Links I enjoyed reading this week


PDF the Most Common Malware Vector (Schneier)
It’s almost non-news, because it’s been obvious for years that this was coming. Malware writers target the common programs and formats. Several years ago, I talked to senior developers from a major software company on multiple occasions about memory safety and secure coding, and at the time they weren’t interested because exploits didn’t affect them (yet). As an example, I pointed out: “Look, do you think software like Acrobat Reader needs to care about secure coding? – But of course it does. Isn’t it obvious that it’ll be targeted sooner rather than later?” Moral: If you write popular software, the need for secure coding affects you and your product; if it doesn’t today, it will tomorrow. (Obligatory note: This isn’t just about C and C++. Every mainstream language lets you write exploitable security flaws.)

Visual C++ Developer Survey (MSDN)
”As we wrap up Visual Studio 2010, we are starting to plan the next release of Visual C++. … We would like to better understand what you do.”

General information/amusement

Distributed Version Control is here to stay, baby (Joel on Software)
Evidently the last Joel on Software article, too.

The Hobbit to begin shooting in July (Variety)
Where can we buy fake foot hair for the premiere?