David LeBlanc's Web Log

SafeInt moved to github

Has it really been 7 years since I last posted? Yikes - wonder if anyone will see this. The main...

Author: david_leblanc Date: 03/22/2018

Compilers, Integers and Optimizations

I've had a good bit of fun (for some value of fun) with hardening SafeInt against what I consider to...

Author: david_leblanc Date: 12/23/2011

Bugs and Consequences

I've been meaning to write about overzealous compilers, and nice geeky things, but I'm going to use...

Author: david_leblanc Date: 12/22/2011

Another technique for Fixing DLL Preloading attacks

Back in February, 2008, I posted on DLL preloading attacks and how to avoid them here. It seems that...

Author: david_leblanc Date: 08/23/2010

MS10-048 – Getting the Math Right

The Security Research and Defense blog detailed an integer overflow here. The code looks like this:...

Author: david_leblanc Date: 08/10/2010

Acrobat is Getting a Sandbox

We've been helping Adobe to get a sandbox going which is similar to what we used in Office 2010 for...

Author: david_leblanc Date: 07/20/2010

DSig Q & A

I'm going to cover the answers to some of the questions that came in after Shelley answered the...

Author: david_leblanc Date: 05/30/2010

Office 2010 Digital Signatures and XAdES

Shelley Gu, the program manager for Office signatures, has already posted the PM version of what...

Author: david_leblanc Date: 05/30/2010

New “Improved” Site

Hrmph. So they managed to disappear my last post, and now my blog looks really generic. I liked the...

Author: david_leblanc Date: 05/30/2010

You don’t have to be faster than the bear

Note – this post disappeared during the blog upgrade, recovered due to search cache. Just got done...

Author: david_leblanc Date: 05/28/2010

Don’t Use Office RC4 Encryption. Really. Just don’t do it.

Yesterday, a BlackHat Europe presentation on Office 2003 encryption was brought to my attention....

Author: david_leblanc Date: 04/16/2010

Before We Had MSRC

Just ran into a post by Gene Schultz -...

Author: david_leblanc Date: 07/28/2009

Office 2007 SP2 Encryption Settings

Now that we've actually shipped SP2, some of you may be curious about how to use the shiny new...

Author: david_leblanc Date: 05/20/2009

Legacy RC4 Example on Codeplex

Just a quick note on this – a customer had a question about the old RC4 40-bit encryption yesterday,...

Author: david_leblanc Date: 02/06/2009

MS-Offcrypto Example Update

Just a quick note that I've updated the examples. I added an example for the CAPI RC4 encryption...

Author: david_leblanc Date: 01/13/2009

MS-Offcrypto Examples

In response to some questions I've gotten about details of MS-OFFCRYPTO, I've created a CodePlex...

Author: david_leblanc Date: 01/06/2009

CVE Count and Statistics

Larry Seltzer had some interesting comments on my post about the rate of Office vulnerabilities at...

Author: david_leblanc Date: 12/08/2008

Office Crypto KDF Details

I've gotten a couple of questions asking how our key derivation function works. The technique is...

Author: david_leblanc Date: 12/05/2008

New, Improved Office Crypto

If you're enough of an Office crypto geek to stay on top of the most recent changes in MS-OFFCRYPTO,...

Author: david_leblanc Date: 12/04/2008

SafeInt Compiles on gcc!

[update 12-1-08] I now have it completely compiling on gcc, with a test harness that exercises every...

Author: david_leblanc Date: 11/25/2008

Improvements in Office Security

We now have a pretty neat internal web site where I can easily search for CVE entries and bulletin...

Author: david_leblanc Date: 11/17/2008

MS-OFFCRYPTO, W7 Engineering blog, etc

We have a new version of MS-OFFCRYPTO out. The big change is that how CryptDeriveKey was documented...

Author: david_leblanc Date: 10/16/2008

SafeInt 3 on CodePlex!

I have finally found a stable place to keep SafeInt. It can now be found at...

Author: david_leblanc Date: 09/30/2008

Chrome Getting a Bit Rusty

Put this one in the rant category – I'm honored that Google has been paying attention to my blog and...

Author: david_leblanc Date: 09/12/2008

Why can't you comment?

