Partager via


Michael Howard's Web Log

A Simple Software Security Guy at Microsoft!

A little more info on raw sockets and Windows XP SP2

There's been a little confusion about raw sockets and Windows XP SP2. Hopefully, this little entry...

Author: Michael Howard Date: 08/12/2004

"Changes in Functionality in Microsoft Windows XP SP2" now available

I would highly recommend you read this!...

Author: Michael Howard Date: 08/11/2004

I was asked by a TechEd attendee which web sites often visit. I scan the following every morning,...

Author: Michael Howard Date: 08/04/2004

A list of Code Secure columns

I'm in New Zealand right now, talking at TechEd. A customer asked me where he could find list of all...

Author: Michael Howard Date: 08/02/2004

"Hey Dad, let's go Phishing"

My son, Blake, is 3 years old, and on Saturday, for the first time in his little life he picked up...

Author: Michael Howard Date: 07/28/2004

More XPSP2 Goodies

<Waiting to present to a bunch of Game Developers about writing secure games!> As you probably...

Author: Michael Howard Date: 07/28/2004

Frank Swiderski presents the Threat Modeling tool on Channel9

https://channel9.msdn.com/ShowPost.aspx?PostID=13127

Author: Michael Howard Date: 07/12/2004

Microsoft Office Remove Hidden Data add-in version 1.1 is now available

As some of you remember, the original Remove Hidden Data add-in was released in January for...

Author: Michael Howard Date: 07/11/2004

Article: "Inside Windows XP Service Pack 2 RC2"

It doesn't go deep, indeed, it covers nothing below the UI really, but this is a pretty nice article...

Author: Michael Howard Date: 06/30/2004

Internet Explorer and "trust prompts" in Windows XPSP2

Perhaps this one will be a little less controversial than my previous post! When I review threat...

Author: Michael Howard Date: 06/27/2004

Some of the new stuff in Windows XP SP2

We're on the home stretch for Windows XP SP2! I can't begin to tell you what a relief it is to see...

Author: Michael Howard Date: 06/27/2004

"Assessing Network Security" is released

Kevin Lam, David LeBlanc, & Ben Smith have released a new book, “Assessing Network...

Author: Michael Howard Date: 06/24/2004

"Threat Modeling" is Released

I finally have in my sweaty little paws a copy of “Threat Modeling” from MSPress,...

Author: Michael Howard Date: 06/23/2004

Why Sasser did not infect Windows Server 2003

The Sasser worm took advantage of a defect in logging code within the Local Security Authority...

Author: Michael Howard Date: 06/16/2004

TCP & UDP Ports Used by Microsoft Apps

Did you ever want to know which ports are used by the Cluster Service or Exchange? Well, there's a...

Author: Michael Howard Date: 06/16/2004

Windows XP SP2 Release Candidate 2 is out!

Build 2149 is RC2 https://www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx

Author: Michael Howard Date: 06/15/2004

Debugging an ASP.NET application as a non-admin

I have to admit, I don't do much ASP.NET work, I mainly write Win32 apps in C++ and C#, but when I...

Author: Michael Howard Date: 06/15/2004

Threat Modeling

I have been a big supporter of threat modeling since a bunch of us started defining and using the...

Author: Michael Howard Date: 06/14/2004

Microsoft Security Bulletin RSS Feed

From the “Well-waddya-know Dept.” I just found out this morning there's an RSS feed for...

Author: Michael Howard Date: 06/08/2004

Updated Writing Secure Code 2nd Ed Errata

Big thanks to Peter Gutmann and Morten Andersen for their comments.I have highlighted what's new in...

Author: Michael Howard Date: 06/02/2004

Updated info about Threat Modeling tool

If you are getting a user breakpoint when generating a threat model report or using the threat model...

Author: Michael Howard Date: 05/28/2004

Threat Modeling tool now available

Finally, it has been posted - Frank Swiderski's Threat modeling tool is now available for free...

Author: Michael Howard Date: 05/24/2004

Why Blaster did not infect Windows Server 2003

I've been meaning to write about this for some time, but while pondering over my very dead laptop...

