Tag | Security Posts

So after you have survived another update Tuesday you are thinking that all's well with the on-line world? Perhaps it's worth checking all those other media snap-in's and add ons to make sure you have minimized the security implications? And don't think that you're safe just because you're running Firefox, etc? As an example this was what the scan came back with for my Laptop: Applications / Result Version Detected Status Microsoft Windows XP Professional Service Pack 2 Adobe Reader 7.x 7.0.9.50 ...
Thanks Joe Healy and Mike Wells! If you were fortunate enough to attend either the Sarasota Developers Group meeting or the new Sarasota SQL developers group meeting on Tuesday night, I am sure that you will join me in thanking both of the speakers. I have been told that there are plans to ensure that the meetings are scheduled on different evenings in the future. I also was reminded that I have been negligent in maintaining my blog, so I will again resolve to do a better job in the future. My current ...
For some background on this: check here Ok, here's the deal. I am tired of having my flying experience made more potentially inconvenient for measures that frankly seem pointless. Basically, my travel will be complicated because someone is in a bad mood? What if a cabbie gives me a hard time at DFW (and OMG do they), and I come to the checkpoint in a sour mood? Will my behaviour trigger some serious background checking? This, to me, is tantamount to thoughtcrime. Someone external will make a judgement ...
This is something I'm currently working on and as it's been ongoing for a little while I figured I'd post the problem just in case anyone else might have any ideas?? So I currently have a Customer who has these issues: They have a mix of WinCE 4.2 and 5.0 As they are a Library they want very tight security on the devices They need to give users access to save content to either a USB Stick or a USB Floppy The change in the access mechanism between CE 4.2 and 5.0 has left them with a security issue ...
Looks like Thinstall is strating to gain some support down in this neck of the woods? Apps on tap help consolidation Barbara Gengler | August 14, 2007 APPLICATION virtualisation products from Microsoft, Citrix, Scalent Systems and Thinstall are winning acceptance as the next step for enterprises that want to consolidate their infrastructure. As an alternative software concept, application virtualisation uses policy-based automation to intelligently match available server supply with application demand. ...
So…. Question? Would I use TS/Citrix or would I use VDI if I was building or designing the Front-Office of a Greenfield site today? This is a quite a hot topic, because as much as VDI/xDI/DDI is the latest craze that’s sweeping the IT sector, is it really all it’s cracked up to be? What has changed? My thoughts are that until relatively recently Corporate IT was rock solid and unchangeable, absolutely rooted in Change Management, driving Mainframes and COBOL – but now we are living in a much faster ...
Bush's immigration regulations will be in place in 30 days, requiring working immigrants to have social security numbers or be fired. Correlate this with the recent discovery that Mexicans are not sending as much money back home, and it looks like we've got a definite trend going on. Increased security at the borders is playing a part in this. It will be interesting to see how this all plays out in the latter part of the decade with higher construction costs, more expensive produce, hotel rooms, ...
One of the components provided with BizTalk Server 2004 and 2006 is the Business Rules Engine. It's touted as one of the big benefits of going with BizTalk as a business user can administer the rules and affect changes without needing to understand the intricacies of BizTalk. The BRE can also be used outside of BizTalk which is something that might merit investigation later. For now, I'll cover three methods of manipulating XML data I often use. I'll also take a moment to mention that this post isn't ...
I just found out that my good friend Joe Wells has accepted an offer from Lavasoft to be the new Chief Technology Officer (CTO). Joe is very well known for his extensive career in the software security field, having authored more than 60 technical papers and founding the WildList Organization International. He has worked with such well-known companies as Symantec, IBM, and Sunbelt Software. According to the press release, he "will lead all technical initiatives for Lavasoft, including development ...
From TheRegister: Best sort this out straight away if you are using any variant of Norton AV? Symantec security products less than secure Two words: Live Update By Dan Goodin in San Francisco ? More by this author Published Thursday 9th August 2007 23:27 GMT In a world where digital gremlins seem to lurk in almost every shadow, many of us feel safer using an internet security package. But for those using many Norton security products who haven't updated recently, that feeling is a false sense of ...
