<2006 May>
SunMonTueWedThuFriSat
30123456
78910111213
14151617181920
21222324252627
28293031123
45678910

On this page...

Search

Links

Member of...


ASP Insiders

MVP Visual Developer ASP/ASP.NET

Enter CodeZone

Blog Categories

Microsoft

Blogroll

Deutsche Resourcen

Management

Sign In
 

#  Sunday, 21 May 2006

The TAM tool is now available as release candidate 1. If you don't know it (already), here is the quick scoop from the download page: Microsoft Threat Analysis & Modeling tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model. Along with automatically identifying threats, the tool can produce valuable security artifacts such as:

  • Data access control matrix
  • Component access control matrix
  • Subject-object matrix
  • Data Flow
  • Call Flow
  • Trust Flow
  • Attack Surface
  • Focused reports

By the way, use this link to search for the video series on threat modeling in the Download Center!

Categories: Cool Download | Security
Sunday, 21 May 2006 12:30:05 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Saturday, 20 May 2006

Today I set up my new laptop with Windows Vista - a "dry run" for Beta 2, because I want to use it as the primary OS on that machine. Part of the drill was getting my UMTS card (a Merlin U630) up and running.

First, I tried it using the standard software that came with the card. Installation went smoothly, however the Connection Manager software is based on an HTA solution, and IE7 most definitely didn't want to cooperate and kept throwing JavaScript errors (Note: I view this as a bug of the Connection Manager software, this is most decidedly not IE's fault). Dialing using this software therefore was out of the question.

So I went out on the Internet to search for a solution. At first, I tried dialing manually using AT commands, but it turned out that initializing a Merlin card isn't exactly easy-peasy. So I decided that a thorough forum search was in order. Thankfully, that search turned up a great piece of software (onlinekosten.de Community to the rescue).

What I found is MWConn (looks like that this time the international audience is out of luck, at least at the time of this writing as the software is German only). It does support the Novatel card, allows for dialing (make sure you check the default connection that is generated, at least my provider is using a different dial-in number), gives feedback on UL / DL traffic you generate, plus signal quality information. Way cool & saved my day!

Categories: Cool Download | Longhorn | this
Saturday, 20 May 2006 16:17:07 (W. Europe Daylight Time, UTC+02:00)  #    Comments [2]

 



#  Wednesday, 17 May 2006

Tracking down the URL for the Webcast Detecting and Debugging Common Application Issues Using the Windows Application Verifier really turned into a scavenger hunt today... if you don't know what AppVerifier is, download it here, and read more here.

Categories: Security | Team System
Wednesday, 17 May 2006 21:07:47 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Thursday, 11 May 2006

On Tuesday I was presenting a Windows Vista security session, which included UAC (user account control) and respective demos. One part was showing UAC data redirection, and for this blog post I will stick with the registry side of things.

Why this redirection in the first place? Well, old legacy applications do tend to assume that you are running as admin on your box. Thus, those apps simply store "stuff" in the HKLM hive of the registry, instead of HKCU. To allow such misguided apps to run on Vista smoothly, UAC automagically redirects write operations from the actual HKLM location to a VirtualStore branch of the current user's profile.

Let's look at an example of a classic no-no:

try
{
  RegistryKey MyTest = Registry.LocalMachine.OpenSubKey("Software\\Microsoft\\Microsoft SDKs\\.NETFramework\\v2.0", true);
  MyTest.SetValue("InstallationFolder", ContentsText.Text, RegistryValueKind.String);
  MyTest.Close();
  ResultsLabel.Text = "Successfully written to registry!";
}
catch (Exception ex)
{
  ResultsLabel.Text = "Unable to write to registry: " + ex.Message;
}

On XP, being non-admin, you would end up in the catch block. Not so on Vista. With Vista, this will work out ok, and the data will be stored like this:

Nice indeed. Or is it actually nice? Let's look at the code for reading the value again:

try
{
  RegistryKey MyTest = Registry.LocalMachine.OpenSubKey("Software\\Microsoft\\Microsoft SDKs\\.NETFramework\\v2.0", true);
  ContentsText.Text = MyTest.GetValue("InstallationFolder") as string;
  ResultsLabel.Text = "Successfully read from registry!";
}
catch (Exception ex)
{
  ResultsLabel.Text = "Unable to read from registry: " + ex.Message;
}

So what's your guess where the value will come from - the original HKLM location or the redirected HKCU VirtualStore location? Right, the VirtualStore is the winner.

