Tag | Security Posts

Goal Ensure your developers build code to meet the spec (the contract of customer requirements) in a timely manner Ensure your developers build code changes that don’t break the spec and that pass functional requirements Ensure your developers build code which is robust (not fragile) and that meets design and code quality guidelines The Spec Make sure that the technical analyst provides appropriate specs! Keep it deliverable – compile-able. No point building mounds of UML diagrams that don’t stay ...
Being a user group leader (Bartlesville .NET User Group) I get a lot of messages for recruiters looking for jobs. Given the current market situation I like to pass these on. This one looks pretty interesting. If you are interested give Darbi a call and let him know I sent you: Know anyone (maybe you) who might be interested in the following position? It is located in Oklahoma City, Oklahoma. It is a direct hire position with a great company. If you are interested or know someone who is, send me a ...
In working through an issue with workflow I stumbled across an interesting 'feature' of workflow and MOSS. Essentially I have a "Project Sites" root web where I am creating child sites via a workflow: Project Sites Child Site 1 List 1 List 2 In these child sites I am creating some lists and setting alerts on them based upon things that happen in the workflow. In attempting to create an alert on a list, I received a "List does not exist" error. In stepping through the code and inspecting all the objects ...
Here is a list of the more meaningful tools and extensions which I have downloaded and enjoyed this year: Google Search Bar + Bookmarks XML Notepad 2007 (Microsoft, free) Tail 4.2.12 NUnit for Windows WebServiceStudio/SoapBits BizTalk ScheduleAdapter (Scheduled Task Adapter) http://www.codeplex.com/Biz... Microsoft Enterprise Library 3.x Camtasia Studio System Tools Unlocker http://ccollomb.free.fr/unl... .Net Reflector http://www.red-gate.com/pro... Process ...
Topic: Migrating a Data Aware WPF Application to Silverlight 2.0 Presenter: Mike Benkovich, Microsoft Date: 11/18/2008 Time: 12pm - 2 pm Website: http://www.ilmservice.com/s... Abstract: One of the great things about WPF and Silverlight is that they’re both built on top of XAML and with Silverlight 2.0 you can leverage the latest data manipulation capabilities of LINQ. In this session we’ll take a look at a basic WPF application that pulls data from a web service. We will explore VB.NET’s ...
OK, this may be old news to some of you; and it's obvious, once you think about it. But it's news to me, so I want to pass it along. The topic is WiFi Evil Twins. What's a WiFi Evil Twin, you ask? That's when some thief goes to a public WiFi hotspot area and sets up a new public WiFi network with the same or similar name, in hopes of getting people to sign in through his WiFi instead of the public one. Then he can attempt to upload viruses, record traffic, capture credit card information, etc. Usually ...
Well, maybe that's not exactly how he put it; but he referenced a post where I wrote: Richard Hale Shaw makes an interesting argument against the C# using statement (not the using directive; and thank you, C# team, for that bit of confusing language). I disagree with him; but it will take time and sleep before I can fully explain why. The short preview: he says you can't force people to use your class correctly; I say I can, and I'll show you how, soon.And he writes: Always wondered what you had ...
Windows Azure was announced on PDC 2008 (Oct 27) and will hopefully be released mid next year. You probably already know about Azure by this time. If no, I would like to quote some from www.azure.com as intro: The Azure Services Platform is an internet-scale cloud computing and services platform hosted in Microsoft data centers. The Azure Services Platform provides a range of functionality to build applications that span from consumer web to enterprise scenarios and includes a cloud operating system ...
Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; ...
In this issue: Silverlight Girl, Mehdi Slaoui Andaloussi, David Anson, Cheryl, Justin Angel, Kathy Kam, Shawn Burke, and Jafar Husain. John Papa hada Teaser Chapter up for his book the other day and I forgot to mention it, so here it is: Free Teaser Chapter for Data Driven Services with Silverlight 2. From SilverlightCream.com: Silverlight Loader Animation Silverlight Girl discusses her loader animation created in Blend, then turns around before I got that posted and gives up Source code for the ...
I finally and succesfully migrated a VSS 2005 Database to TFS 2008. I got soo many problems/errors. Things like: Migration tool worked, but only the folders have been created in TFS. No file has been created, Another migration warned that TF60085: No file or folder to migrate DCOM errors on the server. When re-creating a TFS Project, TF30162: Task "WITs" from Group "WorkItemTracking" failed So, after migrating "empty folders" the first time, I tried to delete the projects in TFS and re-importing ...
