Tag | Security Posts

There's been a few discussions going on recently with various colleagues and community members on the back of the SOA Manifesto announcement. In this discussions it made me think back to a year or so ago when I was watching some presentations about various SOA things. At the time there were discussions about why SOA was good, what it offered, why companies struggled with it and all of the usual stuff. At the time I was reflecting on things on the way home and was thinking you know SOA is really just ...
Researchers continue to challenge Apple’s security by obscurity position and highlights that Windows Vista and Windows 7 are more secure than the recently released Mac OS X Snow Leopard. I always love perspectives like these from top researchers that are not in the tank for Microsoft. Check out these articles: Apple missed security boat with Snow Leopard, says researcher http://www.computerworld.co... ...
When one of our users attempted to synchronize a Windows Mobile 6.1 device in our Exchange 2003 SP2 environment, the user would see the green Synchronizing icon continuously spin clockwise until it timed-out. We confirmed that the mobile device was able to connect successfully to the user’s mailbox but would not synchronize the contents of the mailbox with the user’s mobile device. In a nutshell, we use ISA Servers and Exchange 2003 Front-End servers in our Exchange ActiveSync environment. So, while ...
This is an Open Letter to the Editor of CIO in response to an article posted on Computer World discussing the five problems that supposedly keep legacy applications out of the Cloud. Dear Editor, In light of your recent article about the challenges that legacy application face in migrating to the cloud, below please find a response which provides answers to 4 of the most problematic issues. We believe your readers would greatly benefit from the information, and we regret that we were not directly ...
This post is common knowledge to all SharePoint professionals out there, but for newbie's it can save hours of hair pulling (as I’ve got to learn from a bunch of people I’ve helped out) ;) Scenario: There is a distribution list you can see and use in outlook, but when you search for the same list in SharePoint it doesn’t show up in the people picker. What gives? Chances are that the distribution list is not security enabled. This would need to be done by your domain administrator. He would need to ...
Many business applications need the ability to open and save files from and to the user’s local computers. With internet based applications the issues surrounding this are based on security and the rights the application receives to affect the user’s computer. Silverlight has the open and save file dialogs which enable the opening and saving of files to the user’s computer, while restricting the need for the application developer to need to know anything about the client environment. This post will ...
In this Issue: Mark Monster, Gavin Wignall, Fernando Cerqueira, Silverlight Tips, Mark Tucker, Mike Taulty, Robbe Morris, Brad Abrams, Christopher Bennage, and Victor Gaudioso. Shoutouts: The Silverlight Blog reports Silverlight Spikes AVP Pro Beach Volleyball Matches Live to Your Computer From SilverlightCream.com: Silverlight 3 – Local Messaging Explained + Enhancement Mark Monster has a great detailed post up on Local Messaging, and adds in an enhancement of his own.Using Images and Video in Blend ...
SharePoint has been around for quite some time. I first worked with it in its original version in 2001. And so began a love hate relationship that has lasted these many years. Recently I have been spending a significant amount of time writing custom web parts. Below are a number of notes I have accumulated while rediscovering what SharePoint can do. I don’t claim that these are best practices, only that they have worked for me. Environment General Creating web parts for WSS 3.0 or MOSS 2007 requires ...
Microsoft Security Essentials has been released. Check out the formal press release from Microsoft here - http://www.microsoft.com/pr... Check out the post on Network World - http://www.networkworld.com... You can download software from the Microsoft Security Essentials website at http://www.microsoft.com/se... Now you can get antivirus for your new copy of Windows 7 for ...
Well, it looks like Microsoft has been busy on the security front this month. Not only did they release their security essentials this week but also some interesting testing tools, too. Microsoft Essentials Essentials is the Microsoft answer to real-time Home PC protection. It guards against viruses, spyware and other malicious software. It is now available for download from Microsoft. MiniFuzz File Fuzzer MiniFuzz is a basic testing tool designed to help detect code flaws that may expose security ...
