Authenticode in 2025 – Azure Trusted Signing 作者介绍了如何通过Azure可信签名服务进行代码签名的过程，包括注册、配置、身份验证和证书获取步骤，并详细说明了使用SignTool工具进行云签名的操作及遇到的问题（如DPAPI错误和登录问题）及其解决方法。... 2025-3-12 18:40:42 | 阅读: 26 | 收藏 | text/plain - textslashplain.com microsoft dlib cloud signtool

Guidelines for Secure Filename Display 这篇文章探讨了URL和文件名显示中的安全问题。作者指出攻击者可能通过伪装文件扩展名或利用Unicode字符隐藏真实类型来欺骗用户。操作系统虽然基于扩展名处理文件并警告潜在风险，但存在未知危险类型和安全提示易被绕过的漏洞。最佳实践包括分离扩展名、隐藏不可信信息、处理长文件名等方法来提升安全性。... 2025-2-21 20:32:53 | 阅读: 7 | 收藏 | text/plain - textslashplain.com security attacker spoofing windows chosen

Attack Techniques: “I Already Hacked You” Scams 网络骗子常通过伪造技术问题或隐私威胁来诈骗钱财。例如，他们会伪装成技术支持人员或声称获取了受害者的隐私视频，并要求支付赎金以删除证据。这些骗子通常会利用之前的数据泄露信息来增加可信度，并通过伪造发件人地址等手段进一步迷惑受害者。提醒大家提高警惕，避免上当受骗。... 2025-2-20 16:5:14 | 阅读: 23 | 收藏 | text/plain - textslashplain.com 225 hotmail victim attacker

Winter 2025 Races 这篇文章讲述了作者在2025年参加两次跑步赛事的经历：奥斯汀国际半程马拉松和加尔维斯顿全程马拉松。在奥斯汀半程赛中，作者以2小时18分35秒完成比赛，比去年慢9分钟。尽管遇到天气寒冷和大腿内侧摩擦等问题，但整体享受了比赛过程。在加尔维斯顿全程赛中，作者因天气炎热和湿度大而脱水严重，在第二半程仅跑了约2英里后选择步行完成比赛。尽管成绩不理想且身体疲惫，但他认为这是胜利，并计划未来继续参加半程马拉松并提升成绩。... 2025-2-10 18:33:7 | 阅读: 19 | 收藏 | text/plain - textslashplain.com marathon felt mile miles walking

Welcome to 2025! I’d intended to write this post weeks ago, but I’ve been rather unproductive.I ran the Dalla... 2025-1-14 23:23:46 | 阅读: 5 | 收藏 | text/plain - textslashplain.com nate cruise noah trip marathon

On Mortality Content Warning: This post is about mortality.This morning, I awoke from a... 2024-12-13 16:48:38 | 阅读: 5 | 收藏 | text/plain - textslashplain.com mortality marshmallow death meaningful memento

Mark-of-the-Web: Real-World Protection Two years ago, I wrote up some best practices for developers who want to take a file’s security... 2024-12-13 03:21:14 | 阅读: 14 | 收藏 | text/plain - textslashplain.com dwzone psecman msc funtrusted

My New Desktop After a frustrating morning with my troublesome P1 Gen 7 laptop, I decided it w... 2024-12-7 11:58:1 | 阅读: 29 | 收藏 | text/plain - textslashplain.com 3950x scored chrome defender microsoft

Fiddler – My Mistakes On a flight back from Redmond last week, I finally read Linus Torvalds’ 2002 memoir “Just For Fu... 2024-11-25 11:51:21 | 阅读: 38 | 收藏 | text/plain - textslashplain.com fiddler microsoft telerik mistakes

Parallel Downloading I’ve written about File Downloads quite a bit, and early this year, I delivered a full tech talk... 2024-11-23 02:12:39 | 阅读: 33 | 收藏 | text/plain - textslashplain.com download throttle competitive somewhat speeds

Security Software – An Overview I’ve spent nearly my entire professional career in software security: designing software to prev... 2024-11-19 04:0:50 | 阅读: 26 | 收藏 | text/plain - textslashplain.com security software defender throttles sensors

Best Practices for SmartScreen AppRep Last year, I wrote about how Windows integrates SmartScreen Application Reputation to help ensur... 2024-11-16 03:46:24 | 阅读: 48 | 收藏 | text/plain - textslashplain.com software reputation smartscreen windows security

Defensive Technology: Controlled Folder Access Most client software’s threat models (e.g. Edge, Chrome) explicitly exclude threats where the lo... 2024-11-16 01:39:17 | 阅读: 24 | 收藏 | text/plain - textslashplain.com cfa windows ransomware defender security

On Politics I do not come from an especially political family. My dad has not voted in decades, and while my... 2024-11-12 00:4:24 | 阅读: 31 | 收藏 | text/plain - textslashplain.com trump voted political elections tax

Lenovo P1, Gen7 I’ve been a loyal user of Thinkpads for over twenty-five years now, and I curre... 2024-10-29 01:13:23 | 阅读: 36 | 收藏 | text/plain - textslashplain.com microsoft wouldn lenovo yoga seemed

Defensive Technology: Antimalware Scan Interface (AMSI) Endpoint security software faces a tough challenge — it needs to be able to rapidly distinguish... 2024-10-26 04:31:31 | 阅读: 40 | 收藏 | text/plain - textslashplain.com security software windows attackers microsoft

Content-Blocking in Manifest v3 I’ve written about selectively blocking content in browsers several times over the last two deca... 2024-10-14 00:59:18 | 阅读: 12 | 收藏 | text/plain - textslashplain.com blockers mv3 chrome trivial advertising

Attack Techniques: Encrypted Archives Tricking a user into downloading and opening malware is a common attack techniq... 2024-10-2 22:52:40 | 阅读: 18 | 收藏 | text/plain - textslashplain.com security software scanners client attackers

Welcome to Fall, I guess? Two months without a blog post? Sheesh. A lot has happened in two months, altho... 2024-9-17 06:5:12 | 阅读: 31 | 收藏 | text/plain - textslashplain.com bermuda microsoft cruise cococay splurged

Browser Features: Find in Page For busy web users, the humble Find-in-Page feature in the browser is one of th... 2024-7-15 23:49:20 | 阅读: 15 | 收藏 | text/plain - textslashplain.com doms microsoft ux frames paging