An important concept in Usable Security is whether a given UI represents a “security surface.” Formally, a security surface is a User Interface component in which the user is presented with information they rely upon to make a security decision. For example, in the browser, the URL in the address bar is a security surface.Continue reading “Security Surfaces”
Category Archives: security
Defensive Technology: Ransomware Data Recovery
In a prior installment we looked at Controlled Folder Access, a Windows feature designed to hamper ransomware attacks by preventing untrusted processes from modifying files in certain user folders. In today’s post, we look at the other feature on the Ransomware protection page of the Windows Security Center App — Ransomware data recovery. User-Interface TheContinue reading “Defensive Technology: Ransomware Data Recovery”
Windows Shell Previews – Restricted
Windows users who installed the October 2025 Security Updates may have noticed an unexpected change if they use the Windows Explorer preview pane. When previewing many downloaded files, the preview is now replaced with the following text: While it also occurs when viewing files on remote Internet Zone file shares, the problem doesn’t occur forContinue reading “Windows Shell Previews – Restricted”
AI Injection Attacks
A hot infosec topic these days is “How can we prevent abuse of AI agents?” While AI introduces awesome new capabilities, it also entails an enormous set of risks from the obvious and mundane to the esoteric and elaborate. As a browser security person, I’m most often asked about indirect prompt injection attacks, whereby aContinue reading “AI Injection Attacks”
Security Product Efficacy
I’ve written about security products previously, laying out the framing that security products combine sensors and throttles with threat intelligence to provide protection against threats. As a product engineer, I spend most of my time thinking about how to improve sensors and throttles to enhance protection, but those components only provide value if the threatContinue reading “Security Product Efficacy”
First Look: Apple’s NEURLFilter API
At WWDC 2025, Apple introduced an interesting new API, NEURLFilter, to respond to a key challenge we’ve talked about previously: the inherent conflict between privacy and security when trying to protect users against web threats. That conflict means that security filtering code usually cannot see a browser’s (app’s) fetched URLs to compare them against availableContinue reading “First Look: Apple’s NEURLFilter API”
Attack Techniques: Fake Literally Everything! (Escrow Scam)
The team recently got a false-negative report on the SmartScreen phishing filter complaining that we fail to block firstline-trucking.com. I passed it along to our graders but then took a closer look myself. I figured that maybe the legit site was probably at a very similar domain name, e.g. firstlinetrucking.com or something, but no suchContinue reading “Attack Techniques: Fake Literally Everything! (Escrow Scam)”
Vibe-coding for security
Recently, there’s been a surge in the popularity of trojan clipboard attacks whereby the attacker convinces the user to carry their attack payload across a security boundary and compromise the device. Meanwhile, AI hype is all the rage. I recent had a bad experience in what I thought was a simple AI task (draw aContinue reading “Vibe-coding for security”
Understanding SmartScreen and Network Protection
The vast majority of cyberthreats arrive via one of two related sources: That means that by combining network-level sensors and throttles with threat intelligence (about attacker sites), security software can block a huge percentage of threats. Protection Implementation On Windows systems, that source of network threat information is commonly called SmartScreen, and support for queryingContinue reading “Understanding SmartScreen and Network Protection”
Defensive Technology: Exploit Protection
September 2025 tl;dr: You probably should not touch Exploit Protection settings. This post explains what the feature does and how it works, but admins and end-users should probably just leave it alone to do what it does by default. Over the last several decades, the Windows team has added a stream of additional security mitigationContinue reading “Defensive Technology: Exploit Protection”
text/plain 