The following is Steve Ballmer’s recent letter to CEOs titled ‘The New Efficiency’. In all the talk about the economy, one term that comes up more and more frequently is something called "the new normal." I like this phrase because it speaks to the fact that economic reality has undergone a fundamental shift over the course of the past 12 months. So what is the nature of this shift? After years of economic expansion fueled by unrealistic rates of consumption and unsustainable levels of private debt, ...
What is Web Client Software Factory (WCSF)? WCSF is a web client development pattern recommended by Microsoft. You can use the software factory to easily create Web client applications with a consistent architecture. It helps you quickly incorporate many of the proven practices and patterns of building Web client applications What do I achieve out of this? 1. Your development time goes down a lot. 2. You will have a consistent architecture. 3. You will get a guidance automation package to guide you ...
This is the code: DECLARE @SQLCommand AS VARCHAR(1000) SET @SQLCommand = '("dtexec location" /F "package location and name" ' + '/SET \package.Variables[User::your variable name].Value;' + CONVERT(VARCHAR(2), MONTH(@Date)) + '/' + CONVERT(VARCHAR(2), DAY(@Date)) + '/' + CONVERT(VARCHAR(4), YEAR(@Date)) + ')' EXEC xp_cmdshell @SQLCommand Some notes: I tried to pass in the date without formatting it, I get a "Option "1" is not valid" message. I had to convert the date into a string to include in the ...
What a pity. I’ve spent some time recently evaluating SQL Server 2008 Reporting Services with respect to its proposed use on a UK public sector project that will implement a part of the 'national infrastructure'. In every respect but one, Reporting Services provides an excellent fit for the stated requirements. There is already a commitment to using SQL Server, and SharePoint, within the project, so Reporting Services appears the way to go. What is the exception? Well, Reporting Services provides ...
Security questions are a part of the internet, right up there with logins and passwords. No one thought much about them until Sara Palin's Yahoo account was hacked because her security question was something stupidly easy to find online: "Where did you meet your spouse?" (UPDATE: which is apparently still being used as a security question) So now security questions have been given the attention they deserve, but I still see supposedly knowledgeable websites (I'm looking at you goodsecurityquestions.com) ...
While SQL Server security features continue to improve, hashing in SQL Server using native functions is simple, but not necessarily up to speed on the latest security specifications. The good news however, is that using extended stored procedures allows database developers to take advantage of the strength of .NET using the System.Security.Cryptography namespace. I started to evaluate Hashing capabilities within SQL 2005 and 2008 and as it turns out, hashing is extremely simple using the HASHBYTES ...
In the SSRS Reporting Environment, you may never encounter this error and you live a happy and easy life. We all know an SSRS report can easily ping your server to 100% CPU if you decide to export a 120 page report, to PDF, with charts, etc. etc. You may get a complaint that performance suffers in another application while running the reports and you want to fix it, but do not know how. Then one day you or someone at your firm has decided to do your SQL Server a favor and separate out SSRS from the ...
EDIT: Lesson learned. Don't copy and paste code from Visual Studio into this blog. This was something I did not know how to do until I started working here, and since learning it, I've been finding uses for it all over the place, both in my work projects and in my own projects. In previous posts, I talked about how we often use attributes to store metadata as opposed to getting those values from a database or an XML/config file of some kind. Metadata is something that comes up in virtually every ...

Am I the only one who thinks it an odd combo that the latest security updates for the Java Runtime Environment include the option to install the new Bing Toolbar for Internet Explorer? Oh and as an added bonus - right after that option screen is an add for Open Office. Just curious....oh and hi again, it's been a while!

Turing Project Page: [Novice: 9 | Advanced: 6 ] FAQ | Table of Contents | Definitions What is this and where do I start? [Reposted here while my primary blog is sorted out ] From Database to DataGrid The next step in Project Turing is to create a first iteration of the Silverlight application that will retrieve data from our database. Using our technology of choice: the Data Entity Framework coupled with .Net RIA Services. .Net RIA Services will allow us to create business logic on the server and ...
