Tag | Security Posts

For good or bad, Microsoft’s Entity Framework (EF) has become one of the most widely used ORM tools out there. While some may state that it's not among the better ones (or that it's not even a real ORM), it’s definitely the most convenient one: its Visual Studio integration and consequently its integration with the MS SQL Server database is unparalleled. This is especially relevant to people who haven’t used the concept of object-relational mapping before - there's almost no initial learning curve ...
I've been back working with BizTalk 2006 R2 for a customer recently and I've become such a fan of the BDD style acceptance tests I've done in the past with BizTalk 2010 that its quite frustrating working back in Visual Studio 2005 and not being able to use Specflow alongside BizUnit 4 like I described in the recent videos on these subjects BizTalk & BDD Part 1 BizTalk & BDD Part 2 In BizTalk 2006 development your back to the older style xml bizunit tests and we were looking at some old tests ...
The evolution of an IT department is always something interesting to observe. The is especially the case when they move from small departmental IT groups to corporate level oversight. It is usually painful for the people involved to give-up their ability to modify servers on the fly and conform to rigorous testing and documentation. Having the keys to your environments taken away can really feel like getting stabbed in the back especially when the new deployment team is still working out there processes. ...
For a full explanation and step-by-step guide to setup a linked server through Sql Management Studio (SMS), check out this reference: http://www.databasejournal.... Here it is in a nutshell: If you are setting up a linked server for another sql server 2005/2008 box, just remember to (1) name the Linked server the same name as its network name, (2) select and provide under the security option ,"Be made ...
I am not a fan of the J*** language, but on its official web site at http://www.java.com/en/down... it states: "We highly recommend users remove all older versions of Java from your system. Keeping old and unsupported versions of Java on your system presents a serious security risk. Removing older versions of Java from your system ensures that Java applications will run with the most up-to-date security and performance improvements on your system." ...
At http://www.darkreading.com/... there is a disturbing report on the extent of SQL injection attacks. The atttack is not just SQL Injection attack but uses scripts to initiate "drive-by" downloads to the client PC? What are you doing to secure your websites both externally facing and internally facing? Are you installing a full-spectrum security solution such as Sunbelt's VIPRE on your client PC's ...
DropkicK (DK) has been in development for over two years and has been used for production deployments for over a year. Dru Sellers originally posted about DK back in 2009. While DK isn’t yet as super easy to grok as some of the other ChuckNorrisFramework tools and offers little in the idea of conventions, it is still a stellar framework to use for deployments. DK works well in environments where you know all of the environments you will deploy to ahead of time (although not required due to the ability ...
This issue is related to permission on MachineKeys folder. I think this is right place where you should know what the determination of MachineKeys folder is. What is MachineKeys Folder? The MachineKeys folder stores certificate pair keys for both the computer and users. Both Certificate services and Internet Explorer use this folder. Possible reasons for getting this error message in your application are, may be your application using a certificate or your application trying to access a private key. ...
When you are going to join any computer from domain controller the following error will be appeared on your computer screen. Full Error Message v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} Normal 0 false false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; ...
One tries to be a responsible citizen and report malicious behavior to the “appropriate authorities.” Of course, in the end, it’s really about filling out forms and being told to go fuck yourself. After filling out their forms, they said: The Microsoft Malware Protection Center (MMPC) strives to keep you informed about the status of your submission. This email communicates what we currently know about the file(s) you submitted. You can view your submission online at http://www.microsoft.com/se... ...
Downloaded YouTube Downloader from: http://download.cnet.com/Yo... “CNET EDITOR'S NOTE YouTube Downloader includes optional bundled software that may trigger alerts from security software. YouTube Downloader has been tested for malware by the CNET Download.com team and meets our security requirements.” I guess their “standards” don’t include the installer installing SearchSettings.exe from the wunderkinds at Spigot. Once on your system, this little gem will ...
Introduction To save on hosting costs and simplify maintenance, Software as a Service (SaaS) providers typically rely on schema separation to host multiple customers' records. This implementation relies on a specific SQL Server and SQL Azure feature called a schema object. A schema object behaves like a container, or a namespace in programmatic terms, allowing multiple tables (and other objects) to be stored with the same name in a single database. However schema separation comes with its own set ...

