Next time you begin to berate yourself for making that awfully stupid coding mistake remember that it happens to the best and biggest of us, including Microsoft.
A blog post on Microsoft's Security Development Lifecycle confirmed the cause of the latest exploit in Internet Explorer was due to a typo.
Here is the offending code:
__int64 cbSize; hr = pStream->Read((void*) &cbSize, sizeof(cbSize), NULL); BYTE *pbArray; HRESULT hr = SafeArrayAccessData(psa, reinterpret_cast
(&pbArray)); hr = pStream->Read((void*)&pbArray, (ULONG)cbSize, NULL);
And where is the typo you ask? It's on the pbArray's pointer, where the final line should be:
hr = pStream->Read((void*)pbArray, (ULONG)cbSize, NULL);
Despite all the effort that Microsoft puts into secure and proper code, its code analysis tools failed to detect the issue and the code reached production. The tools have now been updated to catch this problem and the developers will now have to use the new ATL libraries.
Now this would typically be the part where certain people start hooting and hollering about Microsoft's lameness and how they are personally the world's greatest coder.
At least both typo-affected parties have learnt from this experience.
Happy sysadmin appreciation day
Today is also claimed as System Administrator Appreciation Day. The people behind this day say that you should shower your sysadmin in flowers and love for their unappreciated work — that's cool if your local sysadmin is a kind and personable fellow, and really, how many people like that are sysadmins?
If you have a BSMFH, I recommend broadcast pinging on your network all afternoon, endlessly copying many gigabytes of random files, secretly setting up an office MP3 server, and other general nuisances to make your sysadmin stop watching YouTube/reading your email like they do every Friday.
Of course, all these feelings for BSMFHs could be fixed if you would just give us all a bigger monitor and stop taking servers down during business hours.