Category Archives: design

Security Surfaces

An important concept in Usable Security is whether a given UI represents a “security surface.” Formally, a security surface is a User Interface component in which the user is presented with information they rely upon to make a security decision. For example, in the browser, the URL in the address bar is a security surface.Continue reading “Security Surfaces”

AI Injection Attacks

A hot infosec topic these days is “How can we prevent abuse of AI agents?” While AI introduces awesome new capabilities, it also entails an enormous set of risks from the obvious and mundane to the esoteric and elaborate. As a browser security person, I’m most often asked about indirect prompt injection attacks, whereby aContinue reading “AI Injection Attacks”

Security Software – An Overview

I’ve spent nearly my entire professional career in software security: designing software to prevent abuse by bad actors. I’ve been battling the bad guys for over two decades now, from hunting security bugs in Microsoft Office (I once won an Xbox for finding a vulnerability that allowed malicious clipart take over your computer) to designingContinue reading “Security Software – An Overview”

The Importance of Feedback Loops

This morning, I found myself once again thinking about the critical importance of feedback loops. I thought about obvious examples where small bad things can so easily grow into large bad things: – A minor breach can lead to complete pwnage.– A small outbreak can become a pandemic.– A brush fire can spark a continentalContinue reading “The Importance of Feedback Loops”

Cloaking, Detonation, and Client-side Phishing Detection

Today, most browsers integrate security services that attempt to protect users from phishing attacks: for Microsoft’s Edge, the service is Defender SmartScreen, and for Chrome, Firefox, and many derivatives, it’s Google’s Safe Browsing. URL Reputation services do what you’d expect — they return a reputation based on the URL, and the browser will warn/block loadingContinue reading “Cloaking, Detonation, and Client-side Phishing Detection”

The Blind Doorkeeper Problem, or, Why Enclaves are Tricky

When trying to protect a secret on a client device, there are many strategies, but most of them are doomed. However, as a long-standing problem, many security experts have tried to chip away at its edges over the years. Over the last decade there’s been growing interest in using enclaves as a means to protectContinue reading “The Blind Doorkeeper Problem, or, Why Enclaves are Tricky”

Mark-of-the-Web: Additional Guidance

I’ve been writing about Windows Security Zones and the Mark-of-the-Web (MotW) security primitive in Windows for decades now, with 2016’s Downloads and MoTW being one of my longer posts that I’ve updated intermittently over the last few years. If you haven’t read that post already, you should start there. Advice for Implementers At this point,Continue reading “Mark-of-the-Web: Additional Guidance”

Q: Why do tabs sometimes show an orange dot?

Sometimes, you’ll notice that a background tab has an orange dot on it in Edge (or a blue dot in Chrome). If you click on the tab, the dot disappears. Why? The dot indicates that the tab wants “attention” — more specifically, that there’s a dialog in the tab asking for your attention. This mightContinue reading “Q: Why do tabs sometimes show an orange dot?”

Attack Techniques: Notification Spam

A colleague recently saw the following popups when using their computer: Because they seemed to come from nowhere in particular, they seemed credible– either Windows itself had detected a virus, or perhaps their computer was infected with malware and it caused the popups? The reality is more mundane and more much more common. These areContinue reading “Attack Techniques: Notification Spam”