ericlaw

A New Era: PM -> SWE

tl;dr: As of last week, I am now a Software Engineer at Microsoft. My path to becoming a Program Manager at Microsoft was both unforeseen (by me) and entirely conventional. Until my early teens, my plan was to be this guy: I went to Space Camp and Space Academy, and spent years devouring endless booksContinue reading “A New Era: PM -> SWE”

A Year of Intention

By February 7th 2022, I hadn’t yet started jogging on my treadmill, but walking, biking, and improved diet got me down about 15 pounds from my peak. A year later, I’ve stabilized around forty pounds below that.

Couch to Half Marathon: Closing My First Year of Running

On February 11th, 2022, I took my first jog on my new treadmill, a single mile at 5mph. I’d been taking three mile walks for a couple weeks before, but that jog just under a year ago was my first workout over 4mph. Yesterday, I ran the 3M Half Marathon in Austin, crossing the finishContinue reading “Couch to Half Marathon: Closing My First Year of Running”

Defense Techniques: Reporting Phish

While I have a day job, I’ve been moonlighting as a crimefighting superhero for almost twenty years. No, I’m not a billionaire who dons a rubber bat suit to beat up bad guys– I’m instead flagging phishing websites that try to steal money and personal information from the less tech-savvy among us. I have hadContinue reading “Defense Techniques: Reporting Phish”

SlickRun

While I’m best known for creating Fiddler two decades ago, eight years before Fiddler’s debut I started work on what became SlickRun. SlickRun is a floating command line that provides nearly instant access to almost any app or website. Originally written in Visual Basic 3 and released as QuickRun for Windows 3.1, it was soonContinue reading “SlickRun”

2022 EOY Fitness Summary

I spent dramatically more time on physical fitness in 2022 than I have at any other point in my life, in preparation for my planned adventure this June. My 2022 statistics from iFit on my incline trainer/treadmill show that I walked/jogged/ran almost 700 miles after it was set up on January 24th: Perhaps surprisingly (givenContinue reading “2022 EOY Fitness Summary”

Attack Techniques: Priming Attacks on Legitimate Sites

Earlier today, we looked at two techniques for attackers to evade anti-phishing filters by using lures that are not served from http and https urls that are subject to reputation analysis. A third attack technique is to send a lure that entices a user to visit a legitimate site and perform an unsafe operation onContinue reading “Attack Techniques: Priming Attacks on Legitimate Sites”

Attack Techniques: Phishing via Mailto

Earlier today, we looked at a technique where a phisher serves his attack from the user’s own computer so that anti-phishing code like SmartScreen and SafeBrowsing do not have a meaningful URL to block. A similar technique is to encode the attack within a mailto URL, because anti-phishing scanners and email clients rarely apply reputationContinue reading “Attack Techniques: Phishing via Mailto”

Attack Techniques: Phishing via Local Files

One attack technique I’ve seen in use recently involves enticing the victim to enter their password into a locally-downloaded HTML file. The attack begins by the victim receiving an email lure with a HTML file attachment (for me, often with the .shtml file extension): When the user opens the file, a HTML-based credential prompt isContinue reading “Attack Techniques: Phishing via Local Files”

ProjectK.commit()

Cruising solo across the Gulf of Mexico last Christmas, I had a lot of time to think. Traveling alone, I could do whatever I wanted, whenever I wanted. And this led me to realize that, while I was about to have a lot more flexibility in life, I hadn’t really taken advantage of that flexibilityContinue reading “ProjectK.commit()”