In a nice sunday afternoon I opened a MC++ sorry oldy MFC project in VS.NET.So far so good. Now i was going to insert a merely innocent breakpoint before firing the program. Mouse cursor changes to hourglass changes to infamous BSOD(Blue Screen Of Death for Windows). I ignored the memory dump and rebooted but Windows XP was unable to start. It seems some boot information table or partition table might have been corrupted in the process. Sad but inevitable in a developer's life.But I hade some serious ...
Models enable SOA which enables agility Messaging Platform Spreads SOA out over the Internet User Enablement The Tools Future Business Models and Opportunities The SOA and BPM Conference at Microsoft was a great time, got to meet old buddies, made some new ones and learned quite a bit about the possible future of business and the software that drives it. It wasnt all fun and games though, I was recovering from pneumonia and had to pull an all-nighter to get a Demo up on Microsoft's ESB for some potential ...
We needed to setup TFS for a new user and he had a problem: When open TFS Source Control Explorer , he can see folders, but was unable to run any commands , e.g Get Latest. Trying to find a reason, we gave the new user different security permissions, but it didn't help. Finally I suggested to check in VS Tools/Options/Source Control/Current Source Control Plug-in. and ensure that VS TFS is specified. It fixed the problem ...
A couple of days ago I've posted about the changes I've had to make to allow my custom STS to work with the updated Geneva framework. there's one more, quite crucial, change that I had to make, which I will try to describe next - If my understanding is correct (and unfortunately there's all the chances in the world that it is not, so if you know otherwise please do comment) the October Geneva SDK has tightened security a little bit around token validation. I believe that the previous version of SDK, ...
Three days into playing with the Windows 7 PDC bits, I've already fallen in love with the new OS. Microsoft has come a long way to get things right this time. I know a lot of people hate Windows Vista badly. I do too. But I always think that Windows Vista isn't that bad. What it really lacks is the common sense of software design: convenience for users . I noticed a lot of thoughts have been put into Windows 7, although in this early pre-beta stage it still looks pretty much the same as Vista. But ...
The Network admin guys did some windows patch update on the WSS v3 - OS - Windows 2003 server Until after logging on to the site tried doing some searching and Oops no search results returned So i taught sure the services has stopped or i have to restart the service but after checking the services on the OS and the Sharepoint Central Admin everything thing looks ok. Well its time to look for a fix So what next and where to start . First was this Microsoft Support site: but didn't solve the problem. ...
Topic: Workflow When: Thursday, November 6, 2008 Registration: 8:30 - 9:00 AM Event: 9:00 - 11:00 AM Networking/Q&A: 11:00 AM - 12:00 PM Where: Northland Center 3500 American Blvd West, Conf Room B (on concourse level of bldg) Bloomington, MN 55417 Summary: On Thursday, November 6th, come learn what Dynamics CRM 4.0 offers in terms of workflow using the new Windows Workflow Foundation! We'll be covering various new ways the new workflow engine enables greater power and flexibility. These are ...
I'm currently doing some work with the Geneva Framework (formerly known as "Zermatt"), which I am very excited about; With the SOA wave and now the coming Cloud wave, federated identity becomes a crucial component in the enterprise and it is great to see such a good story for it from Microsoft. Using the "Zermatt" SDK (I now need to download the updated framework and align with it) I have succesfully, and quite simply, managed to create both an active STS scenario and a passive STS scenario, both ...
After the PDC closed at 3PM, a group of us went over to the Liberty Grille again for a bite to eat. We’d been there the night before and had a really good experience, so thought we’d try it again. Everything was going fine until 5:00 came around and I had to leave. First, our waiter was nowhere to be found and I asked another waiter to get him for us and if he could bring my bill that would be great. Our waiter shows up with the bill for the entire table. I explain that I only am paying for my portion. ...
Here is a frustrating little error. The problem occurs when trying to print reports from a report server that is not properly updated on a client machine which has been. Updating the SQL Server installation using Microsoft Update (Not just Windows update) fixed this on my local development box, however I had to dig a little deeper to get it to work on our production box which is 64 bit. The root of the problem is this: If you are using SSRS to print the reports, the way it works is that an Active ...
Will Strohl whose the new President of the Orlando DotNetNuke User Group has created a series of videos to help users in the DotNetNuke community. Here's the list: What Is DotNetNuke®? - In this video, I attempt to give a brief overview of what DotNetNuke® is, and what it can do for you. DotNetNuke® Tour - An overview of some of the most common DotNetNuke® features. DotNetNuke® Terminology - Learn some of the "lingo" you might see used on the DotNetNuke® forums or documentation. Where Do I Download ...

