Archives
-
What is a buffer overrun?
Below is an excellent, yet brief, description of buffer overruns, which I found on the Microsoft bloggers feed on http://weblogs.asp.net. I do a demo of a buffer overrun in the Essentials of Application Security session, one of two I’m presenting at numerous locations in the eastern US. One of the things I find quite surprising is the relatively high percentage of C++ programmers in the sessions, and even more so, the relatively low percentage of them who’ve actually seen what a buffer overflow looks like. The fact that it’s so easy to code a buffer overflow makes me very glad that I use managed code. Now all I need to do is make sure that I’m not vulnerable to SQL Injection attacks (use stored procedures and good input validation) or Cross-site Scripting attacks (use good validation, and HTML encode all input before echoing it back to the browser).
-
Carl Franklin reports on another DPAPI wrapper,
this one in VB.NET:
-
First week of MSDN Security Goodness
I just finished up my first week of doing MSDN security briefings for Microsoft. I had a great time with the audiences in Albany, NY and Staten Island, NY. Both audiences were very attentive and asked some great questions. I’m looking forward to this week’s talks in Roanoke, VA, and Charlottesville, VA on Tuesday and Thursday of this week. So if you’re in those areas, and want to learn more about what you can do as a developer to create more secure applications, sign up, and come on down!
-
MSDE Scalability
Ever wanted the definitive answer on just exactly how MSDE limits performance and scalability? Well, you’re in luck, as Microsoft has now published a whitepaper describing how the governor in MSDE works. The short version is that the governor stalls connections for a few milliseconds on each logical read or write, once the limit of more than eight concurrent operations has been reached. The connection limit for MSDE is the same as for a standard SQL Server instance (32,767), but obviously the more concurrent connections, the more likely you are to reach the limit of 8 concurrent operations that triggers the workload governor. Read the paper for all the juicy details, including specifics on physical vs. logical reads/writes, and how/when the governor is activated. Good stuff.
-
Awesome tips for troubleshooting debugging...
…in VS 7, from Min Park:
-
Going to Tech-Ed?
Make sure to check out the Birds of a Feather (BoF) sessions, which are being run by INETA:
-
DevDays Washington, DC
Just want to say “thank you” to all the folks who came out to the Ronald Reagan building in Washington, DC to see the DevDays presentations today. I had a great time presenting, along with my buddy Anil, and like Anil, I definitely got the impression that folks got a lot out of the talks. Thanks also to Justin Damelin, the local Microsoft Developer Evangelist who was responsible for coordinating the event with the speakers, and all of the other great folks who made the event (IMHO) a great success. Now I can’t wait for the next one. J
-
A movie for sci-fi geeks
Apparently this movie, which is currently slated for release only in Japan, is a live-action version of a classic anime story. Looks like these folks have decided that after the somewhat disappointing (but beautiful) CG movie Final Fantasy: The Spirits Within, live action is the way to go. All I can say is that the trailer looks amazing, and makes me hope that a subtitled version will eventually reach the U.S. Heck, I might even watch this one without subtitles (ok, not really, but it it's close).