From Allesandro comes this news - this is a huge list of updates, shouldn't this be 3.5 or so? ;-) VMware ESX Server 3.1.0 / VirtualCenter 2.1.0 features list - Updated with full details Tuesday, August 07, 2007 | 0 Comments With maximum secrecy VMware is preparing next minor version of its flagship platform: VMware Infrastructure 3.1. Despite numbering this release will bring on the table remarkable features to further increase the gap between virtualization leader and its competitors. virtualization.info ...
From Bill Ryan, from unknown: It works on my machine It doesn't matter because no one will ever do that Users like it the way it is I don't write any bugs It'll be fixed in the next release It'll be ready on Monday, we just need to build the setup package The spam filter ate it A little more RAM will fix your performance problem You can't do that because it's a security risk The database is slow because it's too normalized I've heard a few of these before. Also there's: - It'll be ready on Monday, ...
So far in speaking with Clients this certainly reinforces what I'm hearing - no one seems in any hurry to go and install Vista - so far I know of only one Compant here in Australia that has plans to install this in the next 6 months. Business doubts grow about Vista migration Gregg Keizer Users are happy with what they have or considering Linux and Macs Fewer businesses are now planning to move to Windows Vista than seven months ago, according to a survey by patch management vendor PatchLink, while ...
When installing Sql Server 2005/2000 you propbably had options of installing it using Mixed mode Authentication (Sql server and Windows Authentication or Windows Authentication. But i think i must have chosen Windows Auth since its recommended and more secured.So on my Sql Server 2005 i created a user login and gave some it some access to some database,table objects etc.. Only when i tried logging in using the username i got the error "Error The user is not associated with a trusted SQL Server connection". ...
Update : February 27, 2008 Mentioned the location where the MSI File gets created in case of Websetup Deployment owing to a lot of queries on the same in the comments. Update: February 21, 2008 Posted a Video version of this article http://geekswithblogs.net/r... http://geekswithblogs.net/r... http://geekswithblogs.net/r... ...
Normalization 1. A table should have an identifier. A table should store only data for a single type of entity. A table should not have repeating values or columns 4. A table should avoid nullable columns Choosing a SQL Server Monitoring Tool SQL Profiler Enables you to monitor server and database activity (for example, number of deadlocks, fatal errors, tracing stored procedures and Transact-SQL statements, or login activity). You can capture SQL Profiler data to a SQL Server table or a file for ...
Hello, Welcome to my blog. I'll be discussing a lot of various things here, mostly on the technical side of things, but I'll occasionally visit some other topics, such as music, politics, or anything else that might engage my attention and fuel the fire to blog. Brief background about myself. I am a Senior Network Engineer at a large Microsoft Solutions Provider, and I specialize in Active Directory, Exchange, and ISA mainly. My past work experience includes supporting Exchange at Microsoft Premier ...
Hell is other people, and Dev.Hell is no exception. While I feel secure in saying that most of the unnecessary strife faced by development comes from immature practices and corporate short-sightedness, there are plenty of problems that come from those of us who live down in the code; demons or damned souls both. Let's start with what developers are not: Developers are not lazy. Devs love technology, they love code, they love working... because working is playing. When devs become discontent it is ...
You can download today's show from the Computers 2K7 page. If today's show isn't there yet, check back later today. It should be there by the end of the day. Plain and simple, today's show was historical. No, I didn't mean hysterical, I meant what I typed, historical. Why, you ask? Let me fill you in, our esteemed host, Amnon Nissan does NOT miss many shows. As a matter of fact there has only been one other occasion where Amnon had to have someone fill in for him and that was a loooooooong time ago. ...
I'm not sure who sold the Federal and State government on the idea that "restricting all employee's email to MS Outlook is an effective counter to computer viruses." or "Allowing gmail, hotmail, or yahoo mail is an open invitation to computer viruses". I'm thinking that the marketing department in the "MS" of "MS Outlook" might be a good starting point to look. Both thoughts have rendered me temporarily speechless. Perhaps because both thoughts make as much sense to me as, "Eating apples is the only ...