Author: Michael Howard Date: 05/23/2004

The Antivirus Defense-in-Depth Guide Released to Web

Finally got out of war, and saw this in my inbox... The Microsoft Solutions for Security (MSS) team...

Author: Michael Howard Date: 05/21/2004

Hackers Hacked by Hackers (!?)

Here I am, in Windows XPSP2 war again, and there's another debate about how best to binplace some...

Author: Michael Howard Date: 05/21/2004

Do you hate security updates?

I realize the weekend is almost upon us, so I thought I'd share something a little light-hearted....

Author: Michael Howard Date: 05/20/2004

Security Management

I'm really not a security infrastructure guy, I leave that to others, from whom I learn a great...

Author: Michael Howard Date: 05/19/2004

Transmeta chips to support 'NX'

It' 9:55AM and I'm sitting in Windows XP SP2 War; there's a little debate going on which has nothing...

Author: Michael Howard Date: 05/18/2004

IT Security at Microsoft Overview

Very, very cool doc. From the document “Overview discussion on what the Microsoft Corporate...

Author: Michael Howard Date: 05/17/2004

Security Guidance Training for Developers

Over the last few weeks a bunch of security Microsofties have been talking to customers about some...

Author: Michael Howard Date: 05/12/2004

How to think about Security

Rewind to YesterdayI remember the early days very well; I’d get an email from someone asking...

Author: Michael Howard Date: 05/12/2004

Security in Microsoft Products - a chat with Mike Nash

Join me on Thursday (May 13, 2004 9:00am Pacific/12:00pm Eastern) in our monthly security chat with...

Author: Michael Howard Date: 05/11/2004

Administering Windows Servers through one port

A couple of months ago, I presented at a Financial Services Chief Security Officer’s forum...

Author: Michael Howard Date: 05/11/2004

The Spread of the Witty Worm

Thanks to Joel Scambray (coauthor of the Hacking Exposed series of books) for bringing this to my...

Author: Michael Howard Date: 05/10/2004

Sasser Arrest

Just in case you haven't seen this, there's been an arrest in Germany of an 18yr old accused of...

Author: Michael Howard Date: 05/08/2004

An Update on the Windows Server 2003 Vulnerability Count

A few weeks back, I posted an article about some of the progress we had made after 292d of the...

Author: Michael Howard Date: 05/04/2004

Why 'Sasser' does not affect Win2003

As you may be aware, a new worm has emerged named, 'Sasser', and Windows Server 2003 is not...

Author: Michael Howard Date: 05/02/2004

Updated C Runtime in Whidbey - goodbye strcpy!

I just posted an article on MSDN about the new, updated C runtime library available in Whidbey....

Author: Michael Howard Date: 04/02/2004

Security Progress at Microsoft

If you have not already done so, I would urge you to take a look at Bill Gates' “Microsoft...

Author: Michael Howard Date: 04/01/2004

Kewl Tools

Microsoft released a new support tool to monitor port usage on a computer. To quote the Web page,...

Author: Michael Howard Date: 03/17/2004

Office2003/XP Remove Hidden Data tool Available

I've been meaning to write about this for ages. So here goes, better late than never! Many people,...

Author: Michael Howard Date: 03/01/2004

Security Fix CD's now available

Have your friends/family memebers/pets on dial-up connections take advantage of this freebie offer....

Author: Michael Howard Date: 02/20/2004

Updated Errata for Writing Secure Code 2nd Edition

Entire Book Please replace all references to Windows® .NET Server with Windows® Server...

Author: Michael Howard Date: 02/07/2004

The IE Patch (MS04-004) demystified

Many people have asked what the scoop is on the recent IE update- and why did Microsoft disable...

Author: Michael Howard Date: 02/04/2004

EVEN more stuff on Integer Overruns

... and Raymond Chen posted an article on operator::new and integer overflows. Here it is.

Author: Michael Howard Date: 01/29/2004

More Integer Overrun Stuff...

I know I keep harping on about integer arithmetic issues; however, my co-author David LeBlanc, has...

Author: Michael Howard Date: 01/29/2004

<Previous