In this Issue: Victor Gaudioso, Al Pascual, Colin Blair, Giovanni Montrone, and David Kelley. Shoutout: Best wishes go out from SilverlightCream to Justin Angel. I'm sure everyone's heard the news by now. I'm pretty well positive that his energy, enthusiasm, and knowledge is going to be missed in the inner circles. As soon as he gets back to blogging, you'll see his name here. From SilverlightCream.com: New Silverlight Video Tutorial: Creating Morphing Vector Path Storyboards in Blend Victor Gaudioso ...
Topeka DNUG is free for anyone to attend! Mark your calendars now! SPEAKER: Rob Reynolds has been programming in .NET since the early days of 1.0. He is a .NET Developer at FHLBank Topeka, a bank where the doors are always locked and there’s no money inside. He holds a bachelor’s degree in MIS from Kansas State University (don’t hate!) and enjoys spending time with his wife and kid when his wife hasn’t locked him in the basement to work on any of the OSS projects he manages. TOPIC: Automated Builds: ...
This past week I was reminded of the “fun” in which hosting an application within SharePoint can present. We are developing a custom application for our client in which some areas must reside within a SharePoint environment. We did quite a bit of our development in this first iteration within a web application in order to pull things together and present the client with a working end-to-end “prototype.” The architecture is composed of several layers all of which will be “in process” communications ...
I feel a series coming on! I have been involved with a client to develop and customize their present SharePoint Environment. I have incorporated several solutions I would like to share. It was a learning experience and it was definitely Fringe SharePoint!!! The purpose of this post is to set up the scenario and to describe all the factors that were involved with the decision making of the overall solution. I hit several walls and blocking issues and feel it's important for anyone doing anything remotely ...
Stumbled across a funny video this morning: An Introduction to the Lego Software Process from Thomas Hansen on Vimeo. This video is taken from the website The Lego Software Process, which states further: "For far too long Software Developers have been living in the stone age. The Lego Process proposes a Modular design. This makes you 20 times as productive. In addition it also makes maintenance a breeze, bugs vanish and security a commodity. Imagine; 20x Productivity No Maintenance Problems And Zero ...
In my previous blog post, I have discussed about how to get asynchronous JQuery treevew to work with ASP.NET Webservices, and we identified that, to make a successful ASP.NET webservice call using JQuery the request must be POST request, the content type of the request must be “application/json; charset=utf-8”, and the data parameter of the the $.ajax() method must be passed as a string. We also looked at the tweaks that we need to do to the jquery.treeview.async.js file to get that working. However ...
During the last days and weeks, there's an increasingly heated debate about the performance of NHibernate vs. some other commercial and noncommercial ORMs. This debate was triggered by the launch of a new website called ORMBattle.NET, which is allegedly "devoted to direct ORM comparison" (and hosted by a commercial competitor of NH...). The comparisons are largely based on batch processing tests like this one: protected override void InsertTest(int count) { using (var transaction = session.BeginTransaction()) ...
The repeated Twitter hacking exposes the complex and serious security issues on the web. "The repeated Twitter hacking exposes the complex and serious security issue on the web. Unfortunately for Twitter (Google Apps, Facebook, and others), the problems have unfolded in a public arena, forcing them respond quickly to calm users and resulting in a short term solution (that clearly has not been working!). What is unknown to many internet users is that the problem doesn't end with Twitter's band aid ...
After the update from Windows 7 RC to RTM I noticed Daemon Tools was gone. I tried to reinstall it but it was impossible. Daemon Tools relies on SPTD (a SCSI pass through driver) to do it’s magic and it checks whether it is installed. It seems that it couldn’t detect it on my system so it launched the SPTD setup, asked to restart the computer and then again and again. I downloaded a new version of SPTD (1.60) from the product page but I had the same problem, SPTD installed, asked me to restart and ...