Is it just me, or do we all think that Microsoft is having a bit of a lend with the price of Vista? For the life of me I can't honestly see that we will be looking back at this in 5 years time and saying this was a defining moment for O/S's? Actually maybe we will, and all for the wrong reasons as far as Microsoft is concerned? I have been delving more and more into the various Linux Distros and Ubuntu is certainly looking quite slick, as well as Suse from Novell (BTW, drop them an email and they'll ...
I've been through almost all sorts of Timeout related issues with Asp.net web service development. I’d like put a check list here to remind myself and hopefully save some headache of yours. If use database, you may get ‘System.Data.SqlClient.SqlE... Timeout expired’: a: Check your connection string setting for ‘Connect Timeout’: I.e. connectionString="Data Source=SNYC14D11511;Initial Catalog=d_dbivt003;Persist Security Info=True;User ID= user;Password= Password;Connect Timeout=4200 b:Check ...
I'm doing some work now on an internal web application where I had to logon with an external test account before I could do anything. That got old fast, so I created a powershell script file to automatically launch IE, input the username and password, and click the submit button. I originally tried to do this with WatiN, which provides a much easier interface for controlling the browser than the COM object InternetExplorer.Application, but I couldn't get by the security exceptions explained in this ...
Our build server (running Windows 2003 Server) was set up with 2 partitions: a small system partition (C:) and a large data partition (D:). As we installed more and more software packages on it, the system drive filled to capacity. In order to free space on the system partition, we moved a variety of directories from drive C to drive D, and then used the Junction utility from SysInternals (now owned by Microsoft) to create reparse points on drive C that pointed to the new file locations on drive ...
Having inherited some rather strange Group Policies on our Windows Server 2003 server, we wished we could just go back to the default policies. We figured out how to do it but it is not recommended unless you have no choice. After trying to get some permissions corrected and finding them so messed up, we decided it was less of a problem to blow them away then continuing to deal with what we had been in the past. Please use this with caution and a full understanding of what it will do to your domain! ...
Here is a good joke to play on one of your developer buddies if they have powershell and SQL Server installed on their local machines and you have sa rights on the SQL Server for whatever reason (former debugging help, open environment between developers, blank sa password, or mad hacker skills on your part). Wait until they are busy typing and execute the following query in Query Analyzer (or using sqlcmd.exe if you want to be a purist) against their SQL Server. You may want to lock down your own ...
Deciding which Thin Client is good for you? So you are considering a Desktop Refresh in your organization? Are you aware of the impending "Tipping Point" where the difference between PC's and Thin Clients is about to become blurred? Traditional Thinking: Traditional thinking around Thin Clients focus's on the matrix between a choice of Hardware at a good, better and best level and the choice of O/S that is used which is typically WinXPe, WinCE or Linux - this then prompts the decision maker to ask ...
After much research found the following KB and Hotfix for the 6398, 6482 and 7076 errors that had become the proverbial thorn in my side with my SharePoint server: KB923028 http://support.microsoft.co... Hotfix http://connect.microsoft.co... However, while installing the Hotfix, I received the following error message "Error 1324. The folder 'Program Files' contains an invalid character" So I found this KB: Error message when you try ...

 I am not sure what the long-term play is here, but Google has "signed a definitive agreement to acquire Postini" a leader in email security and compliance solutions.

I was just reading this in PC Mag here in the US - It should never be overstated - ALWAYS question whether or not you really do need to enter something like your credit card details - OR - any other personal details for that matter, it's a Jungle out there.....!! MS Needs Your Credit Card Details? Recently we came across an interesting Trojan sample, detected by Symantec as Trojan.Kardphisher. The Trojan is not very technical - it's really just another classic social-engineering attack. What makes ...
Having just gone through this, I thought I'd share the basic procedure when calling WSS 3.0 Web services such as lists.asmx and views.asmx from a WCF client. As you may know, the exceptions returned by the WSS Web services are terse. Hopefully, this post will help someone trying to avoid those in their own project. Step 1 - Add a Service Reference to the WCF service you want to call (Duh) Note that I included the "?wsdl". If you don't VS will be redirected to /_vti_bin/Lists.asmx. That doesn't matter ...
