DotNetKicks.com - Stories tagged with Security

TSG and the Default Web Site

Thu, 20 Nov 2008 05:05:55 GMT

During the installation process the TSG services configure the IIS services to listen on port 443 of the Default Web Site. So in addition to listening for RDP over HTTP(s) connection attempts the TSG server is also listening for regular HTTPS traffic. To see this behavior you simply need to open up your browser and point it to your TSG server. You will see the default web page that is configured for the Default Web Site. Is this a bad thing?

Are you using TS Gateway?

Wed, 12 Nov 2008 04:16:43 GMT

There has to be a better way. Something better than trying to remember the different port assignments; better than opening up all those ports to the world and allowing anyone to RDP to the server for the casual brute force password attack. Better than something so complex that I couldn't really explain it to co-workers that needed to connect into my lab. It turns out there is a better way. It's called Microsoft Windows 2008 Terminal Services Gateway.

TCG IF-MAP IN YOUR SECYRITY PRODUCT PLEASE - Chris Hoff

Mon, 10 Nov 2008 22:35:54 GMT

A blog about the equivalent of MySpace for IP addresses and its potential impact on network security.

Jordan Sebastian - One Step Security - Prevent most malware

Sat, 08 Nov 2008 22:49:02 GMT

Prevent Most malware with this one simple tip. We're going to use a system of user management that most users don't use, to stop the very workings of malware.

Embedding data in images

Mon, 20 Oct 2008 15:50:08 GMT

Embedding data in images in most cases is a part of the image format; it is a very effective way to save copyrights, watermarks, metadata, company information and anything else you may want to pass on. In this article we will explore two different ways of saving information in images. This article also includes a small .NET windows application available to download and test for free.

New Activation and Licensing Service for Shareware Developers

Thu, 16 Oct 2008 10:09:45 GMT

IntelliProtector.com announces the official launch of its new software licensing and activation service. Targeting small and medium-sized shareware companies, IntelliProtector.com offers a convenient online platform to control license management process and activation, as well as a wide range of anti-piracy features in the desktop protection client to prevent a form of theft known as casual copying.

Create Portable Applications With Ease

Wed, 15 Oct 2008 16:16:15 GMT

BoxedApp SDK 2.0, a DLL library from Softanics enables developers to take advantage of the next generation technology - application virtualization to create a portable application with zero installation that relies on the virtual environment to run.

Silverlight news for October 6, 2008

Mon, 06 Oct 2008 14:32:15 GMT

Have you ever wanted to develop game in Silverlight, but do not know what to start with? Well, Andy Beaulieu has made a great list of resources about getting started with Silverlight game development. ...

Revealing too much information

Thu, 02 Oct 2008 02:07:27 GMT

Are you revealing too much information with your error messages?

How Not To Compromise Security Through ASP.NET Validators

Tue, 23 Sep 2008 18:31:11 GMT

A guide to closing some security holes that might be left open when using or building ASP.NET Validator controls.

Windows Server 2008 Windows Security - Security Identifiers

Wed, 17 Sep 2008 14:40:03 GMT

Security principal is an entity that can have a security identifier (SID), SID is a (mostly) numeric representation of a security principal. The SID is actually what is used internally by the operating system. When you grant a user, a group, a service, or some other security principal permissions to an object, the operating system writes the SID and the permissions to the object's Access Control List (ACL).

TCP/IP-Based Security - IP Address Security

Wed, 17 Sep 2008 00:26:43 GMT

The base protocol over which Web traffic is carried is the Hypertext Transfer Protocol (HTTP). HTTP is generally carried over TCP/IP, the standard Internet Protocol, in most environments. IIS 7 supports HTTP over TCP/IP version 4 (IPv4), the more common protocol of today's Internet and the same network-level protocol as every version of IIS to date has supported.

OWASP AppSec NYC 2008 | From C Sharp to C Sharp

Tue, 16 Sep 2008 02:57:55 GMT

Who's going to OWASP AppSec NYC 2008?

some thoughts about security

Thu, 11 Sep 2008 12:20:16 GMT

Does we really need more security books or more security in each book?

Starting With jQuery - Dynamically Applying Rules

Tue, 16 Sep 2008 13:16:21 GMT

This series of posts on using jQuery with no prior knowledge comes to its fourth iteration. This week, we're going to build on the Validation plug-in by looking at how to add and remove rules dynamically.

Starting With jQuery - Validation Plug-in

Thu, 04 Sep 2008 03:14:49 GMT

This series of posts on using jQuery with no prior knowledge comes to its third iteration. Today's post focuses on an introduction to the Validation Plug-in. This plug-in extends jQuery by adding simple client-side validation to a given HTML form. In future entries we'll examine some of the challenges this plug-in has with traditional ASP.Net web form applications; however, for this post, we'll focus on just the basics.

Deep Fried Bytes: Talking Security with Misfit Geek Joe Stagner

Tue, 02 Sep 2008 17:14:47 GMT

Joe Stagner discusses security best practices for software developers. Along the way many different ideas and topics came up like comparing a security development expert to a professional prize fighter. Listen as Joe relates how his IT law enforcement background helped him build his vision of keeping the Bad Hackers out of applications and systems.

VSTO Add-In installation woes

Sun, 31 Aug 2008 06:00:00 GMT

Security setup for Office Add-ins. Must read.

Building an ASP.NET MVC sitemap provider with security trimming

Fri, 29 Aug 2008 17:46:13 GMT

If you have been using the ASP.NET MVC framework, you possibly have been searching for something like the classic ASP.NET sitemap. After you've played with it, you even found it useful! But not really flexible and easy to map to routes and controllers. In this post, Maarten describes how to build a custom sitemap provider which uses ASP.NET MVC route data and AuthorizeAttribute to render MCS sitemap data with security trimming enabled!

How to change RDP listening port in Windows 2003 server?

Tue, 26 Aug 2008 02:46:02 GMT

This article will brief you on the way to change the default Remote Desktop Connection port to other port. This feature is important to protect your server from unwanted attempt access. Please also note that the firewall should be configured to allow such connections...

How to change RDP listening port in Windows 2003 server?

Tue, 26 Aug 2008 02:46:02 GMT

Cloud Computing - More Storms Ahead

Mon, 25 Aug 2008 05:41:04 GMT

Cloud computing will need to addess multiple technical issues (including DNS security) before it becomes mainstream.

How to Search And Replace values in SQL across All Tables

Thu, 21 Aug 2008 19:15:50 GMT

My website got hacked. I got several html code injections inside the database. Here is how i fixed the issue very quickly.

A SQL Injection Attack Attempt - An Investigation

Thu, 21 Aug 2008 04:05:02 GMT

A SQL Injection Attack Attempt on my site - An Investigation

.NET Framework 3.5 SP1 Allows managed code to be launched from network

Wed, 13 Aug 2008 23:15:33 GMT

Hurray, its finally fixed! manage code 'just works' from network file share! Now I know that some of you are probably just saying 'who cares' or 'huh?' but for those of us who have hit this problem, this has been a major deployment headache, and I am happy to say that the end of this particular problem is in sight. The problem scenario is this. If you have a managed applications like 'MyApp.exe' it works great if you run it locally (eg C:\bin\MyApp.exe), but fails when you try to run it from a network location (eg \\Myhost\bin\MyApp.exe). The problem is that the security system for the runtime treats network locations as less trustworthy than local locations, and thus throws an security exception. The problem is that failing to run managed code WHILE STILL ALLOWING UNMANAGED EXE's to run, does not provide any security (because hackers will simply use unmanaged code) but does cause nontrivial deployment headaches (manage apps can't be run from network locations).