Tag | Security Posts

Installing a BizTalk App can be quite a challenge. You have options of 1) Manual, lots of documentation needed. But then you were going to create docs anyway, right? This is good when you only need to install it once. 2) BizTalk-generated MSI. This is simple and quick to produce. My main issue is that this is not customizable with regard to the application name and product version (think Add/Remove programs) nor can you specific the installation folder. Another huge problem is that *if* the deployment ...
In this article we'll see how easy it is to use Virtual Earth SDK to produce a simple mashup, using web services that provide information in JSON format. Live Demo - Source Code If you are not familiar with JSON or how to integrate JSON services in ASP.NET AJAX applications, you can take a look at my 3-part series of articles on JSON and ASP.NET AJAX here. First of all, we need to create a simple .aspx page, and add a ScriptManager to it. Then, we're going to reference the Virtual Earth API in the ...
Today is Veterans Day and I think Wikipedia states it nicely. It is so much more than a day off from work or a big sale weekend. Veterans Day is largely intended to thank veterans for their service, to acknowledge that their contributions to United States national security are appreciated, and to underscore the fact that all those who served - not only those who died - have sacrificed and done their duty (copied from Wikipedia) Take a minute and find a veteran and thank them for their contribution. ...
Got this phishing message in the email this morning: Subject: Case ID: DXA6E9JK Body: Dear Bank of America Military Bank customer, We regret to inform you that we have received numerous fraudulent e-mails which ask for personal information. Please remember that we will never ask for personal information through e-mail or websites. Because of this we are launching a new security system to make Bank of the Cascades cards more secure and safe. To take advantage of our new consumer Identity Theft Protection ...
Great post on Danny Chen Blog about Site Navigation, siteMap and SiteMapProvider overview. read it then you ready to create your siteMap and SiteMapProvider. http://blogs.msdn.com/danny... Also these are good articles and posts about siteMap: http://geekswithblogs.net/c... http://professionalaspnet.c... WICKED CODE The SQL Site Map Provider You've Been Waiting For http://msdn.microsoft.com/m... ...
Recent source control woes have inspired me to write this little poem about my least favorite source control system. VSS, I hate you so And I can not wait to see you go. You have the word safe in your name Yet since you came my IDE has crashed And my files have been trashed. If your integration were not so lame, Then maybe I could do a simple rename; All I wanted was a little bit of history But a few files I did purge and now it's all a mystery. Branching and merging is something we no longer dare ...
Ok, so I have a theme going and thought I might as well run with it. I promise this is the last "Is x Dead?" post. Of course BizTalk isn't dead. But it is going to change in the next couple of years. What I am talking about here is "Oslo", the recently announced, next-generation distributed computing vision from Microsoft. Oslo takes SOA to the Internet I was out at the SOA conference last week where Microsoft first publicly shared the vision that they are code-naming Oslo. There is a great story ...
Ok, so I have a theme going and thought I might as well run with it. I promise this is the last "Is x Dead?" post. Of course BizTalk isn't dead. But it is going to change in the next couple of years. What I am talking about here is "Oslo", the recently announced, next-generation distributed computing vision from Microsoft. Oslo takes SOA to the Internet I was out at the SOA conference last week where Microsoft first publicly shared the vision that they are code-naming Oslo. There is a great story ...
The final releases of the Windows Live Wave 2 programs are now available. The upgrades from the beta releases haven't changed a whole lot, but you should still download the new Windows Live installer. There is also a support article if you have any problems upgrading from the betas. Just as a reminder, the installer covers only the desktop Windows Live applications: Windows Live Messenger Instantly connect to the people who matter most—via text, voice, or video.* Show 'em if you're online, offline, ...
I have posted my article "Code Free Web Page Security with the SiteMapPath Control" to my blog. You can read it here. Here is the summary: This article will show you how to control Web page access within a Web application without writing a single line of code. You will use controls from the .NET Framework 2.0, the built in SiteMapPath Provider and attribute settings in the Web.Config file ...