Cloud Security Alliance, ha desarrollado una guia de Seguridad para la atencion de las areas criticas identificadas en entornos de Cloud Computing, esta guia puede ser accedida desde

https://cloudsecurityalliance.org/guidance/csaguide-es.v2.pdf

Nos leemos

 

We got a lots of questions how to implement the security access token generation process and how to build a valid way to get an approval from the DropBox team for applications which are implemented with the SharpBox library. Our latest tutorial describes all details how to get an approval for your DropBox application aligned to their terms of use. You will find the document on our tutorial page here: http://sharpbox.codeplex.co... Just a couple of hints ...
The nice thing about unintended changes is that you never think it could happen until you get bitten by a nasty change. Microsoft did publish a complete list of breaking changes here which is complete to my knowledge. But although the intentional changes are listed there are side effects which can cause you to search for hours your (non) fault. One change was to create a new GAC for .NET 4 assemblies to prevent breaking applications which rely on the structure of the GAC introduced with .NET 2.0. ...
Step by Step Installation Guide to Install Windows 8 Developer Preview on Virtual Box Microsoft revealed Developer Preview of Windows 8 on 13th September 2011. Windows 8 is adhering Metro Design Gudielines. Without going much into deep technical discussions on features of Windows 8 , in this post I have targeted to show you installation steps of Windows 8 on virtual box. So to start with go and dowanlaod Windows 8 developer preview from below link. Choose appropirate link as for your system (32 bit ...
What is Tulsa TechFest? It is a technical conference with currently the broadest topics in the United States, maybe the world. There are tracks covering everything enterprise architecture, software/web development, databases, project management, data security and this year for the first time - End Users, Social Media, Mobile, Enterpreneurs, Managers, BI & Reporting, Virtualization and Mentoring. It's primary focus is to provide training/teaching sessions that are immediately benefical to the ...
I usually do a bullet points from major conference events like this one from Mix11. The purpose of this post is to get you up to speed quickly with news and links you may enjoy. Build – Day 1 Keynote Windows 8 takes about half the amount of RAM to run compared to Windows 7. Windows 7 usage by consumers is now greater than Windows XP. Like the Metro Interface? Well, you better as the interface is similar to the Windows Phone 7. You can unlock your touch-enabled PC by tapping certain spots on a picture. ...
I'm sure that over time you've run into the dreaded "File transport does not have read/write privileges for receive location "C:\Flatfile\SAPTestIn\".". Usually you simply go to the folder and either give the BizTalk account full permission (bad) or Everyone full permission (really bad). So for a production environment, what is the absolute minimum permissions required? For the Receive File Adapter the explicit permission are: NTFS Attribute Property Name DELETE Delete Files FILE_READ_DATA List Folder ...
This morning, I published MVVM Light V4 beta1 in the form of an MSI. The installation instructions are detailed on the MVVM Light installation page. Please make sure to uninstall previous versions before you install V4 beta1. There are quite a few changes in this version, and I plan to blog about various features in the coming days. As usual, stay tuned! Read the rest of this entry » ...
On the 9th Sep, the SQL Azure team announced that the new version of SQL Azure had just been release. In this version not only the SQL Azure engine had been upgraded, the SQL Azure Management Portal had been upgraded massively. Below are the features and improvements available in this release: Foundational updates for scalability and performance. Co-administrator support, which enables customers to specify multiple database administrators. Increased capability for using spatial data types, which ...
We have a webscraper ASP.Net application, that worked fine on developers and test environments, but didn’t work on some machines with more strict security settings. HttpWebRequest failed with System.Net.WebException: Unable to connect to the remote server It start working when my colleague added the site that application tried to access to his “Trusted Sites” zone using Internet Explorer. What we couldn’t understand, how it affected an application that ran under DIFFERENT account. I didn’t find any ...
Today, We deployed the “David Blaine” version of the TB Module for our EMR solution here at IDI (http://idi.mak.ac.ug). This was mainly for bug fixes and usability improvements based on the feedback that we received from users in the past few weeks. Some of the improvements were related to performance. We had to fine-tune some of our Linq statements in some places to enable better queries to be generated by our ORM. We also added some lookup dialogs that present certain information that would be ...

Mozilla have issued a new version of Firefox (6.0.2) .

I suggest you install it, together with any update to Flash Player (but avoid installing the MacAfee Security can, unless you are a McAfee fan that is)

