|
|
|
October 2004 - Security Briefs
-
While eating breakfast this morning, I watched a section of 60 Minutes that talked about electronic voting. I saw a number of good points, and witnessed firsthand the naivete of the election officials. One official, when asked about recounts, seemed to...
-
Here's a link to my security unit testing example . Hope it's helpful! This blog has been neglected for the last month - I've been slammed getting ready for WinDev (being a track chair is just that much more responsibility) and preparing for Campsight...
-
I gave a talk today on password management - client side and server side. Here are some links for my attendees: Password Minder Password Safe The stateless password manager I wrote early in the presentation. The ServerPasswordManager sample I wrote at...
-
Please note that this post is mainly directed at MS folks because it addresses a cross-team issue, and I want to be terse so it'll have a chance of being read. Imagine a common scenario. Alice makes a call to Bob (Bob exposes some sort of interface, either...
-
Here's an update on my request for a modern book on programming AD in .NET. I just exchanged emails with a couple of very talented folks who have a lot of experience in this area. I won't name any names since this is so early, but suffice it to say that...
-
We need an updated book on programming Active Directory. The books out there now are either going out of print, or are generally focused on using VBScript or C++ to program with ADSI. I don't know how many of you have used S.DS, but (besides it's lack...
-
While I'm at it, any of you running as non-admin getting tired of seeing messages like this? If anyone testing this at MS actually ran as a nonadmin by choice, they'd have noticed that this is really inconvenient and asked for a button to elevate privileges...
-
Yet another application that doesn't work under LUA (Least privilege User Account). 1) You can't install this program unless you're an administrator. This isn't surprising, and isn't really all that big of a deal, until you consider, 2) This program won...
-
http://www.microsoft.com/downloads/details.aspx?FamilyID=b07c9ef0-265a-4237-ae3b-25bc8937d40f&displaylang=en I'm downloading it now. I'll report back on whether or not it makes a WinXP SP2 VPC any faster.
-
Congratulations Herb! This looks to be the finest offering for C++ programmers since Scott Meyer's Effective C++ series. Check out what Herb has to say about it . Preorder now at Amazon . I just did.
-
Looks like the consensus is that no version of IIS protects you from this vulnerability. If you have an ASP.NET application, and you rely on Url authorization ( sections), you need to fix your application ASAP. The fix is very simple - it's a few lines...
-
array<string^>^ a = gcnew array(10); I use MC++ a lot when I need to wrap Win32 APIs for ease of use in managed code. For some reason, I have managed to remain completely ignorant of the changes coming in Whidbey (the new language is called C++...
-
Heads up, this is serious. If you are relying on <authorization> sections in subdirectories (or via <location> in your web.config files), you should be aware of a canonicalization bug in ASP.NET that can allow an attacker to slip past the...
-
I finally got around to finishing up my managed adapter for ISecurityInformation. Turns out the cleanest way was to write a custom CCW in MC++. For those of you who are wondering what the heck I'm talking about, this allows you to add that nifty ACL editor...
|
|
|
|
|
|