And this just in from the Register... ;-)) iPhone hack bypasses AT&T DVD Jon strikes again By John Leyden ? More by this author Published Wednesday 4th July 2007 12:43 GMT Famed reverse engineer Jon Lech Johansen claims to have discovered a way to "activate" an iPhone without signing up for a contract with AT&T. The hack allows users to use the iPod and Wi-Fi capabilities of the devices, but doesn't allow use of its phone features. DVD Jon - who's been something of a thorn in Apple's side ...
So not quite in the same vein as the Hacking that I'm thinking about ;-)) but interesting enough all the same? iPhone hackers disclose vulns and hunt for clues - Closing in on their Holy Grail By Dan Goodin in San Francisco ? More by this author Published Tuesday 3rd July 2007 01:37 GMT The game is on for hackers trying to spot security vulnerabilities in Apple's iPhone and already they're scoring points. Less than 72 hours after the iPhone's introduction, researchers have reported at least one flaw ...
Please be aware that this is not verified at all - but this is posted here just as a precautionary warning until such time as it is verified? Better to be safe than sorry? ***UPDATE: This is a real issue only IF there is a Firewall between the Licensing Server and the Servers hosting Citrix Products A colleague of mine sent me this: ++++++++++Quote++++++++++++... I took down x,xxx users on Monday because I upgraded our License Server to PS 4.5 on Friday afternoon. Everyone went ...
Now this is interesting as it follows on from an earlier post just the other day.... ;-) Technical Overview of the Thinstall Application Virtualization Solution Thinstall has created a white paper to give a technical overview of application virtualization and their product. Thinstall is an Application Virtualization Platform that enables complex software to be delivered as self-contained EXE files which can run instantly with zero installation from any data source. The core of Thinstall VS is the ...
Rebranding Neoware With the advent of virtualization technology, increasing security breaches, stiffer regulatory compliance, and renewed interest in energy savings, thin client computing is becoming a stronger challenger to the traditional desktop and laptop PC. By earning a position as a trusted, experienced player, Neoware is poised to deliver the benefits of thin client computing to more companies than ever. Together with our new Web site and logo, we’ve adopted a new “tag line”… “redefine computing.” ...
The post is a cautionary tail of the latest episode of common sense versus cool. AJAX is a great technology that allows webpages to have much richer content. Google Maps was the turning point for this technology as it brought the technology to the attention of the Technorati that has enjoyed a superficial level of hype ever since because it is encompassed as the lynch-pin of Web 2.0. The key part of AJAX is Javascript which is a language that all mainstream browsers, no matter what operating system, ...
Lately, I have started using Google Reader for my feeds when Outlook 2007 decided it didn't want to read my feeds anymore and I started missing valuable content. I absolutely love the interface of Google Reader, it is very fast a with the HotKeys, it feels like a desktop application. However, the add subscriptions functionality is less than desirable. Inside IE it will freeze up quite often and just sit there bubbling green goo out of the beaker. To get around this issue, I created a IE Search Provider ...
We have had a challenge to get TFS to record a test and replay it multiple times. I think the basics are easy but let me add a few more kinks. Session variable in the URL A variable that is returned in the response query that changes at each post A SessionID for database connectivity, this variable is good throughout the entire session https/SSL The 4th kink was easy enough we turned https off during the recording process. The session variable and SessionID were fairly easy. Create a class and write ...
A few years ago I was walking through our local mall on a weekday afternoon when I almost had my pocket picked. A group of teenagers positioned themselves near the food court so you had to walk through them, then one of them would snatch your wallet and run while the others made a wall. One of them tried to grab my wallet, which should have been easy to do wearing suit pants, but it had a button, and no dice. The kid ran off with nothing. The amazing gall of these kids is that they didn't even bother ...
Well looks like I'll have to add "download Server 2008 and install in VMware (oops. Virtual Server)" to my ToDo list? ;-) A closer look at Session Broker load balancing in Windows Server 2008 In Technical Articles Notice: This article was written based on the Beta 3 release of Windows Server 2008. Features and facts about the Session Broker Load Balancing therefore could be subject to change as Windows Server 2008 moves towards RTM. You should be aware of this! Session Directory versus Session Broker ...
