Tag | Security Posts

I recently created a DLL and I wanted to reference it from a project I was developing in Visual Studio. In previous versions of Windows, doing so was simply a matter of dropping the DLL file in the C:\Windows\assembly folder. That would add the DLL to the Global Assembly Cache (GAC) and make it accessible in Visual Studio. However, as is often the case, Window 7 is different. Even if you have Administrator privileges on your machine, you still do not have permission to drop a file in the assembly ...
At http://www.troyhunt.com/201... there is a free ebook on securing your ASP.NET web sites.The PDF is at https://asafaweb.com/OWASP%... https://asafaweb.com/ there is an Automated Security Analyser for ASP.NET Website ...
After reading this section you should be able to Identify security risks in LANs and WANs and design security policies that minimize risks Explain how physical security contributes to network security Discuss hardware and design based security techniques Understand methods of encryption such as SSL and IPSec, that can secure data in storage and in transit Describe how popular authentication protocols such as RADIUS< TACACS,Kerberos, PAP, CHAP, and MS-CHAP function Use network operating system ...
After reading this section you should be able to Understand methods of network design unique to TCP/IP networks, including subnetting, CIDR, and address translation Explain the differences between public and private TCP/IP networks Describe protocols used between mail clients and mail servers, including SMTP, POP3, and IMAP4 Employ multiple TCP/IP utilities for network discovery and troubleshooting Designing TCP/IP-Based Networks The following sections explain how network and host information in ...
After reading this section you should be able to Identify the characteristics of a network that keep data safe from loss or damage Protect an enterprise-wide network from viruses Explain network and system level fault tolerance techniques Discuss issues related to network backup and recovery strategies Describe the components of a useful disaster recovery plan and the options for disaster contingencies What are integrity and availability? Integrity – the soundness of a networks programs, data, services, ...

just a little time left tonight, thought it would be a good idea to get a link in on the new microsoft single sign on security web page from microsoft et al...