Now, I intentionally picked an existing value in the registry to "overwrite". Imagine somebody writing a "fuzzer" to go over every single value in HKLM and write back gibberish for every value it finds. The original application will now too see this gibberish instead of the original good values.

Time will tell whether virtualizing based on user and not application will create more havoc than do good. Because thanks to UAC malware needs no extra rights to botch up your registry...

Update Yes, sure, you can turn off this virtualization. Check out the blog entry User Account Control Windows Vista Policies.

Categories: Longhorn | Security
Thursday, 11 May 2006 14:42:03 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Friday, 05 May 2006

Next week, I am doing the first in a series of security on-site briefings for Microsoft Austria. Mario has blogged about our TTT event in two entries Security Technical Briefings - Train-The-Trainer... a looong evening (Part 1) and Security Technical Briefings - Part 2. Thanks to the workshop character, no two briefings will be alike.

Friday, 05 May 2006 08:41:52 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Thursday, 04 May 2006

The process of threat modeling is built on a simple principle: To build a feasibly secure system, one must understand all the threats in that system. The challenge, however, is in making threat modeling more accessible to non-specialists. Microsoft has developed a process through which minimal input can produce a feature-rich threat model that identifies a wide range of critical information including contextual threats, trust boundaries, fracture points, attack surfaces, and direct and transitive access control. This podcast describes and demonstrates this threat modeling process, outlines its benefits, and shows how threat modeling fits into the Microsoft Security Development Lifecycle.

Download & Listen

Categories: Security
Thursday, 04 May 2006 10:28:20 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 

Six labs, both available in C# and VB.NET. Download (nuff said)

Categories: .NET | 2 Ohhhh | Cool Download
Thursday, 04 May 2006 10:20:36 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Wednesday, 03 May 2006

From the download page: The Microsoft Consolas Font Family is a set of highly legible fonts designed for ClearType. It is intended for use in programming environments and other circumstances where a monospaced font is specified. This installation package will set the default font for Visual Studio to Consolas.

To give you an idea how this Consolas looks like in VS I have created a before / after screenshot comparison - here is the "before" screenshot:

And this is how it looks after installation of the Consolas font pack:

Categories: Cool Download | Visual Studio
Wednesday, 03 May 2006 08:35:01 (W. Europe Daylight Time, UTC+02:00)  #    Comments [2]

 



#  Tuesday, 02 May 2006

Found this on Alex' blog (he posted it in German last week): Microsoft UK has released a document (PDF) titled "The Developer Highway Code" (The drive for safer coding), which covers the following topics:

  • Integrating Security into the Lifecycle
  • Security Objectives
  • Web Application Security Design Guidelines 
  • Threat Modelling
  • Security Architecture and Design
  • Security Code Review
  • Security Deployment Review

The document covers v1 and v2 of the .NET Framework, and it does contain useful checklists. Be sure to grab it!

Categories: .NET | Security
Tuesday, 02 May 2006 15:17:31 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Monday, 01 May 2006

Back from holidays, catching up with news, I stumbled across the article New Microsoft browser raises Google's hackles. IE7 Beta 2 was released last week, and because it sported an x64 version I installed it yesterday. And immediately tried the search box that Google is complaining about loudly. Guess what - I had it changed to Google (my personal favorite search engine) in seconds (even making it the default search provider):

The UI wasn't all that unfamiliar at all, let's take a look at Firefox (my personal favorite browser):

Note that these are the default out of the box search providers as defined by Firefox, and there is no MSN in there by default at all. But you can add it if you want (just for laughs, check out IE7's as well as Firefox's add engines/providers pages, they look very, very similar indeed).

<opinion>
So, does that constitute the claimed "unfair grab of Web traffic?" No, unless you go the whole nine yards and force every single browser vendor on the planet (including "Old Europe") to ship their products with zero preconfigured search providers. And hey, IE7 will be a separate download, so why doesn't Google add a browser product to their portfolio?
</opinion>

Categories: Newsbites | this
Monday, 01 May 2006 16:50:41 (W. Europe Daylight Time, UTC+02:00)  #    Comments [1]

 



© Copyright 2017 Christoph Wille

newtelligence dasBlog 2.3.9074.18820
Subscribe to this weblog's RSS feed with SharpReader, Radio Userland, NewsGator or any other aggregator listening on port 5335 by clicking this button.   RSS 2.0|Atom 1.0  Send mail to the author(s)

 
Don't contact us via this (fleischfalle@alphasierrapapa.com) email address.