<2004 October>
SunMonTueWedThuFriSat
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456

On this page...

Search

Links

Member of...


ASP Insiders

MVP Visual Developer ASP/ASP.NET

Enter CodeZone

Blog Categories

Microsoft

Blogroll

Deutsche Resourcen

Management

Sign In
 

#  Wednesday, 06 October 2004

Early Tuesday morning last week, I already had a blog entry up with exactly that title. However, I took it down because Scott Guthrie did ask to buy some time for his ASP.NET team which was already working on a fix for the zero-day exploit reported on NTBugtraq. I changed my entry to Two of the most important security mailing lists, an article containing useful advice– especially programmers are usually not subscribed to these lists, and this I consider to be bordering on irresponsible these days.

To get back to the security bug in Forms Authentication: the ASP.NET team has posted a KB article and a security alert. Turn to implementing the workaround options immediately!

An IIS best practice using URLScan for the backslash canonicalization issue found in ASP.NET was brought up independently by Stephan on our German ASP.NET mailing list last Tuesday. Too bad that we had to advise lots of people to install a tool that was readily available for years!

Bootnote: Hadn’t it been a security vulnerability for ASP.NET, I would have never even considered taking my blog entry down (the ASP.NET team is just absolutely fabulous and their support for the community rocks). I flat-out do not believe that one helps the good guys by not telling them about publicly known zero day exploits (NTBugtraq isn’t just any mailing list after all, and shooting the messenger never was a brilliant solution). This is why the German ASP.NET community knew about the sploit before 7:30AM CET on Tuesday. Even if we hadn’t found a workaround, disabling vulnerable sites would still have been a much better choice than being hacked without knowing.

Categories: ASP.NET | Security
Wednesday, 06 October 2004 07:28:25 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Monday, 04 October 2004

I had mentioned Paint.NET earlier here, but now version 1.1 is released which has even more exciting features, of which I picked a few ones:

  • New Effect: "RotoZoomer" which can perform arbitrary angle rotation, and zooming.
  • Layer Properties now visually previews and updates all properties in real time without having to press the "Apply" button.
  • Invert and Desature are put into the Image -> Adjustments menu, along with a new adjustment called "Brightness & Contrast."
  • User interface upgraded to make full use of XP themes. In v1.0, many dropdown boxes and "updowns" had a Win2K/OfficeXP look to them.
  • Extensibility! After you install the program, check out the "RotoZoomerSource.zip" for an example of how to write an Effect plugin. You will need Visual Studio 2003 .NET to write a new plugin. No other types of plugins are supported for v1.1.

Like last time, full source is provided too (which has lots of tweaks and refactorizations). Read more and download

Monday, 04 October 2004 08:02:41 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Sunday, 03 October 2004

With all the hoopla about VS.NET 2005 and SQL Server 2005, people sometimes forget that we still have to solve problems using today's technologies. The SQL Server 2000 Full-Text Search Deployment White Paper is a document that helps you better understand a technology that is already out there, focusing on the following areas:

  • The hardware and operating system requirements for efficient full-text
    search performance.
  • Full-text search architecture.
  • Full-text search administration.
  • How to monitor full-text search performance.
Categories: SQL Server
Sunday, 03 October 2004 18:22:28 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Thursday, 30 September 2004

OWASP (The Open Source Web Application Security Project) has a couple of projects online focused on ASP.NET security issues. Current projects include ANBS (ASP.NET Baseline Security), SAM'SHE (Security Analyzer for Microsoft's Shared Hosting Environments), ANSA (ASP.NET Security Analyzer) as well as the ASP.NET Security Guidelines for designing and deploying secure Web applications using ASP.NET (applicable to IIS 5 & 6).

OWASP .NET Projects Homepage

Categories: .NET | Administration | ASP.NET | Cool Download | Security
Thursday, 30 September 2004 07:48:15 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Wednesday, 29 September 2004

Newsforge has an article online which is excerpted from the book Know Your Enemy: Learning About Security Threats (2nd edition), a highly recommended read even for programmers - both the article (focused on honeypots) and then of course the book. Written by a member of the Honeynet Project, this book teaches you how to study a black hat attack and learn from it. In addition, you get valuable insight into the mindset of black hats and their community.

Categories: Books | Security
Wednesday, 29 September 2004 08:14:56 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Tuesday, 28 September 2004

I'm talking about NTBugtraq and SecurityFocus' BugTraq mailing list. The former is obviously centered on Windows bugs (including security), the latter is for all operating systems and applications - so there might be too much "chatter" for the average Windows administrator / programmer on that one. However, being on those lists can come in handy when nasty security bugs or even zero day exploits are announced.

Categories: Security
Tuesday, 28 September 2004 07:26:46 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Monday, 27 September 2004

From the Web site: MbUnit is an evolutive Unit Test Framework for .Net. It provides new fixtures as well as the framework to create new ones. MbUnit is based QuickGraph, a directed graph library for C#.

As it is fully compatible with NUnit, this generative unit test framework does look promising. While I am at it, also check out .NET Mock Objects.

Categories: .NET | Use the source Luke
Monday, 27 September 2004 10:43:46 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Friday, 24 September 2004

This episode introduces Visual Basic Express using the same demo that was used during the launch at TechEd Europe. Jay Roxe shows how the streamlined IDE makes development approachable to novice developers but still allows the power of the Windows Forms designers and Visual Basic language.

Categories: 2 Ohhhh | Visual Studio
Friday, 24 September 2004 08:00:57 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Thursday, 23 September 2004

Just finished reading the book Joel on Software: And on Diverse and Occasionally Related Matters That Will Prove of Interest to Software Developers, Designers, and Managers, and to Those Who, Whether by Good Fortune or Ill Luck, Work with Them in Some Capacity. This is the dead tree version  of select articles from Joel Spolsky's Joel on Software (definitely easier to read than online, and I positively do like dogearing my books). Needless to say that I highly recommend it.

The next book is already in the mail: Paper Prototyping by Carolyn Snyder. Like I said, one down, n to go.

Categories: Books | this
Thursday, 23 September 2004 20:21:28 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 

Not strictly a developer-centric topic, ConferenceXP once again caught my attention. ConferenceXP is an MSR initiative for exploring how to make wireless classrooms, collaboration, and distance learning a compelling, rich experience by assuming the availability of emerging and enabling technologies, such as high-bandwidth wireless devices, Tablet PCs, and the advanced features in Microsoft® Windows® XP.

Now why do I bring this up here? If you are managing a virtual team (#develop) that is distributed around the globe, a scenario supported by the ConferenceXP Client 3.0 Beta is for example whiteboarding combined with realtime-chat. How cool is that? Check the release notes to see what else it might be able to do for your team!

Categories: MSR
Thursday, 23 September 2004 08:02:20 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



© Copyright 2017 Christoph Wille

newtelligence dasBlog 2.3.9074.18820
Subscribe to this weblog's RSS feed with SharpReader, Radio Userland, NewsGator or any other aggregator listening on port 5335 by clicking this button.   RSS 2.0|Atom 1.0  Send mail to the author(s)

 
Don't contact us via this (fleischfalle@alphasierrapapa.com) email address.