http://sso-analysis.org/



The beta for BIDS Helper 1.6 was just released. We have not updated the version notification just yet as we would like to get some feedback on people's experiences with the SQL 2012 version. So if you are using SQL 2012, go grab it and let us know how you go (you can post a comment on this blog post or on the BIDS Helper site itself). This is the first release that supports SQL 2012 and consequently also the first release that runs in Visual Studio 2010. A big thanks to Greg Galloway for doing the ...
LAN parties offer the enjoyment of head to head gaming in a real-life social environment. In general, they are experiencing decline thanks to the convenience of Internet gaming, but Kenton Varda is a man who takes his LAN gaming very seriously. His LAN gaming house is a fascinating project, and best of all, Linux plays a part in making it all work.Varda has done his own write ups (short, long), so I'm only going to give an overview here. The setup is a large house with 12 gaming stations and a single ...
If you are installing SharePoint 2010 on a new box you might see the Setup Errors notification from the installer. In my case, I am using Windows Server 2008 R2, but I have seen the similar Error on Windows 7 as well with little less requirements. As you can understand all the “-“ bullets are the requirements that needs to be installed or configured on the box. There are two ways to do this 1) Microsoft SharePoint 2010 Product Preparation tool In the SharePoint 2010 Splash Form, you can find that ...
The biggest complaint most remote workers have in regards to working on a team? Feeling disconnected. The biggest complaint an office has about remote workers? They forget the remote workers are there and don’t always trust what they are doing. Want to learn how to get past both issues? Hi, my name is Rob and I have a confession to make. I’m a remote worker four days a week. I’m a placeshift remote worker, and yet I am still highly collaborative with my team. “Placeshifting?” you say. “Highly collaborative?” ...
Microsoft recently (12-29-2011) released an update to address several serious security vulnerabilities in the .NET Framework. One of the fixes introduced by MS11-100 temporarily mitigates a potential DoS attack involving hash table collisions. It appears this fix breaks pages that contain a lot of POST data. In our case, on pages that have very large checkbox lists. Why would this be the case? There are some information on this limit to be at 1000....so if your webpage was working fine earlier and ...
The most recent release of LINQ to Twitter included support for Windows Phone. It’s important to note that only 7.1 is supported – the rationale being that 7.1 (Mango) introduced support for IQueryable, which LINQ to Twitter requires. This post will show you how to use LINQ to Twitter with Windows Phone. You’ll see a normal public query, how to log in with OAuth, and how to post a tweet. All of the code in this blog post is included with the LINQ to Twitter source code that you can download at http://linqtotwitter.codepl... ...
Today's O'Relley Deal of the day at http://shop.oreilly.com/pro... is Programming Microsoft® ASP.NET 4by Dino Esposito. "Completely reengineered for ASP.NET 4—this definitive guide deftly illuminates the core architecture and programming features of ASP.NET 4 in a single, pragmatic volume. Web development expert Dino Esposito provides essential, architectural-level guidance, along with the in-depth technical insights designed to take you—and your solutions—to the next level. The ...
In 2007, Microsoft created a "Tips for the Newbie" page for TechEd (which is apparently no longer available) and I created a follow-on post called Tech·Ed for Novices. I created a similar post in 2008 as well. With TechEd 2012 around the corner, I thought it would be good to bring it back. TechEd is a huge event, topping out at over 14000 people (usually), with an equally huge amount of content. This post is designed to give first time TechEd attendees a fighting chance of finding their way around. ...
A few days ago I read an article by Richard Seroter comparing the different cloud storage options and comparing Windows Azure and Amazon S3. I commented on his blog about how Id like to see companies use these more and more for B2B data exchange when you have a batch file rather than the traditional solutions using FTP and the painful infrastructure piece that often goes with this kind of project. The normal challenges include: Who hosts the FTP service or do we both What kind of security do we use ...
In the development of line-of-business (LOB) applications, there has long been a certain tug-of-war between tools that automate development, or frameworks that accelerate it, on the one hand; and the notion of coding from scratch, perhaps with the aid of code libraries developed in-house (or by the sole developer), on the other. This is typically put under the rubric of a zero-sum game before the debate even starts. Downstream project managers, analysts and users don’t want to pay the tax of having ...
Commonly when you try to connect the Enterprise Applciatons with BizTalk Adapters you might get errors like : E-PSFT0029: JVM was not started OR Unable to find JAVA_HOME. As the error says, it is unable to locate the JVM.dll and unable to start it. Resolution: Make sure the folder having JVM is present as a value in PATH variable of environment variables. Say for PeopleSoft Applications, the JVM can be found with the app called JRockit so make sure the folder path of JRockit containing the JVM is ...
May I remind you that today being the second Tuesday of the month is Patch Tuesday. Later today, Microsoft will issue more patches. Several of the updates are rated critical, so patch your development PCs, patch your UAT, TEST, get client sign-off and then patch your live systems.For more information see:http://technet.microsof... ...
It’s good to see my ex-colleague Guatam putting out some MSMQ content after a 10 month hiatus. MSMQ Performance degrades over time & MSMQ LQS folder is 100s of MB. The files in the %windir%\system32\msmq\stor... folder are configuration files for the machine’s queues, or cached configuration information in the case of public queues. Inside these text files is a collection of parameters, such as “Label”, “QueueName” and “PrivLevel”. The largest value is the “Security” parameter which contains ...
The Problem After setting up a new instance of TFS I attempting to use the TFS 2010 Power Tools (Dec ‘11) Team Foundation Backups wizard. However, during the Backup Plan Wizard Readiness Checks, the “Grant Backup Plan Permissions” step failed with the error – Account… failed to create backups using path… The Fix Digging into the log created during the Readiness Check I found the following error - Error @xxx Microsoft.SqlServer.Managem... Backup failed for Server 'xxx'. ...
Usually you’ll get alerted to this issue with a call saying that users have not gotten any new email for a while. They will still be connected to Exchange in outlook, you can still log on to the OWA and, when looking at your hub servers, you can see that the all services are up and running (Note that it is possible the transport service could be stopped…). A number of reasons can exist as to why you are not getting any mail flow: · Your recipient polies are not configured correctly · The receive ...
The roll-out of the latest IE (either IE8 or IE9 depending on the operating system) as an important security patch started this month for users in Australia and Brazil according to the Windows blog at http://windowsteamblog.com/... ...
It's important to understand the account that IIS is running under when you need to make changes to the security settings. If, for example, your Web application writes to files or to a database, you'll need to grant the correct permissions to the folder or database. Before you can change these security settings, it's important the know what account IIS is using. This FAQ details the various options available, both for "classic" ASP and ASP.NET applications. There is a big difference between classic ...
Architecture of PeopleSoft Adapter: The BizTalk PeopleSoft Adapter is based on the BizTalk Server Adapter Framework. More info: How the Adapter Is Designed: The Adapter Framework. The PeopleSoft adapter basically communicates with the PeopleSoft Component Interfaces via the PeopleSoft JOLT protocol (over TCP/IP). The adapter communicates with PeopleSoft system by receiving a XML message which is later encapsulated into a SOAP request using the PeopleSoft psjoa classes. With this connection we can ...
Environment what we are building consists of: Operating System: Windows Server 2008 SP2. Database Server: SQL Server 2008 with SP2. PeopleSoft Application: PeopleSoft Enterprise Human Resources Management System and Campus Solutions 9.0 PeopleTools: PeopleSoft PeopleTools 8.52 Web Server: Oracle Web Logic Server 10.3.4 The machine name given for this environment is WIN2K8 and currently only 1 user, the default username is Administrator and it is the local admin. The below steps are performed with ...
