Michael Howard's Web Log
A Simple Software Security Guy at Microsoft!
A little more info on raw sockets and Windows XP SP2
There's been a little confusion about raw sockets and Windows XP SP2. Hopefully, this little entry...
Author: Michael Howard Date: 08/12/2004
"Changes in Functionality in Microsoft Windows XP SP2" now available
I would highly recommend you read this!...
Author: Michael Howard Date: 08/11/2004
My Daily list o' Links
I was asked by a TechEd attendee which web sites often visit. I scan the following every morning,...
Author: Michael Howard Date: 08/04/2004
A list of Code Secure columns
I'm in New Zealand right now, talking at TechEd. A customer asked me where he could find list of all...
Author: Michael Howard Date: 08/02/2004
"Hey Dad, let's go Phishing"
My son, Blake, is 3 years old, and on Saturday, for the first time in his little life he picked up...
Author: Michael Howard Date: 07/28/2004
More XPSP2 Goodies
<Waiting to present to a bunch of Game Developers about writing secure games!> As you probably...
Author: Michael Howard Date: 07/28/2004
Frank Swiderski presents the Threat Modeling tool on Channel9
https://channel9.msdn.com/ShowPost.aspx?PostID=13127
Author: Michael Howard Date: 07/12/2004
Microsoft Office Remove Hidden Data add-in version 1.1 is now available
As some of you remember, the original Remove Hidden Data add-in was released in January for...
Author: Michael Howard Date: 07/11/2004
Article: "Inside Windows XP Service Pack 2 RC2"
It doesn't go deep, indeed, it covers nothing below the UI really, but this is a pretty nice article...
Author: Michael Howard Date: 06/30/2004
Internet Explorer and "trust prompts" in Windows XPSP2
Perhaps this one will be a little less controversial than my previous post! When I review threat...
Author: Michael Howard Date: 06/27/2004
Some of the new stuff in Windows XP SP2
We're on the home stretch for Windows XP SP2! I can't begin to tell you what a relief it is to see...
Author: Michael Howard Date: 06/27/2004
"Assessing Network Security" is released
Kevin Lam, David LeBlanc, & Ben Smith have released a new book, “Assessing Network...
Author: Michael Howard Date: 06/24/2004
"Threat Modeling" is Released
I finally have in my sweaty little paws a copy of “Threat Modeling” from MSPress,...
Author: Michael Howard Date: 06/23/2004
Why Sasser did not infect Windows Server 2003
The Sasser worm took advantage of a defect in logging code within the Local Security Authority...
Author: Michael Howard Date: 06/16/2004
TCP & UDP Ports Used by Microsoft Apps
Did you ever want to know which ports are used by the Cluster Service or Exchange? Well, there's a...
Author: Michael Howard Date: 06/16/2004
Windows XP SP2 Release Candidate 2 is out!
Build 2149 is RC2 https://www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx
Author: Michael Howard Date: 06/15/2004
Debugging an ASP.NET application as a non-admin
I have to admit, I don't do much ASP.NET work, I mainly write Win32 apps in C++ and C#, but when I...
Author: Michael Howard Date: 06/15/2004
Threat Modeling
I have been a big supporter of threat modeling since a bunch of us started defining and using the...
Author: Michael Howard Date: 06/14/2004
Microsoft Security Bulletin RSS Feed
From the “Well-waddya-know Dept.” I just found out this morning there's an RSS feed for...
Author: Michael Howard Date: 06/08/2004
Updated Writing Secure Code 2nd Ed Errata
Big thanks to Peter Gutmann and Morten Andersen for their comments.I have highlighted what's new in...
Author: Michael Howard Date: 06/02/2004
Updated info about Threat Modeling tool
If you are getting a user breakpoint when generating a threat model report or using the threat model...
Author: Michael Howard Date: 05/28/2004
Threat Modeling tool now available
Finally, it has been posted - Frank Swiderski's Threat modeling tool is now available for free...
Author: Michael Howard Date: 05/24/2004
Why Blaster did not infect Windows Server 2003
I've been meaning to write about this for some time, but while pondering over my very dead laptop...