Microsoft has a couple of articles on how to set up HTTP connectivity for SSAS, one for Win XP http://www.microsoft.com/te... and another for Win2003 server http://www.microsoft.com/te... But Vista Business/Ultimate includes the new version of IIS (IIS 7) which means some of the steps have changed a little. So let's walk through the process with the help of a few screen shots. Getting binariesCopy the contents of the %Installation ...
What the heck do those two have in common? On Friday I arrived at the Charleston, SC airport all set to fly out to Chris' house for code camp. Having just gone through the TSA security line and in the process of collecting all my stuff and re-packing I heard a voice off behind me that sounded familiar. Being from the Charleston area I turned around figuring I might know the person and say "hi" but imagine my surprise when instead I turned around to see this guy: (ok the picture is pretty bad - I've ...
For those that have multiple Windows Live IDs, you can now link your Windows Live accounts together and easily switch between them using the Linked Windows Live ID service. To set this up, go to https://account.live.com and look for the section called Linked Windows Live IDs. If you haven't already linked any Live IDs, you will see a link titled "Link Windows Live IDs", otherwise the link will be "Manage your linked IDs". Once you have linked your IDs, you will need to sign out and sign back in again. ...
Thank you Microsoft, for once again bypassing my Windows update policies. I can now go explain to my managers why 500 workstations and 12 servers have ended up with Microsoft Desktop Search, without anyones explicit approval. To illustrate how totally stupid this is, check out these screenshots out of our WSUS box: As you can see above, our current update policy only allows Security updates, Critical Updates and Security Roleup Packs to be automaticly installed ("Approve for Installation") on select ...
Now, after the very futile example which accompanied the introduction to JavaScript Object Notation in my last post (by the way, I forgot to mention that this is what the fancy acronym stands for, but I'm sure you already knew that), let's go straight to the fun part, and see how we can leverage the flexibility of JSON (and ASP.NET AJAX, of course) to achieve some less trivial result. When developing a web application, we often need to aggregate data from different sources. You might argue this is ...
If you are a web developer, and you haven't been living under a rock for most of the past year, you must at least have heard of JSON. In the wake of the tremendous hype relating to everything even vaguely AJAX-related, JSON has climbed in record time the list of the top 10 technologies a web developer has to master. Let's make it clear from the start: JSON does deserve a top spot in such a list, if nothing else because it's the skeleton that keeps the whole AJAX paradigm on its feet. Even more so ...
To address user dynamic security for a specific dimension, we have used the technique we found from the article “Implementing User-Specific Security in SSAS” from Hitachi Consulting Microsoft BI found at http://hccmsbi.blogspot.com... This approach defines 2 new tables to the AdventureWorksDW database, DimUser and the fact-less fact table FactResellerUser. The DimUser table contains the UserName column which will be set to the domain user. The FactResellerUser ...
I've been spending a little too much time reading blogs over the last several months and am starting to crave some more in-depth study, so I decided that I am going to be "old-school" and try to spend more time reading books instead. What I'm Reading Now Here are the three books that I have been bouncing back and forth between lately. As you can tell, I am a little ADD as far as books are concerned and rarely read one at a time (probably why I like blogs so much). On the positive side, I stay motivated ...
Another top ten mistakes/DON"Ts article I found. This time in a very interesting field, which is architecture. Having read the mistakes. I can tell for sure, if you'd ever done architecture-related task, you must have done at least three of these mistake once or more. Quote from the article: Mistake #1: Scoping Woes. "This is the sort of situation where a simple travel booking system ends up with full expense claim management facilities being built into it, with inevitable repercussions for project ...
This is a summary of the grok talk I gave at the SqlBits day at Microsoft UK in Reading on 6th October 2007. Thanks for all the delegates who finished lunch early to make the grok talks and I hope it proved useful. The target audience for this grok talk was those developers using SQL Server (2000 or 2005) on their laptops who might want to secure those databases. This issue is becoming more important as horror stories of lost laptops containing sensitive customer information now seem to appear every ...
