Michael Howard posts about security libraries that can be used as drop-in replacements for the older, less-secure stuff. I’ve covered StrSafe and IntSafe before; looks like there are a couple of others too that I didn’t know about.
Update: Doron just posted saying that ntstrsafe has also been recently revised to handle UNICODE_STRINGs more elegantly, too.
When it rains, it pours! First Doron Holan starts blogging, and now it seems that Peter Wieland, another Microsoft kernel-type guy, has started a driver-related blog as well. Go check it out. The number of Windows driver development blogs just tripled! 
It’s really high time for me to update the blogroll. Soon, I promise.
I downloaded and installed the 2 gigabyte 5308 WDK this evening. I continue to be impressed with the improvements Microsoft is making in the kit; it’s nice to see what happens when the company really prioritizes something.
This is a pretty complete kit - PreFAST, SDV, WDF (both KMDF and UMDF, according to the install screen), IFS stuff, etc. It’s nice to have everything all in one place.
I ran into a little bug with PreFAST - it’s missing a header (ipv6prefast.h), but I copied it in from 5231 and all was well again. I sent mail to the WDF feedback alias; they’re really good about addressing issues like this. Knowing me, it’ll be an intentional change that I just didn’t grok.
The compiler versions are 14.00.50727.52 for x64 and .58 for x86; they look like they’re using a native x64 compiler at this point, despite the DDK window’s warning to the contrary. For comparison, vs2005 shipped with .42 for both x64 and x86.
I’ve just been playing with this for five minutes, so we’ll see how things go from here. But it looks good so far!
It’s funny how synchronized the world can be at times. Last night I was having a conversation with someone about the random part of social security numbers, and today Bruce Schneier points me at this interesting phishing attack, which was successful in part because of exactly the same problem.
The security issue is this: people are often given numbers of various sorts - identification numbers (i.e. SSNs), credit card numbers, bank accounts, etc. These numbers are pretty unpredictable as a whole, but parts of them are extremely predictable. For example, the first three digits of social security numbers have some very specific rules associated with them. I used to work at a place (11 years ago) where I had to take social security numbers down for every employee every day… sigh… Anyway, the first three digits of people’s numbers were disturbingly similar.
It gets worse: Commerce Bank, one of the biggest banks in the Midwest, issues Visa Check Cards to every checking account holder. The only problem is that a great many of them start with the same nine digits. That’s right - NINE. There goes most your randomness. Add to that the fact that there are various mathematical tests that a valid credit card number has to pass, and you lose even more of the precious little randomness you have left.
Different numbers have different randomness characteristics (also known as entropy in the crypto field). A randomly assigned PIN from a bank or a website is probably pretty random (although it’s also probably way too short; another problem for another day). Your account number at your family doctor’s office is probably totally UNrandom - it is probably a sequential number picked up from some auto-increment field in a Microsoft Access database. Every number works differently; use your head and it should be obvious.
So there are a couple of take-homes here:
The February CTP builds of Vista and WinFX are available at http://msdn.microsoft.com/windowsvista/getthebeta/default.aspx. Enjoy!
Here is a great blog post showing some of the new features and changes in this build. Screenshots!
This is completely nontechnical, but it’s been on my mind all morning. Feel free to fast-forward. 
So, one of my favorite plays of Shakespeare is Macbeth, and one of my favorite scenes is Act IV, Scene 1, in which the three witches make some very equivocal prophesies to Macbeth. These lines pop into my head pretty regularly:
Double, double toil and trouble;
Fire burn and cauldron bubble.
The witches generally speak in a four-foot trochaic meter. They’re pretty unusual in that regard; Shakespeare’s characters typically speak in iambic pentameter or in prose. But it’s effective: I have a terrible memory for verse, lyrics, prose, etc., and this has been stuck in my head for years. It sets an other-worldly mood when taken against the rest of the play’s dialogue.
This week I’ve been picking apart the Dies Irae as I’ve been attempting to learn Latin. Dies Irae (”Day of wrath”) is a part of the traditional Requiem mass for the dead used by the Roman Catholic Church. Something about it sounded amazingly resonant to me:
Dies iræ! dies illa
Solvet sæclum in favilla
Teste David cum Sibylla!
The trochaic meter is identical; it’s also a little unusual compared to other Latin verse with which I’m familiar, which handles meter and rhyming differently. This is part of the connection I was trying to make this morning.
But there’s more to it than just the meter. A 19th century French composer, Hector Berlioz, wrote a symphony called Symphonie Fantastique, the final movement of which is “Songe d’une nuit de sabbat”, which usually rendered in English as “Song of a Witches’ Sabbath”. This movement is one of my favorite works in all of music.
For me, there are two striking features of this final movement. One is the most amazingly perfect, major-mood melody that arises from the depth of the cellos and basses two-thrids of the way through the 15-minute piece. But right before that, the horns have a loud, evil-sounding version of the traditional Gregorian Dies Irae melody. You get the feeling that it is designed to rattle your teeth out of your head. The juxtaposition of these melodies makes for a pretty amazing effect.
OK, so this is why it has been stuck in my head all morning: I always envision the witches on the heath during the final movement of Symphonie Fantastique, and I wonder if Berlioz had that scene in mind himself. And, I wonder if Shakespeare had the Dies Irae in mind as he was composing the witches’ dialogue - he would have been acquainted with it, as far as I can tell, particularly if you believe Stephen Greenblatt’s assertion in Will of the World that Shakespeare was a closet Catholic.
OK, now back to our regularly scheduled programming.
Now playing, predictably enough: Mozart’s Requiem Mass
I just got a comment from Kathy at Microsoft that the compiler lab RSVP has been extended to March 3. More details are available on her blog.
I’m listening to Jorge Luis Borges’s excellent Harvard lecture series This Craft of Verse this week. It’s really fantastic; his was a great intelligence, and he was extremely well read.
One thing he said really struck me. About midway through his first lecture, he commented on the title of Cervantes’s Don Quixote de La Manca, saying that the title was intended to be a little bit silly. He said that it would be similar to a modern American writer saying something like Don Quixote of Kansas City
.
Now, I live in Kansas City, so I can relate to what Borges is saying here. I just didn’t think anyone really cared about Kansas City enough to make fun of it. It’s good to know that my hometown provides amusement for even the most elite intellectuals. And, this helps to settle a long-running debate between my wife and me.
On a related note, I read Don Quixote recently, and I can’t recommend it enough. It’s brilliant. The amazing part is remembering that it was first published in 1605; Shakespeare was still active then and it’s over two centuries before Jane Austen’s first novel.
Anyway, thanks, Jorge!
A friend of mine always builds everything from source. I don’t know why, but I vaguely remember hearing something about security. Over at Microsoft, dangriff has a post about the assumption that the compiler is safe.
It’s an interesting question; I’ve often wondered about hiding rogue code in plain sight in large code bases (and GCC, for example, certainly qualifies). If I recall correctly, this happened a few years ago in OpenSSH.
At the end of the day, I find myself agreeing with dangriff - it’s amazingly unlikely that any significant compiler-based exploit would get through either GCC or any commercial compiler. But I guess the p != 0.
I covered hot patching before. Now it looks like Microsoft is opening up a beta to see how well it works in the field. Beta enrollment instructions are provided.
via Outside The Cube