Browse by Tags

All Tags » Security (RSS)
Monday, May 26, 2008 4:56 AM

Windows XP SP3 Overview

I guess by now many would have head about the Microsoft Windows XP SP3 pushout. Many might ask, so what is this about? Is this another major fix that is going to break some other applications? The answer is NO! Before we begin describing why not, let's go ahead to look at what are the updates. Previously Released Functionality Functionality Description MMC 3.0 MMC 3.0 is a framework that unifies and simplifies day-to-day system management tasks in Windows by providing common navigation, menus, toolbars, and workflow across diverse tools. Microsoft Knowledge Base article 907265 describes this functionality in detail. MSXML6 MSXML6 provides better reliability, security, and conformance with the XML 1.0 and XML Schema 1.0 W3C Recommendations. It also provides compatibility with System.XML 2.0. Microsoft Windows Installer 3.1 v2 (3.1.4000.2435) Windows Installer 3.1 is a minor update to Windows Installer 3.0, which Microsoft released in September 2004. Windows Installer 3.1 contains new and...
Posted by Technical Bits
Filed under: , ,
Monday, May 19, 2008 5:09 AM

Security Compliance Management toolkit

The Security Compliance Management toolkit provides customers with best practices from Microsoft about how to plan, set, get and remediate a security baseline, along with tools that you can use to verify the implementation of recommended securit y baselines from Microsoft for Windows Vista, Windows XP SP2, and Windows Server 2003 SP2. The toolkit helps customers quickly and easily provide this compliance information to auditors to demonstrate how their organization is meeting important compliance regulations. The toolkit helps customers manage the compliance process by enabling: Automated security checks in their environment. Verification of security baseline in their environment, and identification of baseline settings changes or “drift” from prescribed values. Implement regulatory compliance through security checks. The current status of this toolkit is Beta, and could be downloaded here .
Posted by Technical Bits
Filed under: ,
Thursday, April 19, 2007 4:05 PM

MEDC 2007 @ Singapore

MEDC 2007 would be held in Singapore this year round, amoung other parts of the world. I'd be speaking on the Windows Mobile Application Security track. I would be posting out more info about this as I get them. So you might be guess, so what on earth is my technical focus now? Well, anything? Haha... Ok.. To be real serious, I'd be focusing more on XNA Microsoft Ajax Expressions Suite Media Center Development Visual Studio Team System Information System Security Software Application Architecture Sounds like quite a lot of stuff... Well, lets see if I can cope with that mountain. Haha!
Posted by Technical Bits
Filed under:
Thursday, April 05, 2007 5:08 PM

Introduction to Stagonography

Well, I promised one of the attendees to my session at VSLIVE to blog something about Stagonography, a topic that I'm actively working on right now. So what exactly is Stagonography? If you've understood Cryptography, you'd know that cryptography is to make the plain text unreadable. So Stagonography, is a technique to hide the information. In most cases of Stagonography applications, we'd embed the secret information into other more innocent looking mediums such as Images, MP3 files or even videos. So what we really do here is we split the bits of the secret information up and embed these bits on the Least Significant Bit (LSB) of each pixel in the image for example. Of course, there different techniques for embedding these secret documents in MP3, videos and etc. Tools out that that you'd be able to find on the net is most probably the first generation of stagonographic techniques. However, in many research organization and government research organizations, the forth generation of stagonographic...
Posted by Technical Bits
Filed under:
Sunday, March 11, 2007 4:00 PM

IP Ranges you should not scan

The Government Security website at http://www.governmentsecurity.org has produced a nice list of IP address you should be aware of as a tester. They are mostly government agencies addresses and could quickly get you in trouble if you would scan them by mistake. -------------------------------------------------------------------------------- With kindly thanks to Mountainman, the list of dangerosly ranges is updated again!!! ------------------------------------------------- RANGE 6 6.* - Army Information Systems Center RANGE 7 7.*.*.* Defense Information Systems Agency, VA RANGE 11 11.*.*.* DoD Intel Information Systems, Defense Intelligence Agency, Washington DC RANGE 21 21. - US Defense Information Systems Agency RANGE 22 22.* - Defense Information Systems Agency RANGE 24 24.198.*.* RANGE 25 25.*.*.* Royal Signals and Radar Establishment, UK RANGE 26 26.* - Defense Information Systems Agency RANGE 29 29.* - Defense Information Systems Agency RANGE 30 30.* - Defense Information Systems...
Posted by Technical Bits
Filed under:
Sunday, March 11, 2007 12:37 PM

Web.Config Configuration Encryption

Recently, I've been working on quite a number of projects to do with enterprise web application development, and many a times, I got request to have all encryption strings encrypted. Of course, even if they didn't tell me to do so, I'd also do so as it's just too dangerous to keep it in plaintext. So do you have to specifically write a special dll to do this task or use the cryptographic services in .NET to do so? The answer is no! ASP.NET 2.0 provides you such capabilities. Infact, this has already been available in ASP.NET 1.1. Just that ASP.NET 2.0 includes the option to do so with DPAPI too! ASP.NET 2.0 supports two forms of encryptions: RSA (a form of asymmetric encryption) DPAPI RSA is recommended as DPAPI makes use of key that are machine-specific. So that doesn't sound too portable. Well, as RSA is a 1024 bit block encryption, if you do want to encrypt data-strings larger then that, you might want to consider making use of Envelop Encryption, where you'd Generate a random private...
Posted by Technical Bits
Filed under: ,
Friday, December 01, 2006 6:56 AM

Jesper Johansson's left Microsoft

If you'd been wondering why didnt we see Jesper Johansson lately at Microsoft Events, or the security week where he'd always be part of the fixture, he'd left Microsoft for either Amazon/Ebay (can't remember which one). His new blog could be located at: http://msinfluentials.com/blogs/jesper/
Posted by Technical Bits
Filed under:
Thursday, November 30, 2006 11:43 PM

Is your Phishing toolbar really reliable?

Identity theft is on the rise, daily, and many of these attacks are done in combination with Spam Attacks as well as Phishing. Vishing, another new phenomena, is also increasing seen in the information security industry. So what exactly is Vishing? Vishing is the notion where someone calls you, claiming to be from a bank, and gives you a specific URL by phone, to login to change your password. Or they could even be asking you to change your password via phone (meaning asking you to tell them ur current...
Posted by Technical Bits
Filed under: