George V. Reilly

Printf %n

In my post about Printf Tricks a couple of years ago, I mentioned that "%n is dangerous and disabled by default in Visual Studio 2005."

I got email today from someone who was porting a large codebase to VS 2005. He was getting an assert from %n and he needed a way to get past it. He intends to fix the uses of %n when he has a chance.

I spent several minutes digging around in MSDN and came up with set_print­f_­coun­t_out­put. Wikipedi­a's Format string attack page led me to Exploiting Format String Vul­ner­a­bil­i­ties, which describes in detail how %n (and %s) may be exploited.

In short, if you continue.

200 KeePass entries

I blogged before about KeePass, a free password manager utility. A few minutes ago, I added the 200th entry to my password database, when I registered to download VMware Server.

200 entries! At one point or another, I've registered on a hell of a lot of websites. I also use KeePass to keep track of credit card numbers, software reg­is­tra­tion keys, and so on. KeePass not only lets me use distinct, strong passwords for each site, but it also lets me remember which sites I've registered on. Some sites want me to use my email address; others prefer an al­phanu­mer­ic username.

One friend reliably informs me that KeePass runs just fine continue.

« Next