According to BusinessWeek (2008)... In 2007, a new form of attack, using sophisticated technology, deluges outfits from the State Dept. to Boeing. Military cyber security specialists find the "resources of a nation-state behind it" and call the type of attack an "advanced persistent threat." The breaches are detailed in a classified document known as an Intelligence Community Assessment. The source of many of the attacks, allege U.S. officials, is China. China denies the charge. Below are some recent ...
(this is a repost since the initial post had a few issues that couldn’t be corrected) I am playing with the ASP.NET 4.0 QueryExtender released as a part of the Visual Studio 2010 Beta 1. It provides endless opportunities for working with data without writing much code and when you combine it with a few Ajax features, gives a truly great user experience with very less effort. To begin with you need the Visual Studio 2010 Beta 1 and .NET Framework 4.0 Beta 1. You can install both from http://msdn.microsoft.com/h... ...
Recently, while debugging desktop client - WCF service application I came across this error: System.ServiceModel.Securit... was caught Message=”An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.” Source=”mscorlib” StackTrace: Server stack trace: at System.ServiceModel.Channel... reply, SecurityProtocolCorrelation... correlationState, ...
This evening, I was presented with an update to Silverlight by Microsoft Update ("Update for Microsoft Silverlight (KB970363)"). The included text sounded more than a general feature description of Silverlight 3 than a change log: This update to Silverlight improves security and reliability, enhances graphical performance and creative effects, expands the range of supported media formats, broadens support for rich internet applications, and enables Silverlight applications to run outside of the browser. ...
Emergency patches issued for IE and Visual Studio Microsoft on Tuesday issued two out-of-band security patches -- one for the development tools suite Visual Studio and another for Internet Explorer. Read the full article here: Emergency patches issued for IE and Visual Studio ...
It is interesting to hear about a new competitors in the space of lightweight operating system for browsing internet. By the hype created by the media, most of the people in the world already heard about Google Crome OS. But many people don’t know about the other competitors in the same space. Many people might not know about the Microsoft project called “Gazelle”. Like Chrome OS, which is built on top of Linux, Gazelle isn’t really a new operating system. Rather it is a layer that extends the browser’s ...
Host: Jody Gilbert, Senior Editor 10 things Career Collaboration IT management Network administration Programming and development Project management Security Shortcuts Support Tips Web design Contact 10 cool features to look forward to in Office 2010 With the release of the Office 2010 Technical Preview, details are finally starting to roll in. Deb Shinder highlights some of the features she thinks might make the new version worth the upgrade 10 cool features to look forward to in Office 2010 Technorati ...
I decided last weekend to write my own RegEdit for Windows CE using the .NET CompactFramework. It turned out to be a fun little project, but I ran into a lot of trouble deleting Registry Keys. I used some sample code from a book to get started on this project, which was the root of the problem. The main problem that I ran into was that when I tried to delete a Key, the code raised an UnauthorizedAccessException. Being fairly good at searching for information, I started searching the Internet in general, ...
I had to make our site work in SSL mode and ONLY SSL mode. I also had to allow url's that pointed to our site before I forced it work in secure mode. I also had to allow for all the other domain names that we own work in SSL mode. I thought I would share how to get this done right so no matter what it works. Create an HTML page named 403-4.htm. Put it in a folder outside your web site’s root folder. Give the page your company’s logo and some nice looking text that states; The page must be viewed ...
Topeka DNUG is free for anyone to attend! Mark your calendars now! Speaker Dru Sellers is the Solution Architect for Federal Home Loan Bank in Topeka, KS. He has been programming professionally for over 8 years and spends most of his time in C# and VB.Net, Castle, and junk punches people who 'touch' his database. Topic Object Oriented Databases and other non-relational options Are you tired of writing SQL to maintain your databases? Are you using an object relational mapper and sick of the mapping? ...
It has been known for a little while now that Microsoft’s latest OS, Windows 7, will be released to the computer makers to install as the machine OS for the computers they are getting ready to sell in late July. Then later in the Fall (OCT 22nd), it will be available to the public for purchase. This is welcome news for many who were not as successful with Vista and are quite tired of Windows XP. I was definitely in that camp. I have a lot of computers that I run at home and they were all Windows ...
