-
I guess by now many would have head about the Microsoft Windows XP SP3 pushout. Many might ask, so what is this about? Is this another major fix that is going to break some other applications? The answer is NO! Before we begin describing why not, let's go ahead to look at what are the updates. Previously...
-
The Security Compliance Management toolkit provides customers with best practices from Microsoft about how to plan, set, get and remediate a security baseline, along with tools that you can use to verify the implementation of recommended securit y baselines from Microsoft for Windows Vista, Windows XP...
-
All web applications exposed on the Internet are vulnerable to brute-force password cracking, spammed posting, or denial of service attacks. The solution to prevent such attacks is to use CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) or HIP (Human Interactive Proof...
-
MEDC 2007 would be held in Singapore this year round, amoung other parts of the world. I'd be speaking on the Windows Mobile Application Security track. I would be posting out more info about this as I get them. So you might be guess, so what on earth is my technical focus now? Well, anything? Haha....
-
Well, I promised one of the attendees to my session at VSLIVE to blog something about Stagonography, a topic that I'm actively working on right now. So what exactly is Stagonography? If you've understood Cryptography, you'd know that cryptography is to make the plain text unreadable. So Stagonography...
-
Various Microsoft Windows Operating Systems support varieties of network authentication protocols, such as LM (LAN Manager), NTLM, NTLMv2 and Kerberos. The obvious thing is that the older OS won’t be able to use the newer and more secure authentication protocols such as NTLMv2 and Kerberos, unless...
-
If you are using Windows Vista as your primary operating system, you are likely to encounter problem in accessing some SSL enabled sites, which you have been surfing smoothly using Windows XP in the past. Internet Explorer 7 in Windows Vista will simply throw an error message saying "Internet Explorer...
-
The Government Security website at http://www.governmentsecurity.org has produced a nice list of IP address you should be aware of as a tester. They are mostly government agencies addresses and could quickly get you in trouble if you would scan them by mistake. --------------------------------------...
-
Recently, I've been working on quite a number of projects to do with enterprise web application development, and many a times, I got request to have all encryption strings encrypted. Of course, even if they didn't tell me to do so, I'd also do so as it's just too dangerous to keep it in plaintext. So...
-
Stop! Have you read my previous post on “ Multiple Web Sites in IIS – Part 1 ”? If you have not, I strongly recommend that you spend some time reading my previous post. As I’ve discussed in my previous post, you can configure IIS to host multiple web sites in varieties of techniques...
-
Microsoft Internet Information Services can be configured to host multiple web sites. I knew everybody knew this. So why am I wasting my time writing this? Or why should you waste your time reading this? Well... I am just trying to make sure that you are ready for my Part 2, in which I will be discussing...
-
Ever wonder why Integrated Windows Authentication (IWA) does not work or stops working for custom host header enabled sites after installing Windows Server 2003 Service Pack 1? You have ensured that you did include the site URL in the Local Intranet site list in your browser configuration and yet it...
-
If you'd been wondering why didnt we see Jesper Johansson lately at Microsoft Events, or the security week where he'd always be part of the fixture, he'd left Microsoft for either Amazon/Ebay (can't remember which one). His new blog could be located at: http://msinfluentials.com/blogs/jesper/
-
Identity theft is on the rise, daily, and many of these attacks are done in combination with Spam Attacks as well as Phishing. Vishing, another new phenomena, is also increasing seen in the information security industry. So what exactly is Vishing? Vishing is the notion where someone calls you, claiming...
-
Ever wonder why Microsoft Outlook Web Access (OWA) has problem displaying message composer for composing new messages and replying others' mails? It is all because of missing DHTML Editing Controls, which are not included in Windows Vista build, specifically IE 7, so as to reduce the attack surface...