A Blog for Graymad

As evidenced by a Linux kernel flaw that resulted in a DoS attack against Akamai, effectively denying access to large sites like Google, Yahoo, and Microsoft. Not gloating here, just observing that this demonstrates that all operating systems can be vulnerable to security issues. This also suggests that the “more eyes = more secure” assertion made by open source advocates is perhaps a little overstated. After all, the Linux kernel is probably one of the most read parts of the Linux codebase. If it’s possible to find a flaw in the kernel, what does that say for other parts of the codebase that are not as thouroughly vetted? Again, this is not about trashing Linux, it’s about being clear that security is an issue for everyone, it’s not just a Microsoft problem.

For those of you who might be interested, you may have noticed that on the schedule for my recent MSDN Security Briefing tour, was a stop in Honolulu, Hawaii. I had a great time there, as you might expect, though I did manage to get pretty badly sunburned (that’s what happens when you spend two hours in a futile attempt to teach yourself how to surf, without using any sunscreen). Here’s a couple of photos from the trip:

A Hawaiian rainbow, viewed from the balcony of my room:

Diamond Head, viewed from a surfboard off Waikiki Beach:

First, he helps put ASP.NET on the map. Now, Rob “invents” a term for a common computer malady…let’s give the man some Google juice. J

I've been working a lot lately on my laptop and I use the built-in eraser head mouse pointer; I just cannot stand the touchpad. After too many days my right-index finger will begin to ache -- as it's doing now -- from overuse. So I thought I'd look this condition up and when I didn't find one I decided to invent my own 'condition':

mousepointeritis (mouspointritis) a condition caused by repetitive use of an eraser-head mouse pointer as commonly found on laptops.

The sad part about this is rather putting my laptop down I just switch to a different finger for the mousepointer/eraserhead!

[Rob Howard’s Weblog]

The MSDN Security Briefings tour I was on is complete, as of this week. My sincere thanks to everyone who came out to listen and learn. I especially appreciate all the kind comments I received.

If you’re interested in getting the slides from the presentations, they’re available via the following links:

Essentials of Application Security

Writing Secure Code – Best Practices

If you have any trouble with the above links, or if you’d like to see the other slide decks that are available, you can find them here.

If you’d like to see the presentations I did (as well as two other related presentations) in their online version, go to:

Clinic 2806: Microsoft® Security Guidance Training for Developers

For additional online security training, go to:

https://www.microsoftelearning.com/security/

If you have any questions from the presentations, feel free to ping me via the Contact link on my blog.