Software Engineering Institute | Carnegie Mellon University

SEI Insights


Will Dormann

Posts by Will

 Life Beyond Microsoft EMET

 When "ASLR" Is Not Really ASLR - The Case of Incorrect Assumptions and Bad Defaults

 Announcing CERT Tapioca 2.0 for Network Traffic Analysis

 Automatically Stealing Password Hashes with Microsoft Outlook and OLE

 The Curious Case of the Bouncy Castle BKS Passwords

 The Consequences of Insecure Software Updates

 The Twisty Maze of Getting Microsoft Office Updates

 Windows 10 Cannot Protect Insecure Applications Like EMET Can

 The Risks of Google Sign-In on iOS Devices

 Bypassing Application Whitelisting

 Who Needs to Exploit Vulnerabilities When You Have Macros?

 Visualizing CERT BFF String Minimization

 Supporting the Android Ecosystem

 Instant KARMA Might Still Get You

 The Risks of Disabling the Windows UAC

 The Risks of SSL Inspection

 Vulnerabilities and Attack Vectors

 Finding Android SSL Vulnerabilities with CERT Tapioca

 Announcing CERT Tapioca for MITM Analysis

 Bundled Software and Attack Surface

 Heartbleed: Q&A

 Taking Control of Linux Exploit Mitigations

 Differences Between ASLR on Windows and Linux

 Feeling Insecure? Blame Your Parent!

 Hacking the CERT FOE

 Hacking the CERT FOE

 BFF 2.7 on OS X Mavericks

 Vulnerabilities and Attack Vectors

 Signed Java Applet Security Improvements

 One Weird Trick for Finding More Crashes

 One Weird Trick for Finding More Crashes

 Forensics Software and Oracle Outside In

 The Risks of Microsoft Exchange Features that Use Oracle Outside In

 Don't Sign that Applet!

 Don't Sign that Applet!

 Don't Sign that Applet!

 AMD Video Drivers Prevent the Use of the Most Secure Setting for Microsoft's Exploit Mitigation Experience Toolkit (EMET)

 Signed Java and Cisco AnyConnect

 Effectiveness of Microsoft Office File Validation

 A Security Comparison: Microsoft Office vs. Oracle Openoffice

 CERT Basic Fuzzing Framework Update

 CERT Basic Fuzzing Framework

 Plain Text Email in Outlook Express

 Internet Explorer Kill-Bits

 Vulnerabilities and Attack Surface

 Release of Dranzer ActiveX Fuzzing Tool

 Windows Installer Application Resiliency

 Internet Explorer Vulnerability Attack Vectors

 Reference Implementations for Securing Your Web Browser Guidelines

 Reported Vulnerability in CERT Secure Coding Standards Website

 Carpet Bombing and Directory Poisoning

 ActiveX Vulnerability Discovery at the CERT/CC

 Signed Java Applet Security: Worse than ActiveX?

 Is Your Adobe Flash Player Updated?

 The Dangers of Windows AutoRun

Other Publications

Visit the SEI Digital Library for other publications by Will