The folks that build the NSIS Installer have released updates to mitigate a serious security bug related to DLL loading. (v2.5 and v3.0b3 include the fixes). To make a long and complicated story short, a bad guy who exploits this vulnerability places a malicious DLL into your browser’s Downloads folder, then waits. When you run an installerContinue reading “DLL Hijacking Just Won’t Die”
Author Archives: ericlaw
Book-Writing: Just Do It!
Sadly, you’re unlikely to get wealthy by writing a book. You should definitely write one anyway. My Background People I respect suggest you shouldn’t write (or buy) books on specific technologies, going so far as to say that writing a book was on their top-10 lists of life regrets. Top-10… whoa! As a consequence, whenContinue reading “Book-Writing: Just Do It!”
Repairing Corrupt ZIP Files
Fiddler’s default file format is the SAZ Format, which is just a ZIP file with a particular structure (I’ve written a lot about ZIPs). Unfortunately, sometimes users’ SAZ files get corrupted due to failing disks or incomplete downloads, and when this happens, Fiddler can no longer open them. Because Fiddler uses a standard ZIP file,Continue reading “Repairing Corrupt ZIP Files”
Hashes and Code-Signing
I’ve written a few articles about using Authenticode to sign your code to help prevent attacks, increase user confidence, and reduce interference from security software like Windows SmartScreen. You can read the overview, discussion of code-signing tokens, and “tricks” you can use to shoot yourself in the foot by adding data to a file withoutContinue reading “Hashes and Code-Signing”
Understanding CONNECT Tunnels
When a browser needs to send a HTTPS request through a proxy (like Fiddler), there’s a bit of a problem. The proxy needs to know where to send the client’s request, but the whole point of protecting traffic with HTTPS is that the content is encrypted and cannot be read by anyone else on theContinue reading “Understanding CONNECT Tunnels”