Author: Michael Howard Date: 05/23/2004
The Antivirus Defense-in-Depth Guide Released to Web
Finally got out of war, and saw this in my inbox... The Microsoft Solutions for Security (MSS) team...
Author: Michael Howard Date: 05/21/2004
Hackers Hacked by Hackers (!?)
Here I am, in Windows XPSP2 war again, and there's another debate about how best to binplace some...
Author: Michael Howard Date: 05/21/2004
Do you hate security updates?
I realize the weekend is almost upon us, so I thought I'd share something a little light-hearted....
Author: Michael Howard Date: 05/20/2004
Security Management
I'm really not a security infrastructure guy, I leave that to others, from whom I learn a great...
Author: Michael Howard Date: 05/19/2004
Transmeta chips to support 'NX'
It' 9:55AM and I'm sitting in Windows XP SP2 War; there's a little debate going on which has nothing...
Author: Michael Howard Date: 05/18/2004
IT Security at Microsoft Overview
Very, very cool doc. From the document “Overview discussion on what the Microsoft Corporate...
Author: Michael Howard Date: 05/17/2004
Security Guidance Training for Developers
Over the last few weeks a bunch of security Microsofties have been talking to customers about some...
Author: Michael Howard Date: 05/12/2004
How to think about Security
Rewind to YesterdayI remember the early days very well; I’d get an email from someone asking...
Author: Michael Howard Date: 05/12/2004
Security in Microsoft Products - a chat with Mike Nash
Join me on Thursday (May 13, 2004 9:00am Pacific/12:00pm Eastern) in our monthly security chat with...
Author: Michael Howard Date: 05/11/2004
Administering Windows Servers through one port
A couple of months ago, I presented at a Financial Services Chief Security Officer’s forum...
Author: Michael Howard Date: 05/11/2004
The Spread of the Witty Worm
Thanks to Joel Scambray (coauthor of the Hacking Exposed series of books) for bringing this to my...
Author: Michael Howard Date: 05/10/2004
Sasser Arrest
Just in case you haven't seen this, there's been an arrest in Germany of an 18yr old accused of...
Author: Michael Howard Date: 05/08/2004
An Update on the Windows Server 2003 Vulnerability Count
A few weeks back, I posted an article about some of the progress we had made after 292d of the...
Author: Michael Howard Date: 05/04/2004
Why 'Sasser' does not affect Win2003
As you may be aware, a new worm has emerged named, 'Sasser', and Windows Server 2003 is not...
Author: Michael Howard Date: 05/02/2004
Updated C Runtime in Whidbey - goodbye strcpy!
I just posted an article on MSDN about the new, updated C runtime library available in Whidbey....
Author: Michael Howard Date: 04/02/2004
Security Progress at Microsoft
If you have not already done so, I would urge you to take a look at Bill Gates' “Microsoft...
Author: Michael Howard Date: 04/01/2004
Kewl Tools
Microsoft released a new support tool to monitor port usage on a computer. To quote the Web page,...
Author: Michael Howard Date: 03/17/2004
Office2003/XP Remove Hidden Data tool Available
I've been meaning to write about this for ages. So here goes, better late than never! Many people,...
Author: Michael Howard Date: 03/01/2004
Security Fix CD's now available
Have your friends/family memebers/pets on dial-up connections take advantage of this freebie offer....
Author: Michael Howard Date: 02/20/2004
Updated Errata for Writing Secure Code 2nd Edition
Entire Book Please replace all references to Windows® .NET Server with Windows® Server...
Author: Michael Howard Date: 02/07/2004
The IE Patch (MS04-004) demystified
Many people have asked what the scoop is on the recent IE update- and why did Microsoft disable...
Author: Michael Howard Date: 02/04/2004
EVEN more stuff on Integer Overruns
... and Raymond Chen posted an article on operator::new and integer overflows. Here it is.
Author: Michael Howard Date: 01/29/2004
More Integer Overrun Stuff...
I know I keep harping on about integer arithmetic issues; however, my co-author David LeBlanc, has...
Author: Michael Howard Date: 01/29/2004