I would like to share that I will be speaking at the Deerfield Beach Coders Café on February 7th, 2012 6:30 PM on concepts behind PRISM and MEF including IoC Containers, Composition, Dependency Injection, Loose-coupling and Inheritance. We will be also adding a little Agile spin to the talk focusing on the importance and ideal use of the underlying design patterns in an Agile software shop. I am also scheduled to present a similar topic at the upcoming South Florida Code Camp taking place on Saturday ...
The Objective Three of the 6 development teams using TFS are moving to a different network and domain. There is no on-line connection between the old (source) and new (target) networks. The objective was for the teams to come in Monday morning, bring up their development machine on the new network and have everything as it had been on the old network. Failed Approaches Clone the data tier and move the data tier to the new network. This failed because the procedures for moving the hardware to a new ...
After reading this chapter you should be able to Identify and explain the functions of the core TCP/IP protocols Explain how the TCP/IP protocols correlate to layers of the OSI model Discuss addressing schemes for TCP/IP in IPv4 and IPv6 Describe the purpose and implementation of DNS and DHCP Identify the well-known ports for key TCP/IP services Describe common Application layer TCP/IP protocols Characteristics of TCP/IP (Transmission Control Protocol / Internet Protocol) TCP/IP is a suite of specialized ...
After reading this you should be able to Identify a variety of uses for WANs Explain different WAN topologies, including their advantages and disadvantages Compare the characteristics of WAN technologies, including their switching type, throughput, media, security, and reliability Describe several WAN transmission and connection methods, including PSTN, ISDN, T-carriers, DSL, broadband cable, ATM and SONET Describe multiple methods for remotely connecting to a network WAN Essentials A WAN is a network ...
Issue:System.InvalidOperati... is not valid due to the current state of the object. System.InvalidOperationExce... Operation is not valid due to the current state of the object. at System.Web.HttpRequest.Fill... at System.Web.HttpRequest.get_... at Rhino.Commons.LongConversat... privateConversation) at Rhino.Commons.LongConversat... at Rhino.Commons.HttpModules.U... ...
After reading this you should be able to Identify the functions of LAN connectivity hardware Install, configure, and differentiate between network devices such as NAIC’s, hubs, bridges, switches, routers, and gateways Explain the advanced features of a switch and understand popular switching techniques, including VLAN management Explain the purposes and properties of routing Describe common IPv4 and IPv6 routing protocols NICs (Network Interface Cards) Are connectivity devices that enable a workstation, ...
The UK Centre for the Protection of National Infrastructure has released a new guidance document which details the ‘Top Twenty Critical Security Controls’. These provide a baseline of high-priority information security measures and controls that can be applied across an organization in order to improve its cyber defence. The Centre for the Protection of National Infrastructure is participating in an international government-industry effort to promote the top twenty critical controls for computer ...
As many of you may already know that, I'm working at a global gaming and entertainment company taking the responsible for design and implement the next generation platform which will be running on the cloud, and also design the cloud platform as well. Currently one of the goal is to replace the active directory integrated security and identity solution with certificate-based solution in our product. In short, we need to work with Active Directory Certificate Service to request and issue the certificates ...
With TFS 2010 a basic installation of TFS has been reduced to a matter of clicks, the pain however lies in getting an appropriate environment provisioned from the Infrastructure team. There will be planned and unplanned downtime as the infrastructure team takes the environment down for patching. There are various TFS hosting services available out there that’ll take this pain point away from you. Some of the leading players amongst others include DiscountASP.net, TeamDevCentral, Praktik Hosting… ...
At http://www.microsoft.com/se... Microsoft have a made available a free Security Inteliigence Report.Here is an interesting note about the report: "At RSA Conference Europe 2011 today, Microsoft Corp. released the Microsoft Security Intelligence Report volume 11 (SIRv11), which found that less than 1 percent of exploits in the first half of 2011 were against zero-day vulnerabilities — software vulnerabilities that are successfully exploited before the vendor has published a ...
At http://techcrunch.com/2011/... there is a very interesting article about Microsoft including the latest IE version in automatic updates. This is already done for Chrome and Firefox, so Microsoft is now fitting in with an industry trend. As the article points out, this will take care of many security holes.At the end of November I predicted that Belgium would go below 1% IE6 usage. Well Belgium went up to 1.1% ...
What is the Streetlight Store?The Streetlight Store is a .Net library which uses the Entity Framework and a Microsoft SQL Server database to perform the "back-end" operations required for a typical e-commerce application. While the Streetlight Store is intended to be used for e-commerce, it is "front-end agnostic" meaning that you could just as easily create a point-of-sale user interface.Why is there a Streetlight Store?Why develop another e-commerce solution when there are so many already available? ...
At http://weblogs.asp.net/scot... Scott Guthrie discusses the reason for one (or both) of these updates. This is linked to a possible denial of service attack vector that has recently been publicly disclosed. (This attack vector is not exclusive to ASP.NET, so expect similar updates for Apache/PHP and so on).If you have responsibility for any ASP.NET application you should apply the patch, retest your application, get client ...
A little more than three months ago, Microsoft hosted the //build/ conference at which they unveiled the upcoming version of Windows (commonly called Windows 8, though I don’t know if the marketing folks have accepted the fact that that is the name most of us are expecting for it yet). They released to the developer world a build of it called the Windows Developer Preview (and Windows Server Developer Preview) along with various tools for creating the new “Metro style” apps. I wasn’t able to make ...
I have just installed the UDDI 3 server on my BizTalk development environment. All looked good until I tried to open the publish page on the web interface. The page 'http://localhost/uddi/edit... returned a page cannot be displayed error. The same error occured when I tried to open the Subscribe and Coordinate pages.After playing around with the configuration for a while I tracked the problem down to the page using https. By connecting to the UDDI Service Console, right clicking on the ...
To me the answer of whether or not you need version control is simple - do you have users? If the answer is yes, then you need version control. Note that "version control" is not the same as "source control". Source control refers to maintaining history of your source code. Version control (also known as "configuration control" or "configuration management") is more than that. Version control, as its name indicates, means tracking versions of your software. The best way to illustrate the purpose ...
As someone who works a lot on Silverlight and as someone who have presented lots of trainings / talks over Silverlight; i am been getting a lot of questions based on future of Silverlight. Is Silverlight dead? http://www.zdnet.com/blog/m... These are often from end-clients, managers, architects or even consumers. Sometimes also from guys who have little exposure to Silverlight; but still want to engage in the conversation as it is "happening" ...
As someone who works a lot on Silverlight and as someone who have presented lots of trainings / talks over Silverlight; i am been getting a lot of questions based on future of Silverlight. Is Silverlight dead? http://www.zdnet.com/blog/m... These are often from end-clients, managers, architects or even consumers. Sometimes also from guys who have little exposure to Silverlight; but still want to engage in the conversation as it is "happening" ...
Microsoft just released the version 5 of Silverlight! It’s a great news and I really want to congratulate the whole team on this impressive collective effort. The official announcement is on the Silverlight team blog! Read the rest of this entry » ...