Over the last 10 months, I've learned quite a bit about some of the things that you can do to lessen the pain of weekly travel. Here a few tips.. Avis Preferred Avis, like many rental car agencies doesn’t always have their fleet of cars right outside the airport. It’s typical for me to wait 5-20 minutes for their shuttle to arrive at the airport. Next, there’s the 5-10 minute drive to the rental agency. You’ve already waited 10-30 minutes, do you really want to wait in line another 5-30 minutes once ...
Recently I've wanted to demonstrate using the BizTalk Rules Engine outside of BizTalk. In our post 9/11 world, everyone's probably had some contact with the heightened security and restrictions for air travel and banking transactions. Along the same lines, the Nuclear Regulations Commission often updates the rules concerning access control to nuclear power plants within the United States. Knowing the flexibilty of the BRE and the ease with which new rules can be added and deployed, I thought this ...
Ran into this today...seems like its a common run in on the net, so just wanted to record it here for my own notes. If the security tab isn't visible on any of your folder properties in XP, you may have "Use Simple File Sharing" selected in your Folder Options. Open Explorer and go to Tools>Folder Options. Click the "View" tab and scroll to the bottom of the listbox with the heading "Advanced Settings". Clear the "Use Simple File Sharing" checkbox. D ...
Looks like MS have not had a good month on this subject? Still, looks like there is light at the end of the tunnel? :-) Stealth Windows update prevents XP repair By Scott Dunn A silent update that Microsoft deployed widely in July and August is preventing the "repair" feature of Windows XP from completing successfully. Ever since the Redmond company's recent download of new support files for Windows Update, users of XP's repair function have been unable to install the latest 80 patches from Microsoft. ...
Now this is quite interesting because up until now most of the news and information (dare I say Hype?) has been based around the benefits of flexibility and high availability (like VMotion, etc.) but we are now starting to see enough real world examples of Server and Desktop Virtualization that we can have broad benchmarks or rule-of-thumb guidelines that are indicative of the savings that can be gained even at the design stage when details of the intended environment are almost non-existent? Although ...
I received comments to my blog (WCF vs. Remoting (with DataSet)- performance comparison) with some adjustments I could make to improve performance of the WCF. I did some of them: Cache ChannelFactory. It is quite expensive to create it each time you need a proxy. My recommendation is: Hide it in your own Factory class or method so you can cache it. I am not sure yet why the ChannelFactory is not cached somehow by WCF but I believe there are some serious reasons. Disable security for NetTcpBinding. ...
Phil recently blogged about a newly discovered security vulnerability in the Subtext blogging engine due to a flaw in the way the FCKEditor control was integrated. As far as we know, no one was seriously affected and both a fix and a workaround were found very quickly by the core development team. If you are running Subtext 1.9.x, a patched version of the Subtext.Providers.BlogEntry... is available as a zip file. After you download the patch (Subtext1.9.5-PATCH.zip 7.72KB) , unzip ...
I have been looking for a way to do this finally just had to take the time to write it. Enjoy! 1: protected void Login1_LoginError(object sender, EventArgs e) 2: 3: { 4: String message = login1.FailureText.ToString(); 5: 6: MembershipUser userInfo = Membership.GetUser(login1.U... 7: if (userInfo == null) 8: 9: { 10: LoginErrorText.Text = String.Empty; 11: 12: } 13: else if (!(userInfo.IsApproved)) 14: 15: LoginErrorText.Text = "Your account has not been approved yet, Please follow instructions ...
I like the web.config it handles everything that a config file should. Including the fun of handling your data. 1: <connectionStrings> 2: <add 3: name="LocalSqlServer" 4: connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilen... Instance=true" 5: providerName="System.Data.S... 6: /> 7: </connectionStrings> However if you develop like me you have three separated environments when writing a single app. Meaning you have ...
