ericlaw

How Microsoft Edge Updates

When you see the update notifier in Edge (a green or red arrow on the … button): … this means an update is ready for use and you simply need to restart the browser to have it applied. While you’re in this state, if you open Edge’s application folder, you’ll see the new version sittingContinue reading “How Microsoft Edge Updates”

Attack Techniques: Spoofing via UserInfo

I received the following phishing lure by SMS a few days back: The syntax of URLs is complicated, and even tech-savvy users often misinterpret them. In the case of the URL above, the actual site’s hostname is brefjobgfodsebsidbg.com, and the misleading http://www.att.net:911 text is just a phony username:password pair making up the UserInfo component ofContinue reading “Attack Techniques: Spoofing via UserInfo”

Going Electric – Solar

For years now, I’ve wanted to get solar panels for my house in Austin, both because it feels morally responsible and because I’m a geek and powering my house with carbon-free fusion seems neat. Economically, I assume I’ll eventually break even with solar power, but probably not for a long time– my house isn’t largeContinue reading “Going Electric – Solar”

Improving Native Message Host Reliability on Windows

Last Update: Mar 29, 2023 Previously, I’ve written about Chromium’s Native Messaging functionality that allows a browser extension to talk to a process running outside of the browser’s sandbox, and I shared a Native Messaging Debugger I wrote that allows you to monitor (and even tamper with) the communication channels between the browser extension andContinue reading “Improving Native Message Host Reliability on Windows”

Attack Techniques: Open Redirectors, CAPTCHAs, Site Proxies, and IPFS, oh my

The average phishing site doesn’t live very long– think hours rather than days or weeks. Attackers use a variety of techniques to try to keep ahead of the Defenders who work tirelessly to break their attack chains and protect the public. Defenders have several opportunities to interfere with attackers: Each of these represents a weakContinue reading “Attack Techniques: Open Redirectors, CAPTCHAs, Site Proxies, and IPFS, oh my”

Slow Seaside Half

After my first real-world half marathon in January, I ended up signing up for the 2024 race, but I also quickly decided that I didn’t want to wait a full year to give it another shot. A day or so later, I signed up for the Galveston Island Half Marathon at the end of February,Continue reading “Slow Seaside Half”

Q: “Remember this Device, Doesn’t?!?”

Q: Many websites offer a checkbox to “Remember this device” or “Remember me” but it often doesn’t seem to work. For example, this option on AT&T’s website shown when prompting for a 2FA code: …doesn’t seem to work. What’s up with that? A: Unfortunately, there’s no easy answer here. There is no browser standard forContinue reading “Q: “Remember this Device, Doesn’t?!?””

Attack Techniques: Blended Attacks via Phone

Last month, we looked at a technique where a phisher serves his attack from the user’s own computer so that anti-phishing code like SmartScreen and SafeBrowsing do not have a meaningful URL to block. Another approach for conducting an attack like this is to send a lure which demands that the victim complete the attackContinue reading “Attack Techniques: Blended Attacks via Phone”

A New Era: PM -> SWE

tl;dr: As of last week, I am now a Software Engineer at Microsoft. My path to becoming a Program Manager at Microsoft was both unforeseen (by me) and entirely conventional. Until my early teens, my plan was to be this guy: I went to Space Camp and Space Academy, and spent years devouring endless booksContinue reading “A New Era: PM -> SWE”

A Year of Intention

By February 7th 2022, I hadn’t yet started jogging on my treadmill, but walking, biking, and improved diet got me down about 15 pounds from my peak. A year later, I’ve stabilized around forty pounds below that.