Security Response Basics

Security response isn’t just about the “sexy” analysis of vulnerabilities, reverse-engineering of malware, and so on… it’s probably mostly about getting the basics right. Every morning, I forward all of the PayPal phishing scams I receive to PhishTank, Netcraft, and Spoof@Paypal. Today, I took a closer look at the response I got to the lastContinue reading “Security Response Basics”

DotNet Makes Me Sad, In Pictures

.NET Framework KB 3088956: Ouch, that sounds pretty severe. I guess I’d better go manually install a hotfix? Seriously? An email address and a CAPTCHA? Fine. Oh, an email delivered HTTP URL pointed at an executable file? That seems totes legit. Yup, definitely legit, it says “Microsoft” right there at the top! Sure, let’s putContinue reading “DotNet Makes Me Sad, In Pictures”

Ad Publishers–A TODO List

Where’s Google’s* blog on how they’re doing everything they can to make ads they serve as fast and small as possible? Where’s Google’s blog on how many ads they’ve nuked as “deceptive” and trumpeting how policy forbids ads for “adware-wrapped” installers? Where’s Google’s blog about how many billions of ad-generated dollars they’ve supplied to contentContinue reading “Ad Publishers–A TODO List”

Developer Advocacy

The Microsoft Edge (nee Internet Explorer) team held one of their “#AskMSEdge chats” on Twitter yesterday. After watching the stream, @MarkXA neatly summarized the chat: The folks over on WindowsCentral built out a larger summary of the tidbits of news that did get answered on the chat, some of which were just pointers to theirContinue reading “Developer Advocacy”

Attribution Error

In life, you sometimes encounter people with “high standards”—folks who often find others’ behavior lacking in some way. Such people usually explain: “Sure, I have high standards… but I hold myself to an even higher standard!” Except… they rarely do. The problem is that, as humans, we’re subject to both fundamental attribution error and actor-observer bias. TheseContinue reading “Attribution Error”

On Defaults

Yesterday, Chris Beard, the CEO of Mozilla, wrote an open letter to Microsoft complaining about Windows 10’s behavior related to default applications. Reactions were all over the board, but in my Twitter feed, at least, they mostly skewed against Mozilla. With the perspective of having been both inside and outside Microsoft, I feel compelled toContinue reading “On Defaults”

Google Search Provider in Microsoft Edge

Back in the IE7 days, I built a simple Search Provider Builder that allowed IE users (and later users of other browsers) to add custom search engines to their browser without any changes to the site. Trivia: This hour-long little prototype soon led to a formal effort to put this tool on the IEAddons site;Continue reading “Google Search Provider in Microsoft Edge”

HTTPS Only Works If You Use It

It should be obvious, but everyone seems to be making the same mistake. HTTPS only works if you use it. Everywhere. If you don’t use HTTPS everywhere, a bad guy can intercept an insecure request and prevent the user from reaching your secure site. HSTS is a good start to mitigating the threat of accidentallyContinue reading “HTTPS Only Works If You Use It”

Photoshop and Save For Web

Adobe recently announced that “Save for Web” in Photoshop is a “legacy feature” which won’t be improved. I decided to have a look at Adobe Photoshop CC (2015.0.0 Release 20150529.r88 x64) to see the impact of its many different “save” commands on the resulting file size. First, I created a trivial 20×20 image and drewContinue reading “Photoshop and Save For Web”