Note: The Wireless network at the keynote failed miserably, so this will be posted with a delay.

Bringing together software + services

Presents Windows Live Essentials and Windows Live Services. Using Windows Live Services is optional, so you can use your own services (pop for example) instead.

Read the rest of this entry »
The following exception occurs in ASP.NET (version: 2.0.50727.1433) when you trigger an event on an ASP.Net object that has no ID set, eg clicking on a LinkButton: System.ArgumentException: Invalid postback or callback argument. Event validation is enabled using <pages enableEventValidation="true... in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server ...

High level goals: building rich apps with same people, same skills, same workflow and common code.

Shows how to decide when to use Silverlight and when WPF.

Read the rest of this entry »

Note: The Wireless network at the keynote failed miserably, so this will be posted with a delay. Next speaker talks about customer challenges: Stay up to date, lower predictable costs including IT resources, High security and availability. That's why software should be distributed as services "Microsoft Online Services". It is just a beginning, and in the future all of the enterprise software will be optionally distributed as an online service. Read the rest of this entry » ...
One of the most important aspects of attending conferences for me is the networking opportunities. As I am currently an MVP in BizTalk Server, still a fairly minority technology, it’s usually only at these events that I get to meet up with the people who really know the technology (apart from the BizTalk User Group Sweden of course). There are quite a few of the MVPs and “influencers” out this year, and I’m looking forward to catching up on old times and having intelligent and informed discussions ...
I recently attended the OWASP (Open Web Application Security Project) conference at the University of Minnesota's St Paul Campus. This was my first introduction to OWASP, and it's an organization that anyone involved in software should be aware of and understand their goals. They have many projects in under development to increase the use of security throughout the development lifecycle. They also presented on the OWASP Enterprise Security API (ESAPI), and I found this to be an interesting project. ...
Here's some great webcasts to check out, just around the corner on WPF, ASP.NET and writing secure applications. If you're reading this an the webcast has already happened, you can check out the recording at the same link. MSDN Webcast: BenkoTIPS Live and On-Demand: 10 Ways Your Applications Can Be More Secure on Windows Vista 10/22/08 11:00 AM (PST); http://msevents.microsoft.c... In this webcast, you learn 10 reasons why your application ...
For the past three weeks I have been testing the new Nokia e71 and Apple’s iPhone 3g. Both phones are well built and deliver as promised in almost all areas. Below I will give a few tidbits about my experiences with each one. I am also at the same time working on deploying Microsoft’s System Center Mobile Device Manager (SCMDM). This will not come in to play with either of these devices though. Although they have licensed and support Exchange ActiveSync, SCMDM will only support devices running a ...
*Moved to: How-To: Allow other users to interact with workflow on your MySite If you want to be able to use workflow on you're my site that will allow you to assign tasks to your colleagues, then you need to take a couple of thing into consideration. The most important is to give any users assigned tasks access to the tasks list that you are using for your workflow. You will need to think hard about wither the workflow you are considering would be better as part of your team's site, or as part of ...
I am sorry for the lack of blog love. I am going to try very hard to post something awesome once a week. I have a couple birthdays upcoming, including my friend Leah's and my boyfriend Johnny's. I also have a Silverlight Presentation at the St. Louis .Net User Group on October 27th, then the Kansas City Office Geeks will be meeting on November 6th with a presentation on SharePoint Updates by JD Wade. In between I believe I am going to try and give a how to write a custom wildcard search in SharePoint ...