In this Issue: Michael Washington, Tony Champion, Ollie Riches, Gill Cleeren, Koen Zwikstra(-2-), Peter Kuhn, Xianzhong Zhu, Mike Taulty, Pete Brown, Sumit Dutta(-2-), Asim Sajjad, Dhananjay Kumar(-2-), Above the Fold: Silverlight: "Silverlight Spy September 2011 Update" Koen Zwikstra WP7: "Windows Phone 7 on-demand training available" Peter Kuhn LightSwitch: "Quick And Easy Data Management With LightSwitch" Michael Washington PivotViewer: "Extending your CXML Trading Cards in Silverlight 5" Tony ...
When developing WCF services that interact with a custom Security Token Service (STS), you will need to create at least one X.509 certificate. If you have access to a trusted certificate authority – e.g. a Windows Active Directory domain – then this task is pretty simple. But if you don’t, or maybe you would just rather create a set of self-signed certificates, here is an approach that works well for me. This particular scenario utilizes three separate certificates. The first one is named “localhost” ...
Today, I was testing a Web site for deployment and encountered the problem described in the subject of this post. However, the process leading up to realizing the true problem was far from clear. This post describes my initial experience, steps I took to isolate the true problem, and what I did to fix it. To put this in context, My project is an ASP.NET 4.0 Website. Bump! While testing, I encountered a System.Web.HttpException with the following message: File does not exist. with the following stack ...
Rich internet applications are growing fast in the business and enterprise application landscape as more and more software managers and corporate decision makers are electing to place rich internet applications (RIA's) into their organizations. But with the many advantages of rich internet applications over the client/server deployments, organizations also find many new aspects they need to master and overcome - one of them is understanding the new security vulnerabilities of the rich web based applications ...
Issue: Due to an upgrade from .Net 2, 3.0 or 3.5 to .Net 4.0 or you are starting a new .Net 4.0 project, you may run into this message: A potentially dangerous Request.Path value was detected from the client Or A potentially dangerous Request.Form value was detected from the client Environment: .Net 4.0 MVC 3 (could be MVC 2 also because of the controller/action action filters that are available) Fix: Lets tackle the first issue: A potentially dangerous Request.Path value was detected from the client ...
Introduction: One of the concerns that I keep hearing from customers is, “We can’t deploy Silverlight because it won’t run on a tablet.” I usually reply to that question stating, “What do you mean it can’t run on a tablet?” They usually looked puzzled and say, “You mean Silverlight *CAN* run on a tablet?” Yes, there are many devices that Silverlight can run on. Today we are going to take a look at the Motion CL900 Tablet. FYI: I have no affiliation with Motion Computing. Why this tablet? When I first ...
For a period of time, I have access to both an MSDN and a TechNet subscription. Both offer Microsoft software for download. I wondered what the similarities and differences were between the two subscriptions. I copied the two download lists into Excel and aligned them. Most of the material I would never use. Some products I have never heard of. I present the lists, current as of today, for your reviewing pleasure. TechNet MSDN Applications (63) Applications (79) Access 2.0 Access 2003 Access 2003 ...
I often get asked about how we are using Windows Azure internally and under NDA I can share some of the details – but its great to be able to point publicly at some of the excellent work that has been going on. And they are genuine technical case studies … hurrah! :-) How Microsoft IT Deployed a Customer Facing Application to Windows Azure in Six Weeks Learn how the Microsoft IT Volume Licensing team gained experience with Windows Azure by focusing on a straightforward, isolated customer-facing application ...
More and more companies are turning to companies who host cloud applications such as SalesForce. I may be mistaken, but I thought we used to call these ASPs (Application Service Providers). Whatever we call them they are the latest trend in IT services especially in larger corporations. So what does this trend mean for those of us who design, build and integrate systems? It means a new set of challenges, considerations and opportunities. The more you know about these areas going into a project the ...
Microsoft isn’t the only one who seems to be pushing native computing once again. We’re now seeing Google at the same table with the current beta release of Chrome. Yes, Chrome now supports native applications to be embedded in a web site and it’s just like embedding JavaScript. More information can be found in here: http://chrome.blogspot.com/... The native client SDK runs a sandbox environment which means Chrome handles security of the module just like ...
In this Issue: Kunal Chowdhury, Beth Massi(-2-), Gill Cleeren, Rajat Jaiswal, Mike Taulty, Jesse Liberty, Derik Whittaker, Den Delimarsky, Austin Andrews, and Oscar Agreda. Above the Fold: Silverlight: "How to Close Browser Window from Silverlight Application?" Kunal Chowdhury WP7: "How to access blacklisted apps in the Windows Phone emulator ROM (with the locked BIN image)" Den Delimarsky LightSwitch: "Getting Started with the LightSwitch Starter Kits" Beth Massi Shoutouts: Michael Palermo's Desert ...
Normal 0 false false false EN-GB X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.000... mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Calibri","sans... mso-bidi-font-family:"Times New Roman";} There remains a lot of complacency concerning ...
Shervin Shakibi, Microsoft Regional Director, was our speaker at the West Palm Beach .Net User Group July 2011 meeting. Shervin’s talk was demo-centric where he showcased the power of HTML 5 by example. Issues discussed at the meeting included suggestions on mitigating security concerns with HTML 5 source code accessibility as well as the status and timeline for HTML 5 readiness. Shervin’s much anticipated talk brought us over 25 members who filled our CompTec meeting room. We appreciate Shervin’s ...