OK, so let's stop right here, this is getting silly isn't it? Is it April the 1st? ;-)) Virtualization on your iPhone? June 20th, 2007 by Alex Barrett No, Apple hasn’t made any announcements about virtualization for the iPhone, but all this reporting about VMware ESX Lite jogged my memory of a conversation I had recently with XenSource CTO and founder Simon Crosby. While talking about Xen 3.1, Simon mentioned that since Xen is an open-source project, some developers in the consumer electronics space ...
Now this really intriguing, this startup appears to have everything going for it? Certainly from the roll call of people involved as well as the funding it seems like it's heading in the right direction? And with the anticipated growth in the Thin Client Market it has a good a chance as anyone else? Whether or not it will actullay replace or take away any business from the traditional Thin Client vendors like Neoware, Wyse or HP remains to be seen - as I can see that the prerequisite for adding a ...
A very good blog from Daniel Petri regarding the strengths and weakness of VDI How can VMware's Virtual Desktop Infrastructure help you? VMware has released a new "solution" called Virtual Desktop Infrastructure (VDI). If you are using VMware's products to serve up desktops to your end users, you may already be using a more basic form of VDI and not even know it. Let's find out more about VDI... What is VDI? This is a VMware solution, not a product because it involves using Virtualization to provide ...
I typically enjoy debugging. I think most developers do. We seem to be hard wired for puzzle solving. I don't enjoy debugging cryptic errors or untruthful errors. Today, I've spent all my time trying to figure this gem out: C:\dev\test.proj (227,5): error MSB4061: The "StarTeamCheckout" task could not be instantiated from the assembly "C:\Program Files\MSBuild\MSBuildCommun... System.IO.FileNotFoundExcep... Could not load file or assembly 'Interop.StarTeam, Version=1.0.0.0, ...
Welcome to Dev.Hell. I'm the Advocate, but you can call me Jason. Other people call me a complaining nerd. It's all good. For the last 8 years I've been a professional Windows applications developer. I live in Australia, although I just spent five years working in the USA. I've worked your standard client/server n-tier database apps, I've worked on CAD/engineering applications, I've worked on network security apps, and right now I'm working in the physical security space. I have a couple of side ...
Well I guess this is all too fast for MS to handle? Microsoft flip-flops on Vista virtualization Company reverses plan to expand rights to allow home versions of the operating systems to run inside virtual machines. By Ina Fried Staff Writer, CNET News.com --> Published: June 19, 2007, 6:25 PM PDT TalkBackE-mailPrint del.icio.us Digg this Microsoft planned this week to announce that it was broadening the virtualization rights for Windows Vista, but decided at the last minute to reverse course and ...
Having worked on a real SOA project for over 3 year I think it's time to examine the reality SOA on .NET. Introduction SOA is standards based late bound distributed systems. In traditional programming, when function A call function B, the compiler and/or linker binds the functions together. In SOA you embed a logical address for the function to call and assume the binding will take place at run time. This isn't the formal definition of SOA but it is the key enabling technique. Distributed late binding ...
I have been watching the channel 9 video on Biztalk.Net Services. I have to say I’m pretty excited about this project and the reason why will become apparent later on in this post. BizTalk.NET Services ( http://labs.biztalk.net ) is an experimental project (it’s at CTP currently) that extends WCF and is all about generic, secure connectivity. It’s a free download so fill your boots! The project has come about from the result of customer feedback where many have asked “how do I notify client applications ...
This blog has moved to http://www.douglasmarsh.net You will be redirected in 10 seconds. I use virtual environments for all my BizTalk development. I have several base machines that I clone to use as my actual development boxes. A couple of days ago, I was installing Microsoft Updates to my current BizTalk Dev Environment and one of the updates failed to install. The culprit was the Critical Update For Sql Server 2005 SP2 KB934458. Since, the update, while critical didn’t directly affect me, I ignored ...