So, I've been on a mission, to show that we can port our mobile portal application suite over to iPhone. We've long been using a Windows Mobile delivered portal that takes Sharepoint, Dynamics NAV and a host of other line of business system (LOB) and delivers them to our mobile workforce. The core of our business at Anglia Business Solutions (www.angliabs.com) is to allow our consultant's, sale staff and support engineers to work remotely. For any service based company our lifeblood is accurate time ...
We implemented Web SSO with ADFS. It works great, but the development experience was limited to W2K3. This was a problem as development workstations were XP. So we had 1 server on the side to test code against. We pulled down the dll to the XP development boxes which allowed for compilation, but testing only on the W2K3 server. A new framework for claims based identity is in beta from Microsoft. It is code named Zermatt. One of the interesting things from the developers perspective is that with Zermatt ...
I recently have been working on a solution for a client that is converting their current external membership website to WSS 3.0. I am so happy with the way the solution is coming together. I have always been of the opinion that you use the right tool for the right job and WSS 3.0 is the right tool for this solution. Going back to my perspective that it is easier to develop with SharePoint as a framework than to start a new web project from scratch, WSS was a natural fit for all of the functionality ...
Recently I was discussing SQL Server encryption with some friends who have been using it to encrypt short strings such as Social Security numbers at their shop. I commented, "Just try searching those Social Security Numbers," they shared my lamentation, and we moved on to other subjects. Later that evening, though, I thought there must be a way to search those wretched encrypted blocks--somehow--and worked out the solution you are about to read. The Problem The difficulty lies in the fact that you ...
Rick Strahl had a great recent post on Running VisualSVN Server for Subversion Source Control. I have been running VisualSVN Server for my repositories for a little while now and especially love how painless the setup is. Not to mention that VisualSVN Server is 100% free! One part that I especially liked was the part I have been missing and that is anonymous access to repositories. I have been thinking about having this for awhile and with Rick's post I was able to allow it: Anonymous Repository ...
Topic: Wireless LAN Website: http://www.ctamn.org/ Where: Eagan Community Center When: Tuesday, October 14, 2008 Speaker: Steve Bult, Senior Project Manager, Technology Management Corporation. In this role and prior duties, Mr. Bult has utilized his experience in Information Technology projects ranging from 1M sf technology campuses to deployments with hundreds of remote sites. He has extensive experience in design for A/V, voice and data networking, physical security and CCTV. He has delivered solutions ...
Here we are at the second week's task for the Manhattan Project: switching the user's database to MSSQL instead of SQLite. I'll be honest, there weren't any valuable resources I found for assistance in the creation of this tutorial. Mostly it was a combination of Try / Fail and guessing based on what I saw in the code for the MSSQL dll in the project. I might say that there weren't resources, but what I mostly mean is no tutorial. There are some .sql files to help get the database started, but that's ...
Register Now for the SQL Server 2008 Roadshow Date: October 14 - Minneapolis, MN Location: Regal Brooklyn Center 6420 Camden Ave N Minneapolis, Minnesota, 55430 United States Learn more about the new enhanced capabilities of SQL Server 2008. Explore security and database management, how to best manage your data, and what’s new in business intelligence. Don’t miss this half-day event that will give you a better understanding of what SQL 2008 has to offer and how you can best put it to use at your ...
I just checked my google reader, and got a very interesting update from Zain Naboulsi, the Developer Evangelist for the louisiana, texas and arkansas region. According to Steve Lipner, Microsoft's security development lifecycle will be presented to a collection of consultant agencies at first, and then broadened to envelop more and more training after its inaugural year. In addition, Microsoft's SDL Threat Modeling tools will become freely available in November. To read the Q and A with Steve, check ...