This blog will help you prepare for an upcoming release of SQL Azure that will offer support for Data Federation. While no date has been provided for this feature, I was able to test an early preview and compiled a few lessons learned that can be shared publicly. Note however that certain items could not be shared in this blog because they are considered NDA material; as a result, you should expect additional guidance in future posts when the public Beta will be made available. What is Data Federation? ...
Today's deal of the day from O'Relly at http://oreilly.com/catalog/... at $7.49 Remember the discount code of DDJ5N "Take an in-depth tour of core Internet protocols and learn how they work together to move data packets from origin to destination. With this concise book, you’ll delve into each protocol in detail, including operation basics and security risks. Each chapter includes a set of review questions, as well as practical, hands-on lab exercises." ...
A new release of Microsoft All-In-One Code Framework is available on July 13th. We expect that its 17 new code samples would reduce developers’ efforts in solving the following typical programming tasks. Download address: http://1code.codeplex.com/r... Alternatively, you can download the code samples using Sample Browser or Sample Browser Visual Studio extension. They give you the flexibility to search samples, download samples on demand, manage the downloaded samples in a centralized ...
Microsoft has added new security features surrounding mapped drive usage in Windows 2008. Previously, with Windows 2003, we could utilize mapped drive not only from Windows explorer but also from the command line. Now, we can continue to map a network drive from Windows explorer; however, command line applications and batch scripts no longer have access to the mapped drive. No worries... there is a workaround. In order to utilize mapped drive from command line, we must take the following steps: Map ...
Initial troubleshooting As always, one of the first things to check is the event viewer to see if an event was generated detailing the error. Additionally check the %windir%\debug for the adamsetup.log and adamuninstall.log (this last one is only created during the uninstall process). These two logs will tell you where the setup is failing and what should be checked. It also pays to know that setup errors are written to the registry. If you cannot find the following key there was no failure as the ...
Hello fellow geeks! I'm kicking off this new blog with an issue that was a real nuisance, but was relatively easy to fix. During a recent Exchange 2003 to 2010 migration, one of the users was getting an error on his Windows Phone 7 device. The error code that popped up on the phone on every sync attempt was 86000C09 We tested the following: Different user on the same device: WORKED Problem user on a different device: FAILED Seemed to point (conclusively) at the user's account as the crux of the issue. ...
There was a recent rash of car break-ins at the gym. Not an epidemic by any stretch, probably 4 or 5, but still... My gym used to allow you to hang your keys from a peg board at the front desk. This way you could come to the gym dressed to work out, lock your valuables in your car, and not have anything to worry about. Ignorance is bliss. The problem was that anyone who wanted to could go pick up your car keys, click the unlock button and find your car. Once there, they could rummage through your ...
I have had some time this week to try out some tools that I have been meaning to try out. This week I am trying out the SP 2010 Diagnostic Studio. I installed it successfully and tried it on my development evironment. I was able to build a report and a snapshot of the environment. I decided to turn my attention to my Employer's intranet environment. This would allow me to analyze it and measure it against benchmarks. I didn't want to install the Diagnostic studio on the Production Envorinment, lucky ...
The Membership API came in .NET 2.0 and was a huge enhancement in building web applications with users, managing roles, permissions etc., The Membership API by default uses SQL Express and until Visual Studio 2008, it was available only through the ASP.NET Configuration manager screen (Website – ASP.NET Configuration) or (Project – ASP.NET Configuration) and for every application, one has to manually visit this place to start using the Security and other settings. Upon doing that the default SQL ...
Most of us have seen the Windows 8 news regarding support for native HTML5/JavaScript applications. The press has pushed this as a potential threat to the .NET developer community because JavaScript and HTML5 were called "our new developer platform". The press release refers to "Web-connected and Web-powered apps built using HTML5 and JavaScript that have access to the full power of the PC.".Microsoft has also been hush on details related to these comments. Before we buy the hype and start worrying ...
I have had the chance to talk at many conferences these past few years, and came up with a way to prepare them which works really well for me. Most importantly, it would make it quite easy to overcome an emergency (for example if my laptop would suddenly lose data). The whole code as well as the slides and other documents are in the cloud. I also use source control for my demos, so that I always have the latest and the greatest, but also a history of changes I made to my demos. Finally I have a system ...
I got a question from a developer whether they should use SharePoint lists or database tables to hold the data for his application. This is a fair question and as a consultant I will start with the standard answer: It depends. I will follow up that answer with the standard consultant question: what are you trying to do? There generally isn’t one answer for any technology choice. We need to take as many factors into account as possible. Who will be maintaining the data? Will the data only be used ...
After Dmitri posted DataObjects.Net beta2 last night, I couldn’t wait but test the security framework included. If you have been watching you may know that I worked on the provider for MySQL for DataObjects.NET. I was curious to see how the security framework will feel on MySQL. Well to my ‘extreme’ happiness, after I translated the SalesPoint database into MySQL and testing the sample it worked very beautifully. I only had to change the URL in the App.Config file. I have attached the SQL script ...