Skip to content

Tales from the Edge. #Security.

Fun

Late 2017, King county, Washington

An overworked team with an impossible mission, to create a secure Internet browser, on Windows, is called to the weekly time-waster product team meeting.

Product Manager:
Team, you know that Edge needs to be the most secure browser on the planet, right?
So how can this thing segfault if some dude from the security consultancy fuzzes the Backup.dat?

You MUST make sure this is protected. It MUST be a violation of Windows Policy to modify the file. Go, make it happen! Report back next week!

The team disperses.

Early next morning, at a set of tables in the middle of a dimly lit cube farm...

Developer:
Hey, team lead, do you know what the PM meant with "Windows Policy"? I never heard about a "Windows Policy". Is this the "Group Policy"? Or did he mean the product license? Like the shrink-wrap contract? Do we need to consult legal?

Team lead:
Oh, ffs, Bob. No time for discussion. The requirement is crystal clear. Implement it. You're the security lead. We have a deadline approaching.

Developer:
O.k., boss. I'll see what I can do.

Windows Edge backup folder "Protected - It is a violation of Windows Policy to modify"

Continue reading "Tales from the Edge. #Security."