|
|
|
December 2005 - Security Briefs
-
There's a running joke used by many of us in the training business: “That dialog has more than 14 words, so just press OK.” Security dialogs that ask the user to confirm something can be useful if those dialogs are sporadic, but pelting a...
-
My latest column in MSDN Magazine is all about using RSA public key encryption with the .NET Framework to build a factored system that has the least possible exposure of its keys. Enjoy!
-
Many web apps rely on some form of client-side state management. It's either stored in a cookie, or mangled into the URL. Regardless, have you ever considered what would happen if a user were to make small changes to (or wholesale replace) that state...
-
I'm probably the last person in the world to figure this out, but ever since I've been using VS 2005, I've been rather bummed that snippets never seemed to work for me. Ever type the letter 'c' while writing C# source code and see that tempting cw snippet...
-
I remember awhile back wishing I had a good book on directory services programming from .NET (System.DirectoryServices, etc.). On a whim, I pinged ADSI wunderkind Joe Kaplan about it, and it turned out he and some other folks had already been tossing...
-
It's been ages since I gave a talk for Fawcette, but I'm back in the saddle in February at VSLive! in San Fransisco . Here are the abstracts for my talks, in case you're interested. Be sure to come up and say hi if you're at the event! Inside ASP.NET...
-
Kim has a great post on how the InfoCard identity selector might work with a credit card. It's neat how this interface can enable all sorts of interesting scenarios like one-time credit cards. But there's a parallel discussion we should be having. You...
-
I've updated my WS-Policy in Ruby bits - fixed a bug in the normalization and added simple serialization. Still not doing much with the assertions themselves; feel free to suggest models you'd like to see. Here's the latest drop .
-
Thanks to Marcus for the comment pointing to this post , showing how to disable the Insert key in Word. It's a nice workaround, if the app you're using allows you to assign a macro to the Insert key, as Word does. I tried the same thing in VS 2005, but...
-
Pardon my rant, but does anyone use this feature more than once a year? It'd sure be nice if it were optional (and turned off by default). Is it just me, or are you also fed up with accidentally whacking that Insert key and then playing with undo/redo...
-
Don's post listing the Ruby canon prompted me to invest in a set for myself. Last weekend I studied the Programming Ruby and fell in love (it didn't hurt that Dave Thomas is the author - he's eminently readable). Perl and Smalltalk have always been a...
-
Thanks for everyone who suggested their favorite aggregators. I've tried a bunch, and Omea Reader is my favorite so far. It does a lot more than read blogs, but so far I'm not investlng any more in it other than using it as a reader. I like it's recursive...
-
So far all the examples of InfoCard have been centered around WCF. But I was curious how one would access InfoCard directly and request a token from a non-WCF service requestor app. Sure enough, in Microsoft.InfoCards, there's a class called InfoCardClient...
-
I found this link from Jesper's blog . Not surprisingly, running as non-admin tends to prevent malware and other crap you don't want from installing itself on your machine. Using fully patched Windows 2000 Professional and Windows XP Professional clients...
-
This morning James Sievert emailed me an interesting story. I'm sure most people reading this have had a similar experience. It's a great example where blindly throwing countermeasures at a system can weaken it. Our security people here distributed a...
|
|
|
|
|
|