I’d like to provide you with a SilverBullet™, a small snippet of Silverlight, a class or namespace hidden in the silverlight .NET framework, to help you out in times of need. It’s not to learn, but something to keep in your pocket. Just remember it’s there and you’re safe. Although the Silverlight security model prevents access to the local file system, it is very easy to open and save or import and export files to and from the file system. It is not possible to gain any information about the local ...
I recently heard a presentation from David Chappell talking about how SOA is failing in many organizations. Below is not a summary of what he talked about but my own new thoughts on a subject I am still learning much about while listening to his presentation..... I have to give it to David Chappell. He has a way of bringing together concepts in a very simple and engaging way. At a recent architecture conference ( video http://channel9.msdn.com/po... ...
I was banging my head against the wall over this one for a few days. There was a particular AD security group (over 1000 users) that sharepoint could not resolve. Nothing about it (so I thought) was different than any of the groups that sharepoint could resolve. Same setup, OU and everything. Finally, I realized that the Alias name was not the same as the standard object name which is called the "Pre-Windows 2000" name in Active Directory. In 99% of all the cases, these are the same. For some reason, ...
What is Kerberos Authentication? Kerberos (or Cerberus) was a three-headed dog in Greek Mythology which guarded the gates of Haides (King of underworld God of Death). Kerberos was responsible to prevent ghosts of the dead from leaving the underworld. The Kerberos Protocol was created by MIT as a solution to network security problems like: 1) Insecure unencrypted password over the internet 2) Firewalls, which assumes that the bad guys are outside the network, what about the Bad Guys within the network. ...
The following post is taken from an article that explore the differences, pros, cons and usages scenarios of the Server empowered web architecture of Visual WebGui and on the other side the Client empowered web architecture features by solutions such as Classic AJAX, Flex/Flash, Classic Silverlight, Java Applets. Both server and client empowered solutions can support any kind of UI look & feel using Silverlight or rich AJAX. Client empowered applications support the highest performance in applications ...
If you have not heard there is an updated MS SDL Starter Kit available for download. This kit provides a compilation of baseline developer security training materials on core Microsoft Security Development Lifecycle (SDL) topics. The core Microsoft Security Development Lifecycle (SDL) topics include: Secure design principles Secure implementation principles Secure verification principles SQL injection Cross-site scripting Code analysis Banned application programming interfaces (APIs) Buffer overflows ...
Today the news about Google coming out with its own operating system "Chrome" is all over the Internet and I was wondering can they make an in-road into the OS field which is basically been dominated by Microsoft for decades. And the answer to that is possibly yes, if not as a full fledge OS for desktops and servers but for portable devices. There are 2 things that I hate most about windows OS first it takes forever to boot the OS, since I had SP1 installed on my Vista it takes more than 5 minutes ...
This is an analysis that was written by Peter Brockmann, President of Brockmann & Company, a high tech marketing consulting company which is featured on the company's website. "Faster development of a rich media experience for web applications that are secure in operation has been a particularly elusive goal for many enterprise application developers since the debate about thin client and thick clients a decade ago. Until now. ...Visual WebGui brings the ultimate simplicity to the .NET development ...
The source code can be downloaded: Download Source Code In Windows CE: Creating a Control Panel Applet, I wrote about creating a Control Panel Applet that displays OEM versions including the OEM Build Number, Bootloader Version and a CPLD version. In this article, I will discuss the code that makes that Applet run. It might be good to first discuss a little about Control Panel applets and what make them unique. The following are some facts about Control Panel Applets: · Control Panel Applets are ...
Usually as a developer I am logged with a user with more rights than a usual user. Even if I am not using the Admin account often I have to create one or more user with associated groups to simulate my target environment and log with those user and test my application. This is time consuming for me and i want to be sure I can retest those cases as often and as fast as I want. The idea may seem strange as those tests looks more like integration tests, but i don't want to deploy my application, test ...