Gee Law’s Blog

Windows Credential User Interface with secure attention sequence: not even bad

Ever since I used Windows NT (for me, the first Windows NT I used is Windows XP), I’ve been familiar with the importance of Ctrl+Alt+Delete. The combination is known as the secure attention sequence for Windows. In an uninfected copy of Windows, the sequence is handled exclusively by Windows, and is used to thwart trojan dialogs luring users’ credentials. Requiring SAS before Welcome Screen is a quite usable security feature. However, it is not the case for Credential User Interface.

NTFS DELETE_CHILD access and ‘the directory is not empty’

Someone wanted to know how to create a file that denies itself from being removed, yet found he could still remove the file even denying DELETE access from Everyone. The reason is that there is DELETE_CHILD access on its containing directory. How does this relate to ‘the directory is not empty’?

PowerShell codebase misuses SHEmptyRecycleBin function in Clear-RecycleBin cmdlet

Clear-RecycleBin is a cmdlet that clears your recycle bin. Internally, it calls SHEmptyRecycleBin function. It has been malfunctioning for a long time: when you run the cmdlet for the first time in a PowerShell session with Force switch on, it produces an ErrorRecord. Further investigation shows that it is detecting error status of SHEmptyRecycleBin the wrong way. To make things worse, SHEmptyRecycleBin is really bad at error handling.

PowerShell codebase misuses SHEmptyRecycleBin function in Clear-RecycleBin cmdlet

Outlook 2016 GUI creates an appointment with extraneous attendee, causing and Outlook for iOS to show it as a meeting

Outlook 2016 GUI always creates an event with at least one attendee, which makes and Outlook for iOS have difficulty correctly interpreting the appointment. Instead, they think it is a meeting. However, if you create the event with Outlook object model, there is a good chance the event is created neatly. In addition, events created on or in Outlook for iOS are always neat.