July 27, 2007
Code Monkey and You
Alun sent me an IM this morning that made my day. If your a code monkey you might appreciate this YouTube video:
Thanks Alun. Gave me a morning smile.
July 26, 2007
My MSDN interview on Developers and Security
As a Canadian developer, I appreciate the evangelism and support of Microsoft across Canada. One of my favorite guys is John Bristowe, a Microsoft Developer Evangelist who focuses on Western Canada. Today he gave me a call and we did a quick 30 minute podcast on Developers and Security for the Canadian Developers MSDN Website. You can check it out here.
More specifically, we chatted about how developers can improve their skills and processes around security and secure programming practices. (John's description which I am blatently ripping from his blog post :-) )
July 24, 2007
RunAs Radio interviews me about the server side of Cardspace
If you would like to listen to the interview we did you can download it here. Its about an hour long, and is a simple introduction to the world of Cardspace on the server side.
Another fun interview. Thanks guys. Enjoy!
July 19, 2007
Microsoft Technet Community Blog Interviews Me
Ever wanted to know anything about me as it relates to my MVP award designation? Recently Microsoft interviewed me for MVP Insider and they posted the Q&A on their ITPRO community blog. It was a fun interview.
You can check out the results here.
July 18, 2007
Will your Intel Core 2 Duo CPU be used as an attack vector?
I missed this in the original theads, but I recently came across an email from Theo de Raadt in which he describes a whole slew of vulnerabilities within the Intel Core 2 Duo CPU that may be exploitable. Irregardless of the operating system. You can read the Intel errata here.) UPDATE: looks like Intel pulled their errata from the original link.
The interesting quote in his email that shocked me was this:
"These processors are buggy as hell, and some of these bugs don't just cause development/debugging problems, but will *ASSUREDLY* be exploitable from userland code."
He goes on to say:
At this time, I cannot recommend purchase of any machines based on the Intel Core 2 until these issues are dealt with (which I suspect will take more than a year). Intel must be come more transparent.
Strong words from one of the authors of OpenBSD and a fellow security professional.
Now I have no idea what the validity is to his claims, but it does offer reflection for us all. Theo mentions that most of the errors were most likely to cause system crashes, but that some might be exploited to create sophisticated attacks. On the flip side, people like Linux Torvalds have responded to his claims stating that they are "totally insignificant".
Time will tell if Theo is right. Linus has mentioned that many bugs already have workaround or patches in the works, but when was the last time YOU patched your CPU? Ya, me neither.
July 11, 2007
Learn about the Windows Vista Integrity Mechanisms
Michael pointed out that Microsoft has now published some great resources for people who wish to understand the Integrity Levels (IL) in Vista/Longhorn.
There is some great information there. If you are a software developer or knowledgeable IT professional who wants to learn how the Windows integrity mechanism works and how to code to it, you owe it to yourself to go through these resources. The code examples itself are worth its weight in gold.
July 09, 2007
Microsoft Malware Protection Center now available to the public
Microsoft's threat research and response is now available to the public over at http://www.microsoft.com/security/portal/. You can get detailed analysis of various threats, query their extensive library and even download definition updates out of band for Defender or Forefront. Both in x32 and x64 (that should make Charlie happy).
You can even submit files that are suspected of containing malware or potentially unwanted software to Microsoft using their online form.
Very useful site of information for you malware lovers :-)