So I was thinking a couple of days ago about password security on web sites. When you sign up for an account you have to give them your username, your password, email address, Residential address sometimes, and all sorts of other information. What happens when the web site that you entered in all of that information gets hacked into and they steal your username, your password, and your email address. Most people use the same username/email address and password for most of their log ins, including ...
One of my friends has shown me his Google Analytics site (http://www.google.com/anal... It allows you to analyze traffic on your site. I thought I could use it here on my blog to check who reads it. Unfortunatelly GA requires from me that I put some magic goo (some script) immidiatelly before the <body> tag. I tried to congiure that with the Admin console that is with the Subtext on the GWB but whatever I do it does not insert the script before the <body> element. Did anyone try ...
So what is Enterprise Architecture (or EA for short) ? Before you reach for the Wikipedia definition which will just leave your brain hurting, try this on for size as your elevator pitch: "Enterprise Architecture is the practice of applying methods for describing current and future technology and supporting practices to align them with your organisation's core goals and strategic direction." Yep, you guessed it, Enterprise Architecture is about Strategy and that's it in a nutshell. As usual in the ...
I knew that SQL Server 2005 had structured exception handling, but for some reason I assumed that you could only use it within CLR sprocs. Since I still haven't actually heard of anyone using CLR sprocs for anything other than demos or sample projects (at least not without being pummeled by hoards of angry DBA's), I mostly ignored this new feature until now. Today I worked on a sproc that involved over a dozen DML statements (it was a utility sproc to handle security and setup steps for developers ...
There has been so much going on in the Virtualization space that it's worth reviewing some of the announcements that has predominately been broken at Alessandro's Virtualization.info Microsoft to distribute Viridian beta 1 with Windows Server 2008 RTM Microsoft and Citrix will leverage future products on VHD format Microsoft partners with Sun to improve hypervisors interoperability Virtualization leaders and OEMs start working on common virtual machines format VMware distributes VMware Tools as open ...
When you want to pass data from a Sharepoint workflow to a task InfoPath form, the recommended method (in fact I don't know of any other one) is using a "receive data" data source, defined by the ItemMetadata.xml file. The structure of this file is documented in various places around the net, for simple data types (like, say TextBox-es or CheckBox-es). Unfortunately, when it comes to passing data to complex controls like the drop-down list , it seems there just is a void of information, although ...
Something very interesting came across the desk today that looks very neat for the SMB space HP challenges Dell in the SME market Colin Barker ZDNet.co.uk After Michael Dell on Monday launched his company's first storage system targeted at small and medium-sized enterprises, HP responded with a system of its own on Wednesday. Both systems are low-cost. The Dell system is priced at £5,497, while the HP BladeSystem c3000 (pictured, left) costs just under £5,000. But there was a difference between the ...

Is anybody else experiencing problems with the Security Update for VS2005SP1? I have installed it twice to no avail. It says it completed successfully, and then promptly requests I install it again. I've checked the obvious stuff like the Event Log for any errors and there aren't any.

Can't decide if I want company…

Thanks to Dugie for the heads up on this announcement, could this be right? everyone is going to co-operate? WOW DMTF Accepts New Format for Portable Virtual Machines from Virtualization Leaders New specification created by Dell, HP, IBM, Microsoft, VMware, XenSource aims to become an industry standard; will help ensure portability, integrity and automated installation/configuration of virtual machines PORTLAND, ORE. September 10, 2007 The Distributed Management Task Force (DMTF®) today announced ...
I woke up yesterday morning, I noticed that Vista had installed three different security updates overnight. Opening Microsoft Word, I noticed that I was unable to use my mouse anywhere within the document anymore. I couldn't select any text. I couldn't right-click. I could only move my cursor around with the arrow keys on my keyboard. For me, this made Word completely useless. The problem was with a SnagIt add-in to Microsoft Office that was installed on my machine. It all of a sudden seemed to have ...
I signed up to a SubVersion and Trac hosted service nearly 12 months ago with the aim of moving all my source code repositories from my local server onto a centrally managed system hosted by hosted-projects.com. At first I was concerned about reliability of access, availability levels and the level of customer support I would receive for what is a bargain US$15 per month (with an additional US$15 per month for nightly backups). Those concerns were completely unfounded. In the past year I have had ...
