...

Author: Michael Howard Date: 05/23/2007

Secure coding lessons from Microsoft

Last week we had some tech journalists visit Redmond to discuss security products and, in my case,...

Author: Michael Howard Date: 05/22/2007

Windows Vista ISV Security Paper Available

Matt Thomlinson and I wrote a document explaining how to take advantage of some of the buffer...

Author: Michael Howard Date: 05/04/2007

More on security education, or lack of...

Following on from my blog post yesterday about Dave Ladd's education vs training comments over on...

Author: Michael Howard Date: 05/04/2007

Security Education v. Security Training

David Ladd, a partner in crime, has just made a post on the SDL blog about Security Education. He...

Author: Michael Howard Date: 05/03/2007

The Strangest Vista "bug" you've ever heard of - EVER!

A good friend of mine bought a new Sony Vaio with Windows Vista preinstalled. But there was a...

Author: Michael Howard Date: 04/27/2007

Lessons Learned from the Animated Cursor bug

I just posted an analysis over on the SDL blog of the lessons we learned from the recent animated...

Author: Michael Howard Date: 04/26/2007

SDL blog is live

We have started a new blog, the SDL blog - we have an interesting array of folks working on the...

Author: Michael Howard Date: 04/26/2007

<Previous Next>