Dana Epp's ramblings at the Sanctuary: July 2007 Archives


« June 2007 \| Main \| August 2007 » July 27, 2007 Code Monkey and You Alun sent me an IM this morning that made my day. If your a code monkey you might appreciate this YouTube video: Thanks Alun. Gave me a morning smile. Posted by SilverStr at 09:05 AM \| Comments (0) \| TrackBack July 26, 2007 My MSDN interview on Developers and Security As a Canadian developer, I appreciate the evangelism and support of Microsoft across Canada. One of my favorite guys is John Bristowe, a Microsoft Developer Evangelist who focuses on Western Canada. Today he gave me a call and we did a quick 30 minute podcast on Developers and Security for the Canadian Developers MSDN Website. You can check it out here. More specifically, we chatted about how developers can improve their skills and processes around security and secure programming practices. (John's description which I am blatently ripping from his blog post :-) ) Enjoy! Posted by SilverStr at 02:09 PM \| Comments (1) \| TrackBack July 24, 2007 RunAs Radio interviews me about the server side of Cardspace Following up from the interview I had a few months ago about Cardspace, Richard Campbell and Greg Hughs interviewed me about the server side of Cardspace over at RunAsRadio. If you would like to listen to the interview we did you can download it here. Its about an hour long, and is a simple introduction to the world of Cardspace on the server side. Another fun interview. Thanks guys. Enjoy! Posted by SilverStr at 11:25 PM \| Comments (0) \| TrackBack July 19, 2007 Microsoft Technet Community Blog Interviews Me Ever wanted to know anything about me as it relates to my MVP award designation? Recently Microsoft interviewed me for MVP Insider and they posted the Q&A on their ITPRO community blog. It was a fun interview. You can check out the results here. Posted by SilverStr at 09:57 AM \| Comments (0) \| TrackBack July 18, 2007 Will your Intel Core 2 Duo CPU be used as an attack vector? I missed this in the original theads, but I recently came across an email from Theo de Raadt in which he describes a whole slew of vulnerabilities within the Intel Core 2 Duo CPU that may be exploitable. Irregardless of the operating system. You can read the Intel errata here.) UPDATE: looks like Intel pulled their errata from the original link. The interesting quote in his email that shocked me was this: "These processors are buggy as hell, and some of these bugs don't just cause development/debugging problems, but will ASSUREDLY be exploitable from userland code." He goes on to say: At this time, I cannot recommend purchase of any machines based on the Intel Core 2 until these issues are dealt with (which I suspect will take more than a year). Intel must be come more transparent. Strong words from one of the authors of OpenBSD and a fellow security professional. Now I have no idea what the validity is to his claims, but it does offer reflection for us all. Theo mentions that most of the errors were most likely to cause system crashes, but that some might be exploited to create sophisticated attacks. On the flip side, people like Linux Torvalds have responded to his claims stating that they are "totally insignificant". Time will tell if Theo is right. Linus has mentioned that many bugs already have workaround or patches in the works, but when was the last time YOU patched your CPU? Ya, me neither. Posted by SilverStr at 12:10 AM \| Comments (1) \| TrackBack July 11, 2007 Learn about the Windows Vista Integrity Mechanisms Michael pointed out that Microsoft has now published some great resources for people who wish to understand the Integrity Levels (IL) in Vista/Longhorn. There is some great information there. If you are a software developer or knowledgeable IT professional who wants to learn how the Windows integrity mechanism works and how to code to it, you owe it to yourself to go through these resources. The code examples itself are worth its weight in gold. Happy reading. Posted by SilverStr at 11:57 PM \| Comments (0) \| TrackBack July 09, 2007 Microsoft Malware Protection Center now available to the public Microsoft's threat research and response is now available to the public over at http://www.microsoft.com/security/portal/. You can get detailed analysis of various threats, query their extensive library and even download definition updates out of band for Defender or Forefront. Both in x32 and x64 (that should make Charlie happy). You can even submit files that are suspected of containing malware or potentially unwanted software to Microsoft using their online form. Very useful site of information for you malware lovers :-) Posted by SilverStr at 03:34 PM \| Comments (0) \| TrackBack		My 5 Favorite Books Writing Secure Code Secure Programming Cookbook Security Engineering Secure Coding Principles & Practice Inside the Security Mind My 5 Favorite Papers Smashing the Stack Penetration Studies Covert Channel Analysis of Trusted Systems DoD Trusted Computer System Evaluation Criteria NSA Security Recommendation Guides Archives March 2010 October 2009 August 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 April 2008 January 2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 May 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 March 2006 February 2006 January 2006 December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005 February 2005 January 2005 December 2004 November 2004 October 2004 September 2004 August 2004 July 2004 June 2004 May 2004 April 2004 March 2004 February 2004 January 2004 December 2003 November 2003 October 2003 September 2003 August 2003 July 2003 June 2003 May 2003 April 2003 March 2003 February 2003 January 2003 December 2002 November 2002 October 2002 September 2002 August 2002 July 2002