An important concept in Usable Security is whether a given UI represents a “security surface.” Formally, a security surface is a User Interface component in which the user is presented with information they rely upon to make a security decision. For example, in the browser, the URL in the address bar is a security surface.Continue reading “Security Surfaces”
Author Archives: ericlaw
Defensive Technology: Ransomware Data Recovery
In a prior installment we looked at Controlled Folder Access, a Windows feature designed to hamper ransomware attacks by preventing untrusted processes from modifying files in certain user folders. In today’s post, we look at the other feature on the Ransomware protection page of the Windows Security Center App — Ransomware data recovery. User-Interface TheContinue reading “Defensive Technology: Ransomware Data Recovery”
Windows Shell Previews – Restricted
Windows users who installed the October 2025 Security Updates may have noticed an unexpected change if they use the Windows Explorer preview pane. When previewing many downloaded files, the preview is now replaced with the following text: While it also occurs when viewing files on remote Internet Zone file shares, the problem doesn’t occur forContinue reading “Windows Shell Previews – Restricted”
An Improbable Recovery
Way back on May 11th of 2022, I was visiting my team (Edge browser) for the week in Redmond, Washington. On Wednesday night, I left my ThinkPad X1 Extreme laptop in a work area on the 4th floor of the office when I went out for drinks with friends. After dinner, I decided not toContinue reading “An Improbable Recovery”
AI Injection Attacks
A hot infosec topic these days is “How can we prevent abuse of AI agents?” While AI introduces awesome new capabilities, it also entails an enormous set of risks from the obvious and mundane to the esoteric and elaborate. As a browser security person, I’m most often asked about indirect prompt injection attacks, whereby aContinue reading “AI Injection Attacks”
text/plain 