September 2009 Blog Posts
Now you’re at university it’s time to protect yourself. No, this is not that cringeworthy conversation you had with your parents about where babies come from but some notes on data security. First up your laptop. That network in the halls of residence? It’s going to contain at least one budding hacker, so make sure you run anti-virus software (that includes you Mac users, there’s malware out there specifically targeting Macs), use a firewall (either the one built into your OS or a third party one) and keep your anti-virus and operating system up to date (that includes you...
For the last few months I’ve been using the beta of Microsoft Security Essentials, Microsoft’s own free anti-virus and anti-spyware program for Windows 7, Vista and XP. It’s now out and available for everyone to download and use. It’s hard to know if you can recommend anti-virus programmes – it’s not as if I run into many viruses (although on some of the darker sites I visit (security people, not porn)) I do occasionally see an attempt to drop spyware or adware, usually through Adobe Acrobat (thanks for that Adobe). In the last three months Security Essentials has caught...
I love this little mouse, it’s lasted me for 3 years and Amazon UK are selling them cheap right now at £30.04. It comes with a Bluetooth dongle which is pre-paired, but if you already have Bluetooth you don’t have to use it, it will pair like any normal mouse, and that’s a big bonus. MS’s recent mice all have custom receivers and I don’t want that, I already have a Bluetooth receiver in my laptop, so why on earth do I want something hanging off a USB port? Anyway, highly recommended at this bargain price.
At DDD7 a lot of the sessions were videoed, but space to put them was hard to find. Until Ben Nunney stepped up, and now they’re all online … Craig has the details and the links. Technorati Tags: DDD,Developer Day
To accompany WebsiteSpark (do MS have an internal app called SparkSpark which creates these programmes?) seven Web Application Toolkits have been released. Dinis Cruz asked on twitter if anyone had some spare time to look at them from a security perspective. I was bored, and needed a break from editing the book (that’s right folks it’s nearly done), so I thought I’d download one. I chose the FAQ toolkit (because I need to do something with the securingasp.net domain at some point). Fired up Visual Studio, took a quick look at the code. Nice surprises ...
Version 3.1 of the Microsoft AntiXSS library (binary download) was released on the 15th September and now comes with HTML sanitation. Not content with dropping a new release of the library Anil’s wife also dropped a release of her own and he’s now on paternity leave, which means the new functionality is undocumented for now. A quick look in the help file shows two new methods, GetSafeHtml and GetSafeHtmlFragment. Both methods have the same three overloads, GetSafeHtml(string) – which takes a string containing the HTML to be made safe GetSafeHtml(TextReader, Stream)...
Jeffery Dallman on the SDL tools blog introduces MiniFuzzer, a baby fuzz testing tool for folks who’ve never fuzz tested before. Fuzz testing takes a template of known good input files and starts to fuzz them, playing with them, changing bits and bytes, doing all sorts of weird stuff and then firing them into your program to see if it can cause a crash, which it normally does. More “grown up” Fuzz Testers (like Peach) work from a specification of valid input and uses the spec to provide good, bad, and mostly good inputs, again feeding it into an application...
Scott “Red Shirt” Guthrie announced today that the jQuery and the Microsoft AJAX scripts would be hosted on the Microsoft content delivery network (CDN) – which should speed up the initial loading of these script libraries and save you bandwidth, as you won’t have to host them any more. Being an untrusting soul, errr, security person, I thought I’d take a quick look at how its delivered. The scripts are hosted on http://ajax.microsoft.com/ which presents the first problem – it’s a microsoft.com domain. When you do any serious browsing to the normal microsoft.com sites you’re going to get a...
A couple of weeks ago I saw Jon Skeet (all hail the Skeet) present on code contracts in Visual Studio. Code Contracts grew out of Spec#, which took inspiration from Eiffel and are a useful way of baking in constraints and requirements for method arguments. Code contracts are available from Microsoft Research for VS2008 and is being baked into .NET 4.0 and VS2010. It’s useful stuff for ensuring code quality (MS used the Spec# bits in the System.Cryptography namespace in .NET 3.0) – however there’s a problem. When MS took the leap to providing a unit test system they...