Browse by Tags
All Tags »
Deployment (
RSS)
I realized that for some reason lately I was concentrated on tools: Scriptomania - Scripting Tools and Utilities More Powerful Security Tool Most Powerful Security Tool This blog entry is about another security tool - ShareEnum (free download) I am about to conduct Security Deployment Inspection with some project and this tool might be very handy. Another handy utility could be TCPView (free download) to identify activity for TCP and UDP You must agree that this one is nicer than black and white...
From: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9009784&source=rss_topic82 January 30, 2007 (Computerworld) -- The Vermont Agency of Human Services (AHS) today started sending letters to about 70,000 individuals in the state warning them of a computer compromise that may have exposed their Social Security numbers and other personal data . But the AHS server that was hacked stored the data in unencrypted fashion , said Heidi Tringe, communications director...
I've previously blogged about SOA Security Inside Enterprise walls This time I had couple of pretty interesting requirements from one customer that targeted B2B/Partners scenario. They had a web site that communicates to partner's web services. His concerns were sincere and pretty fair: I want to manage my creds that I use to authenticate with the partner's web service in secure way I want to pass it it over the wire in secure standard way The partner won't do any major changes to his authorization...
Although passwords are weakest way for authentication one can raise the security bar by creating strong passwords that hard to crack . Here are some guidelines from guidance explorer for creating strong passwords: DO use a password with mixed-case letters. Use uppercase letters throughout the password. DO NOT just capitalize the first letter, but add uppercase letters throughout the password. DO NOT use a network login ID in any form (reversed, capitalized, or doubled as a password). DO use a password...
via: How not to write secure Web apps - and get to see Steve Jobs for Free! All the crypto and password logic was in client side javascript? hmmmmm.... Here is how you DO write secure web apps Cheers
I was reading what's new in sql 2005 sp1 here http://www.microsoft.com/sql/sp1.mspx and in the end there is nice pointer to this: Password cracking tools for SQL Server: SearchSQLServer.com (May 9, 2006) which explains in details how to crack SQL passwords using say Cain and Abel or other juicy tools. How to get protected? Always use Windows Integrated Authentication to connect to SQL Server How do I use windows authentication for connecting to SQL server? When using Windows authentication, how can...
Fully blown tutorial on how to deploy web site AND it's database using new shiny free tool - SQL Server Hosting Toolkit Enjoy! - I did :)
First They will get some network sniffing tool. I am extremely proud MS recently released shiny new NETMON 3 that can be downloaded for FREE here https://connect.microsoft.com/availableconnections.aspx and the team manages very nice blog here http://blogs.technet.com/netmon/default.aspx that explains in very detailed manner how to capture, filter network traffic and even automate all this. After studying all this, first thing I believe They try to sniff HTTP traffic applying proper filter: and looking...
From: http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGGuidelines0003.asp?frame=true#pagguidelines0003_strongnames If you protect your code with a link demand for a StrongNameIdentityPermission to restrict the code that can call your code, be aware that this only works for partial trust callers. The link demand will always succeed for full trust callers, regardless of the strong name of the calling code. In .NET Framework 2.0, any fully trusted assembly will satisfy any demand , including a...
from: http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGGuidelines0003.asp?frame=true · You need to add your assembly to the global assembly cache . If you want your assembly to be shared among multiple applications, then you should add it to the global assembly cache. To add your assembly to the global assembly cache, you need to give it a strong name. Adding an assembly to the global assembly cache ensures that your assembly runs with full trust . · You want to prevent partial trust callers...
From Worker put 'bomb' in drug giant's databases : "A technology administrator angry about possibly losing his job planted an electronic "bomb" in the computer system of one of the nation's largest prescription drug management companies that would have wiped out critical patient information had it gone off" "The potential damage to Medco and the patients and physicians served by the company cannot be understated," Christie said. "A malicious program like this can bring a company's operations to a...
Describes how to get the power of delegation in .Net while running with low privileges http://msdn.microsoft.com/msdnmag/issues/07/01/SecurityBriefs/default.aspx
I think this one is killer one. With SPS 2007 one can centrally configure doc library with RMS applied, that means every doc created in this library would be RMS protected [encrypted and with per user rights]. Imagine doc library with Security Assessment for some project - each team member can access the web site and each one can download the doc but only those who actually has right to open it [say project lead only] will be able to see what is in it. Exchange 2007 offers nice RMS story too. · Installing...
"...of the theft of a company laptop computer." "...As was the case in the other situations, information on the laptop wasn't encrypted ." I bet Vista's Bitlocker would help a lot here "BitLocker ensures that data stored on a computer running Windows Vista remains encrypted even if the computer is tampered with when the operating system is not running. This helps protect against "offline attacks," attacks made by disabling or circumventing the installed operating system, or made by physically removing...
With ASP it was so easy to update web application - open it in notepad and you are done. Developers found it handy, IT folks not.. Then came ASP.NET 1.X - each change must go through build process to take effect. Developers hated it, IT folks liked it... Then came ASP.NET 2.0 with new compilation model which brought back in place change and run without build required. Developers started to fall in love with it and IT folks got frustrated again But wait! there is handy tool Aspnet_compiler.exe that...
More Posts
Next page »