I was recently made aware of a couple of people having issues with WCF services (or ASP.NET applications) when using the MVVM Light project template for Silverlight. There is a blog post and a StackOverflow question, so what exactly is happening there?

Read the rest of this entry »

Build 2011 announced the September release of the Windows Azure Service Bus. For those of you who have just tuned in, the WA Service Bus is part of the AppFabric middleware that enables almost seamless connectivity between applications that are restricted to limited connectivity options by their firewall or custom security protocols. By leveraging the service bus one can build distributed applications on cloud or hybrid solutions featuring on-premise and cloud apps while maintaining the worthwhile ...
When you’re debugging security related things, sometimes you need to take a look at the thread identities user token. When you’re inside of Visual Studio 2010 – in the watch windows you enter ‘$user’ and you’ll get the same as when in windbg with !token –n ...
Here is the official documentation on how to publish a LightSwitch application – How to: Deploy a LightSwitch Application. For this example, I’m going to show how to deploy a simple application that does not have any role-based security set up. I’ll show how we can configure that in a later post. So back over on my LightSwitch development machine the first thing we need to do is specify the type of 3-tier deployment we want. In the case of my application, I want it to be a Windows Desktop client ...
Normal 0 false false false EN-GB X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans... mso-ascii-font-family:Calibri; ...
The discovery phase of any project is both exciting and critical to the project’s success. There are several key points that you need to keep in mind as you navigate this process. The first thing you need to understand is who the players in the project are and what their motivations are for the project. Leaving out a key stakeholder in the resulting product is one of the easiest ways to doom your project to fail. The better the quality of the input you have at this early phase the better chance you ...