One of the annoying things about unit testing, is that not all members of the target code class are accessibly to the test fixtures. There are limited options to work around this (as you really don’t want to put the unit tests within the code assembly). In the past, the usual method has been to open up the access levels of the code class members. This isn’t ideal from a best practices and security point of view. However, as of .Net 2.0 a better method has been introduced. This is to use the InternalsVisibleTo ...
The challenge I was facing was being able to accomplish the following within a single ASP.NET application: Use an NT authenticated connection to my SQL Server database; this would assume the identity set for the IIS application pool Disable anonymous access to my web site; only allow Windows Authentication Force all use of the TFS API to happen within the context of the Windows authenticated user First, in ASP.NET, in order to force the execution context to use the identity of the person browsing ...
Before I explain where that quote came from I want to say a couple things: 1) I heard it first-hand 2) My 80 year-old Mother and her 90 year-old boyfriend each have a computer and do email, IM, and web browsing. So...I was taking a break and talking to the security guard at the main entrance to the building, and an elderly lady showed up at the door complaining that the Credit Union next door was closed. He explained it had been closed for two years, and went on to say people had been making night ...

Is it April Fool's Day? No? Geeze, then that means ThinkGeek really IS selling a t-shirt made out of chain mail.

Ok, now someone needs to buy one and then try to go through airport security with it on. :P

D

I was setting up a new DNN installation at WH4L and received this error while running the installation wizard. I first tried manually cleaning things out and doing it again only to receive the same error. Turns out the trick is the file permissions on the newly installed modules under \DesktopModules aren't correct. When you receive the errors, simply open a new browser window, login to WH4L control panel, go to Security | File Permission and reset permissions for NETWORK SERVICE with the box check ...
Working on my first SQL 2K5 application here...and came across this error trying to implement the SqlNotificationService. I read a lot on this error...However, I was able to avoid this error by simply making the current user of own the DB. 1. Security > Users > [select the user your application is accessing the DB as] 2. Select properties (right click) 3. Find and check your DB schema in the list of "Owned Schemas" 4. Ensure "DB Owner" is checked off in the "Role Members" list That's it ...
One thing is for sure, if Microsoft were to buy/offer XenSource $1b and trump Citrix - then I think we would be able to safely say "the bubble has burst" on Tech Stocks again.... Having said that, this <cough> reporter from TheDeal then goes on to compare Microsofts Virtualization efforts to Google's acquisition of Green Border for the browser virtualization technologies - so on that little insight I'm not going to be worrying too much if I was Citrix. But in fairness, there is a very good ...
So is it a crazy month for Virtualization or what? News in from Alessandro regarding KVM being possibly ported to Windows? and VMware quietly slipping in the news that it is serious about adding Security to the Virtualization Layer? KVM being ported to Windows and FreeBSD After XenSource acquisition by Citrix, another breaking news is going to shake virtualization industry: young virtualization platform KVM, already included in Linux kernel, is being ported on Windows. At the moment there are no ...
So there has been all sorts of news coming out regarding Citrix's purchase of XenSource, including the following articles below But what has been really interesting to read this morning is that apparently Novell were wooing XenSource about 9 months ago according to Allessandro's post Novell wanted to acquire XenSource 9 months ago, but so far the two best that do put it all in perspective are: The Truth Behind The Citrix XenSource Deal? from Michel at Thincomputing.net With XenSource, Citrix Sees ...
So after you have survived another update Tuesday you are thinking that all's well with the on-line world? Perhaps it's worth checking all those other media snap-in's and add ons to make sure you have minimized the security implications? And don't think that you're safe just because you're running Firefox, etc? As an example this was what the scan came back with for my Laptop: Applications / Result Version Detected Status Microsoft Windows XP Professional Service Pack 2 Adobe Reader 7.x 7.0.9.50 ...