I am sorry this is not a C# blog today. I am still in TFS land :-) Recently I was talking to different people about when to create a new TFS project or reuse an existing one. Here is what I got out of the conversations: - Too many projects slow down the server and are hard to maintain. (Depending on the project type, TFS 2008 has an upper limit of around 200 - 500 projects) - Security on too many projects can be very hard to maintain (especially keeping track of current permissions, removing expired ...
Mission: Abandoned Mill Debrief: We've been here before, but haven't come close to exploring all of it. We met up after dark and drove out to the site. Getting there was fairly quick and uneventful, and aside from passing a couple of bicyclists, it looked like we weren't going to run into anyone on the way in. Just before we got to the entrance though, a car full of guys (looked like teenagers or early twenties) pulled up and tried going down a road that was (clearly) marked "do not enter." Confused, ...
If a user, using Firefox 3, signs out of a web site and does not close the browser, anyone else using that browser subsequently can view the content of pages loaded by the previous user (eg in an internet cafe, or any place where workstations are shared eg universities) - exposing private/confidential data. This only affects HTTP post requests (not gets) and only Firefox version 3 - earlier versions (1.5, 2 etc), and IE, are not affected. The main points are: This is definately a bug: a violation ...
Seems to me I once heard that too much of a good thing can be bad. Does that apply when considering how much connectivity can be achieved on your phone? VISA is apparently trying to get apps that allow for all sort of transactions to be performed on the Android-based phones. This seems like a security nightmare waiting to happen.... Read more here ...
I was recently asked by a client to test whether a WCF based service could be implemented behind ISA Server (2006) whilst using netTcpBinding . I knew nothing about configuring ISA Server, so I worked in this with an ISA Server SME within my company on this. We set up 3 virtual servers : one client, one running ISA Server and one hosting the WCF service. I configured the client to be able to use wsHttpBinding and netTcpBinding just for comparison. The security mode was explictly set to "none" for ...
The last half of this year is being completely focused on cloud computing. Microsoft is focusing a lot of attention in this space and are focusing on setting up development centers around the world to assist customers in hosting logic and data centrally in the cloud to make use of for your global applications. It really is the next step in expansion of the Internet and is something that will be greatly adopted by organizations all over the world. There are some tricky areas that still have to be ...
We cleared Montana and ~ 70 miles of Idaho (way up there at the top). Marc did get a speeding ticket in Idaho 4 miles from the WA border. We both had to give up our ID’s for a check. it is 8:51 EDT (5:51 Seattle Time). I can only deive~ 100 mi at a time at this point. We have been on the road almost 52 hours. It’s not that I'm really tired but my eyes glaze over, especially in the dark. Had a little incident getting gas a few minutes ago. American Express decided to trigger a security alert so i ...
I can describe my feeling of mgration from TFS 2005 to TFS 2008 in one word-NIGHTMARE. Summary of recommendations. 1.Create combined TFS 2008+SP1 setup as described in http://www.woodwardweb.com/... and in the latest Team Foundation Installation Guide 2. Read Team Foundation Installation Guide ,Upgrade TFS 2005 to 2008 , Tips for upgrading from TFS2005 to TFS2008 3. If you are using fully-qualified domain names (FQDN, e.g., tfsserver.mycompany.com) , replace the FQDN with NetBios ...
I was using VPC 2007 on Windows Vista Ultimate 32 bit for the first time last week. I was creating some user documentation for my new job. I noticed that even with sharing turned on for my C Drive I could not save any files from the VPC to my C Drive. I heard there was really no Vista and VPC 2007 support, so I decided to start experimenting as per usual (don't try this at home I have broken more VPC's than anyone within the SharePoint Community I bet). So I found this Public area on the C Drive ...