Channel 9

Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

MSDN

Activity Profile

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements
Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Michael Howard - How hackers operate

Embed code for this video

Copy the code above to embed our video on your website/blog.

Close

Video format

Option selected may change based on video formats available and browser capability.

Close

Download

How do I download the videos?

  • To download, right click the file type you would like and pick “Save target as…” or “Save link as…”

Why should I download videos from Channel9?

  • It's an easy way to save the videos you like locally.
  • You can save the videos in order to watch them offline.
  • If all you want is to hear the audio, you can download the MP3!

Which version should I choose?

  • If you want to view the video on your PC, Xbox or Media Center, download the High Quality WMV file (this is the highest quality version we have available).
  • If you'd like a lower bitrate version, to reduce the download time or cost, then choose the Medium Quality WMV file.
  • If you have a Zune, WP7, iPhone, iPad, or iPod device, choose the low or medium MP4 file.
  • If you just want to hear the audio of the video, choose the MP3 file.

Right click “Save as…”

  • WMV (WMV Video)
How do bad guys work to figure out security holes? Michael Howard, Microsoft's top security guy, talks about how the bad guys go about their work.

This video is from an earlier interview we did. Here's the rest of the clips, just in case you missed them:

What are the top things the average person can do to protect themselves?

When does threat modeling come into play?

What if we had an unattackable system?

What isn't being taught well enough in college? Security!

There are people out there that really want to get you.

Tag:

Follow the Discussion

  • Sathyaish ChakravarthySathyaish Chakravarthy Sathyaish
    I always wanted to see more of Michael Howard videos amoung many others. I sometimes wonder if these Channel 9 guys are reading my mind, or something. Smiley

    Isn't that Brad Abrams in the grey t-shirt, occupying the corner seat right behind Michael Howard?
  • Jacky.ChanJacky.Chan
    Please tell me more.  I want to know how to write secure code.   I love this series of video.
  • Colin Angus MackayColin Angus Mackay Developer! Developer! Developer! comes to Scotland on the 10th May 2008
    Michael Howard's videos are great. Is there any chance of getting this video in a downloadable form?

    Thanks,
    Colin.
  • scobleizerscobleizer I'm the video guy
    Unfortunately I don't have this one in downloadable form. Sorry.
  • brian8480brian8480
    Just out of curiosity, what determines weather a video can be downloaded or not?

    Cool video. I havent read "Writing Secure Code" yet but, this video makes me want to go grab a copy and definately work harder to keep the "sKrypt Kddyz" away from my work.

    -Brian
  • mVPstarmVPstar I'm white because I smelt an onion.
    brian8480 wrote:
    Just out of curiosity, what determines weather a video can be downloaded or not?

    Cool video. I havent read "Writing Secure Code" yet but, this video makes me want to go grab a copy and definately work harder to keep the "sKrypt Kddyz" away from my work.

    -Brian


    Heh, I have this book but can barely understand a good 60% of it due to my level of programming comprehension. Wink




    mVPstar
  • aruarun_coorg New Inventions might change the thinking towards innovation.
    Michael Howard's gives the power to think  about sec in real time .

    Arun
  • AndyCAndyC
    Beer28 wrote:
    basically, I'm trying to say that no one is going to use unchecked socket data as a malloc length or a memcpy length.

    If they do, their app should not be used. And that's the importance of open source. 


    And yet there are thousands of instances of it, sure in simple cases it's easy to spot but in others it's easy to miss. Buffer overflows are the #1 cause of security flaws in any operating system.

    Open source is not a silver bullet to protecting against such exploits. Neither is managed code, although it is considerably better in this regard.
  • MauritsMaurits AKA Matthew van Eerde
    I've learned through bitter experience to code as if I was under siege.  At every line of code, I ask myself... "What could go wrong here?  What assumptions am I making, and what happens if that assumption is wrong?"

    90% of the time the answer is "the function will fail in some appropriate fashion."

    10% of the time the answer is "the function will fail in this horribly dangerous or overdramatic fashion".  For example, a thread might, instead of sensibly dying with an error code, sit forever on an exclusive lock and tie up the rest of the application.

    That 10% of the time is what allows hackers in.

    Every function should consider its input to be malicious, and take steps to fail intelligently if it is.

    It's odd that he mentioned Perl in the context of a hacker tool, because Perl offers one of the few truly useful features for data sanitation - "taint" mode.  This makes it very useful for easily writing secure daemon software.
  • AndyCAndyC
    Beer28 wrote:

    How are you going to determine that an application you may be using has a buffer exploit if you can never see the source?


    Tick the DEP box and wait for Windows to pop up a dialog when a stack overrun occurs. Smiley

    Beer28 wrote:

    closed source makes them feel better about security


    Except that you just said open source makes you feel better about security, so you don't bother checking why you need so many updates?

    There are no silver bullets.

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.

More posts in this blog

See More

Related posts

Creative Commons License

© 2013 Microsoft. Except where designated as licensed by
Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License,
Microsoft reserves all rights associated with the materials on this site.