Runtime Signature Checking Threat Model Telerik更新Fiddler以验证扩展程序集签名，在未签名时提醒用户。虽然签名有助于安全，但频繁验证影响性能且易被绕过。攻击者可修改Fiddler代码或利用DLL劫持避开检查。此外，Fiddler未显示签发者信息，默认信任所有CA签发的证书。开发者需权衡威胁模型与保护效果。... 2025-3-31 16:10:35 | 阅读: 5 | 收藏 | text/plain - textslashplain.com fiddler attacker preference sufficient tampering

Spring Break 春假期间，作者与家人在德克萨斯州度过愉快时光，孩子们前往哥斯达黎加旅行，而作者则乘坐游轮放松，并完成了写书的目标。... 2025-3-26 17:3:27 | 阅读: 33 | 收藏 | text/plain - textslashplain.com trip cruise deck parks adventure

Debugging Chromium 一位用户在更改Windows安全区域设置后，在Chrome中尝试右键另存文本文件时遇到问题：Chrome显示下载成功但实际未保存。通过二分查找确定问题出现在某个代码提交中，发现是由于Chrome的隔离代码导致临时文件被删除。最终发现是由于临时文件扩展名为.tmp被Windows视为危险文件，建议修改Chrome的保存逻辑以使用正确扩展名。... 2025-3-25 17:50:47 | 阅读: 15 | 收藏 | text/plain - textslashplain.com chrome download chromium bisect windows

Authenticode in 2025 – Azure Trusted Signing 作者介绍了如何通过Azure可信签名服务进行代码签名的过程，包括注册、配置、身份验证和证书获取步骤，并详细说明了使用SignTool工具进行云签名的操作及遇到的问题（如DPAPI错误和登录问题）及其解决方法。... 2025-3-12 18:40:42 | 阅读: 27 | 收藏 | text/plain - textslashplain.com microsoft dlib cloud signtool

Guidelines for Secure Filename Display 这篇文章探讨了URL和文件名显示中的安全问题。作者指出攻击者可能通过伪装文件扩展名或利用Unicode字符隐藏真实类型来欺骗用户。操作系统虽然基于扩展名处理文件并警告潜在风险，但存在未知危险类型和安全提示易被绕过的漏洞。最佳实践包括分离扩展名、隐藏不可信信息、处理长文件名等方法来提升安全性。... 2025-2-21 20:32:53 | 阅读: 7 | 收藏 | text/plain - textslashplain.com security attacker spoofing windows chosen

Attack Techniques: “I Already Hacked You” Scams 网络骗子常通过伪造技术问题或隐私威胁来诈骗钱财。例如，他们会伪装成技术支持人员或声称获取了受害者的隐私视频，并要求支付赎金以删除证据。这些骗子通常会利用之前的数据泄露信息来增加可信度，并通过伪造发件人地址等手段进一步迷惑受害者。提醒大家提高警惕，避免上当受骗。... 2025-2-20 16:5:14 | 阅读: 25 | 收藏 | text/plain - textslashplain.com 225 hotmail victim attacker

Winter 2025 Races 这篇文章讲述了作者在2025年参加两次跑步赛事的经历：奥斯汀国际半程马拉松和加尔维斯顿全程马拉松。在奥斯汀半程赛中，作者以2小时18分35秒完成比赛，比去年慢9分钟。尽管遇到天气寒冷和大腿内侧摩擦等问题，但整体享受了比赛过程。在加尔维斯顿全程赛中，作者因天气炎热和湿度大而脱水严重，在第二半程仅跑了约2英里后选择步行完成比赛。尽管成绩不理想且身体疲惫，但他认为这是胜利，并计划未来继续参加半程马拉松并提升成绩。... 2025-2-10 18:33:7 | 阅读: 19 | 收藏 | text/plain - textslashplain.com marathon felt mile miles walking

Welcome to 2025! I’d intended to write this post weeks ago, but I’ve been rather unproductive.I ran the Dalla... 2025-1-14 23:23:46 | 阅读: 6 | 收藏 | text/plain - textslashplain.com nate cruise noah trip marathon

On Mortality Content Warning: This post is about mortality.This morning, I awoke from a... 2024-12-13 16:48:38 | 阅读: 5 | 收藏 | text/plain - textslashplain.com mortality marshmallow death meaningful memento

Mark-of-the-Web: Real-World Protection Two years ago, I wrote up some best practices for developers who want to take a file’s security... 2024-12-13 03:21:14 | 阅读: 14 | 收藏 | text/plain - textslashplain.com dwzone psecman msc funtrusted

My New Desktop After a frustrating morning with my troublesome P1 Gen 7 laptop, I decided it w... 2024-12-7 11:58:1 | 阅读: 30 | 收藏 | text/plain - textslashplain.com 3950x scored chrome defender microsoft

Fiddler – My Mistakes On a flight back from Redmond last week, I finally read Linus Torvalds’ 2002 memoir “Just For Fu... 2024-11-25 11:51:21 | 阅读: 40 | 收藏 | text/plain - textslashplain.com fiddler microsoft telerik mistakes

Parallel Downloading I’ve written about File Downloads quite a bit, and early this year, I delivered a full tech talk... 2024-11-23 02:12:39 | 阅读: 36 | 收藏 | text/plain - textslashplain.com download throttle competitive somewhat speeds

Security Software – An Overview I’ve spent nearly my entire professional career in software security: designing software to prev... 2024-11-19 04:0:50 | 阅读: 27 | 收藏 | text/plain - textslashplain.com security software defender throttles sensors

Best Practices for SmartScreen AppRep Last year, I wrote about how Windows integrates SmartScreen Application Reputation to help ensur... 2024-11-16 03:46:24 | 阅读: 50 | 收藏 | text/plain - textslashplain.com software reputation smartscreen windows security

Defensive Technology: Controlled Folder Access Most client software’s threat models (e.g. Edge, Chrome) explicitly exclude threats where the lo... 2024-11-16 01:39:17 | 阅读: 24 | 收藏 | text/plain - textslashplain.com cfa windows ransomware defender security

On Politics I do not come from an especially political family. My dad has not voted in decades, and while my... 2024-11-12 00:4:24 | 阅读: 33 | 收藏 | text/plain - textslashplain.com trump voted political elections tax

Lenovo P1, Gen7 I’ve been a loyal user of Thinkpads for over twenty-five years now, and I curre... 2024-10-29 01:13:23 | 阅读: 39 | 收藏 | text/plain - textslashplain.com microsoft wouldn lenovo yoga seemed

Defensive Technology: Antimalware Scan Interface (AMSI) Endpoint security software faces a tough challenge — it needs to be able to rapidly distinguish... 2024-10-26 04:31:31 | 阅读: 42 | 收藏 | text/plain - textslashplain.com security software windows attackers microsoft

Content-Blocking in Manifest v3 I’ve written about selectively blocking content in browsers several times over the last two deca... 2024-10-14 00:59:18 | 阅读: 13 | 收藏 | text/plain - textslashplain.com blockers mv3 chrome trivial advertising