This is because $#@!!!! spammers can screw up anything. I have to disallow anonymous comments, or I...

Author: david_leblanc Date: 09/08/2008

Ptrdiff_t is evil

Well, not really, but here's a code problem that confounded some really smart devs – and it looks so...

Author: david_leblanc Date: 09/02/2008

Office Crypto Follies

What I've been working on lately that has kept me from doing nearly anything else can be found at:...

Author: david_leblanc Date: 07/03/2008

Lies, Damn Lies, Information Leaks, and Statistics

Robert Hensing posted some criticism of a study that purported to analyze how many users are at risk...

Author: david_leblanc Date: 07/01/2008

Yikes! Vista Security to be Obliterated!

Just picked up this link from Robert Hensing's blog -...

Author: david_leblanc Date: 06/24/2008

Don’t Feed or Tease the Bears…

I've learned over the years to avoid bragging about how much more secure something is than something...

Author: david_leblanc Date: 06/19/2008

More on Checking Allocations

Seems my last post met with some objections – somewhat rightfully so, as I mischaracterized one of...

Author: david_leblanc Date: 04/21/2008

Checking Allocations & Potential for Int Mayhem

Must be synchronicity. I started out the day with a really interesting mail from Chris Wysopal...

Author: david_leblanc Date: 04/16/2008

More Checking for Pointer Math

Someone pointed out that it isn't sufficient to check for whether the pointer math wrapped, but that...

Author: david_leblanc Date: 04/08/2008

Evil Compiler Tricks, and Checking for Pointer Math

My favorite programming geek hobby being integer overflows, this caught my eye – "gcc silently...

Author: david_leblanc Date: 04/04/2008

Visual C++ Defenses and 64-bit

Michael Howard just published a good article here on how Visual C++ features can help protect your...

Author: david_leblanc Date: 03/17/2008

Use of ASLR, NX, etc

Found a really great post by David Maynor here. He points out that various counter-measures aren't...

Author: david_leblanc Date: 03/14/2008

DLL Preloading Attacks

A DLL preloading attack is something that can get you on a lot of different platforms. One of the...

Author: david_leblanc Date: 02/20/2008

Terminating your app on heap corruption

Michael Howard has a FAQ on this here – there's also more information on this and related defenses...

Author: david_leblanc Date: 02/19/2008

HD vs. Blu-ray (2)

I promise I'll get back to security stuff shortly, but over the weekend I ran into a couple of...

Author: david_leblanc Date: 02/18/2008

HD vs. Blu-Ray

OK, so this isn't security related at all, just felt like grumbling about the latest development. If...

Author: david_leblanc Date: 02/15/2008

15 Most Influential Security People

This isn't exactly the list I would have drawn up, and I must be having a bad year, since I'm not on...

Author: david_leblanc Date: 02/14/2008

MulDiv Mayhem

Here's another episode in my ongoing quest to stamp out integer overflows. MulDiv is a Windows API...

Author: david_leblanc Date: 02/07/2008

Unsafe String Handling with strncpy

I recently ran into a piece of code that looked like this: int len = cchIn; strncpy(dest, src, len -...

Author: david_leblanc Date: 02/05/2008

Templatized Min/Max Solved!

I had some time to think about the overall problem, and had originally thought of a functional...

Author: david_leblanc Date: 01/30/2008

Couple of good posts

The SDL blog has some good comments -...

Author: david_leblanc Date: 01/29/2008

Templatized Min/Max is a bad idea!

Ah, back to nice geeky C++ programming topics, which is much more fun than angry customer topics…...

Author: david_leblanc Date: 01/25/2008

A good reason to install SP3

If you haven't already seen this, take a look. A brief quote: Microsoft Security Advisory (947563)...

Author: david_leblanc Date: 01/16/2008

How we know which file formats are used

A reader wrote to ask me how it is that we know what file formats are being opened by users. I can...

Author: david_leblanc Date: 01/14/2008

Office SP3 and File formats

In Office 2007, we changed the default to disable a number of older file formats where we saw very...

Author: david_leblanc Date: 01/04/2008

USB Virtual PC’s

I was browsing the news this morning, and ran across an article - Virtual PCs add new layer of...

Author: david_leblanc Date: 01/03/2008

Next>