Development
Development information
I just found that I've missed a great blog by Steve Patrick (from Critical Problem Resolution team) with invaluable information on SmartCard deployment, so begin with this post - So, you want to use smart cards?. Thanks for sharing this information, Steve! [subscribed]
According to Mark's blog post - Microsoft has acquired Wininternals and Sysinternals: developers of great troubleshooting and management tools such as Recovery Manager, Protection Manager and ERD Commander (part of Administrator Pack), free Autoruns/Process Explorer/Rootkit Revealer, and many others that are included in my must-have utilities list. Congratulations to Mark and Bruce...
Michael Howard posted a link to the lecture materials from University of Washington's cryptography class. And you should pay attention to the lecturers list: Brian LaMacchia (ex-security architect for the .NET Framework and Common Language Runtime) Josh Benaloh (senior cryptographer in Microsoft Research) John Manferdelli (Distinguished Engineer, worked on the TPM stuff at Microsoft.) BTW, does anyone mentions that v1.1 of KMDF was released? It supports Windows 2000 now, so driver developers position...
Well, period of silence on this blog ended. Unfortunately I couldn't post for last three months for many reasons and I'm sorry for it :(( In this post I'll try to summarize what interesting things happened in security from my point of view (actually Valery already mentioned most of them in his blog): Peter Gutmann updated his “Godzilla crypto and security“ tutorial with excellent quote on current state of laws in Russia: “The severity of Russian law is compensated for by it’s...
For poor souls like me (who could not attent PDC this year ;-) - at least we can check PDC2005 slide decks [via Sam Gentile]. I'm interested in “Scrubbing Source Code for Common Coding Mistakes (FxCop and PreFast)“, “Building IPv6, Firewall, and IPsec Aware Applications“ and especially “Understanding, Enhancing, and Extending Security End-to-End“ (because it mentions CryptoAPI NG) [Updated 2005/12/07 to include direct links to presentations and btw CNG is _must...
Last friday at Microsoft Moscow office Ivan Medvedev (from SWI team) made a presentation about Security Tools for Software Development. He mentioned new Threat Modeling tool, AppVerifier, PreFast, FxCop, and new Whidbey compiler switches. [Update] May be Ivan will post some new information at his blog about those and new tools ;-) An intoduction in testing methods used at Microsoft awake my interesting in fuzzing - a method of finding software security holes by feeding purposely invalid and ill-formed...
Well, it finally happens. After using kbAlertz for so long time we can use official RSS feeds for Microsoft Knowledgebase at http://support.microsoft.co... now [via John Howard]
Four part video presentation of the Windows NT kernel by Dave Probert (an architect for Windows) is posted at Channel 9. He does a very good job of comparing the Windows kernel to UNIX-style kernels and how they tackle the same problems differently. Part I Part II Part III Part IV Also very interesting Course about Windows Internals by Dave Probert exists at Strategic Software program site of the University of Tokyo...
As I posted recently Protect Your Windows Network book by Steve Riley and Jesper M. Johansson is available for pre-ordering. Both Michael Howard and Steve Riley posted updated information about preorder (with promo code ;-) Also yesterday I accidentially found new book by Michael, David LeBlank AND John Viega - 19 Deadly Sins of Software Security due to August 2005. It should be interesting book from authors of Writing of Secure Code and Secure Programming Cookbook. [Update] This monday Michael Howard...
Interesting article about security tools to check for common security issues, including places where your code won't run properly under non-administrative accounts that are included in Application Verifier is posted at TechNet. [via Larkware] Michael Howard also described SecurityChecks in his Code Secure...
Full Development Archive