Not that ASLR is a brand new thing, but this was the first time that I’ve had to go head on against a defensive mechanism like this and it almost gave me a heart attack. Bad news for the real bad-guys, good news for the rest of us. Bravo, nice work Microsoft! Here’s what happened … [...]
Even though I needed to spend Day 2 in my hotel room finishing a deliverable I have to tell you from my experience with Day 1 (05/11/09), Microsoft has definitely put on a great conference. The talks that I’ve been to have been nothing short of top-notch and I am looking forward to heading back [...]
It’s a little late, but once again I am happy to announce that Impacta was acknowledged by Microsoft for helping Microsoft protect their customers by responsibly reporting vulnerabilities for the month of February 2009. Check out Microsoft’s security researcher acknowledgement page for more information. –Kevin
No doubt you may have already heard about the worm that hit the Twitter service over the weekend that affected 10,000+ tweets as reported on Twitter’s blog. According to the Puget Sound Business Journal, 17-year-old Michael “Mikeyy” Mooney from StalkDaily admitted to originating the attack. How could something like have been prevented? More important, how could you [...]
Hey everyone, looks like I’ll get the fabulous opportunity of presenting at this upcoming Microsoft TechEd 2009North America developer track. The topic that I’ll be presenting on is tentatively on is the top things developers can do today to make their applications more secure and trustworthy. There will be demonstrations of today’s most common attack [...]
There, I said it: stop listening to information security people. Before you fire your security vendors, disable those perimeter defenses and toss your security development processes to the fire there’s more to this story you should know. On the front page of MSN.com this morning, there was an article entitled “Stop Listening to Suze Orman” and it reminded [...]
I opened up my Web browser this morning and on the front page of MSN.com (yes, yes … I confess my default homepage is still set to MSN) was this article about the dangers of online banking. The article was pretty well written, and it brought to light some very practical things people can do to better protect [...]
My friend emailed me today and said that her company’s IT department was warning users about a phishing email that was circulating around supposedly from IKEA. (This by the way is an example of a great IT department: they don’t rely on just technology – people and process are also part of their security solution, kudos to them!) [...]
Hey everyone, I got several emails recently (in response to this blog posting) regarding how you can get a hold of a copy of Assessing Network Security (ISBN: 9780735620339, Microsoft Press) that myself, David LeBlanc and Ben Smith co-authored a few years back in 2004. Amazon. Amazon.com has some pretty great reviews of it, however I don’t [...]
I was reading through an article last night about the 25 greatest blunders in technology history and was happily strolling through memory lane (what are Palm Pilots, PS/2s and Apple Newtons anyways? :p) and then got quite a surprise at the very end of the article. The number one technology failure of all time according to the [...]
