Michele Leroux Bustamante, who did an amazing job presenting all of the sessions at Tuesday's Developer Track of the Microsoft Security Summit, has just posted the Resources for the sessions. Check out her blog at dasblonde.net. She has some great insights into ASP.NET, Web Services and Security.
Thursday, June 10, 2004
Tuesday, June 08, 2004
Today was spent in deep learning on security. I had the pleasure of attending the Microsoft Security Summit in Anaheim today. It was a very good event with content that hit the mark. Most of the information was things I have already learned but it was a very good refresher. Buffer Overruns, Cross-Site Scripting, SQL injection Oh, My.
Everything I had as far as emails and printed materials about the event said it was to start at 8 o'clock sharp. Now I really don't like to be late, but due to traffic, I didn't even get to the parking lot till 8am. So I speedwalk into the building and get registered, get my agenda, and the keynote didn't start till 8:30am. I reallized that Msft really understand IT.
The keynote by Mark Valentine, address the continuing security focus that Microsoft has made and plans to keep. This was shown in several of the demos shown. The SP2 for Windows XP really demonstrates that. They have really developed a user interface that makes Windows Updates, Anti-Virus and Internet Firewall (soon to be called Windows Firewall) easy for home users to use. It is always going to make firewall rules for the corporate end a lot better to, as admins will be able to create domain and standard firewall rules. That will make it so people on your network that have laptops that they take home every night (like myself), won't be bring in malware and viruses back into the network. Micorsoft also showed off the SD3 Framework, which means, Secure by Design, Secure by Default, Secure in Deployment. The other thing that was mentioned is that after the trustworthy computer email from Bill Gates came out, they stopped all forward progress on Windows 2003 Server and started the SD3 model. Apparently all Developers at Microsoft have to read "Writing Secure Code" before they are allowed to touch on stitch of code.
I took the Developer track of the Security Summit. This was a day well spent. Michele Leroux Bustamante taught all four sessions. She is a Microsoft Regional Directory for the San Diego area. She did an amazing job of keeping the material entertaining. I told 14 pages worth of notes from the sessions. After I get a chance to decipher my own writing (not always easy) I will share some of the nuggets I gleamed from the event.
- Code Access Security Explained
- Storing SQL ConnectionStrings encrypted ( and still be able to use them in your application)
- Strong Names for Assemblies.
- Sand Boxing Components
- Security settings in ASP.NET
- Using the SQLAdapter and SQL parameters to fight SQL injection attacks.
If you get a chance to get to this event, do, the more you know about security the better you can sleep.
Monday, June 07, 2004
Google.com has become synonmous with internet search engine. It has even become a verb among the techie group. "Oh I just googled that!". So with all of this popularity, have you ever wonder how much information they get from their users on what they search? It does make sense to capture that information, with more and more information you can build better and better search algorithms. Google has a program called Google Zeitgeist (I have no idea how you pronounce that). The information displayed is simply amazing. It is like webtrends on steriods. I found this link by looking at the googleblog. Which I thought was pretty fitting as they are the fine people that own blogger.com. It's nice to know they believe in what they own.
So I am really starting to think this reality TV thing has to stop. I just read about a patent that some TV producer dreamed up for a show. The concept:
A child adoption proceeding is conducted in the form of a television game show and online media event, wherein couples compete against each other to win legal custody of the child. Adoptive parents are selected using a vote-by-phone and/or Internet voting scheme, together with 24-hour surveillance of the prospective parents, which enables television viewers and Internet users to inspect prospective parent-contestants in detail before voting for the winning parents. The present invention overcomes inequities of state-run or private adoption agencies, permitting a fairer selection process while providing greater time and access to observe a pool of prospective parents.
This to me is just wrong. There are a lot of couples that have a lot of love to give and can't have children of thier own. They have a good heart and want to give a child that is not "their-own" in the biological sense a better home, a better live, hope. So what do we as the viewing audience do to these poor souls that have love to give and good hearts. We have them humiliate them on national TV to prove to audience that they are as good and kind as them seem. Lets make them compete against other people like themselves and see if it gets nasty. People that would watch a show like this are the same kind of people that watch car racing to see the crashes. What is wrong with the world that this can be granted a patent. I am sure it will be on FOX next session.
I have a better idea for a reality TV show. Let's call it, "Bad Family to Good Family". It's really an easy concept. Lets get the same people that would be on Jerry Springer for a six pack of bud, and have 8 children by 8 different partners. The same people that view children as a punishment for getting drunk and having sex. Now we offer these people a keg of beer and per child. Of course they won't be able to refuse this offer. Now we take the children and give them to good loving families and watch them blosom in to the good and intellegent people the can be. That's it!
Of course this would never fly. It is a heart warming concept, and those are never put on TV. Also there are too many legal issues. For some reason the breeders have all the rights, which prevents their children from having the right to a good life in a loving home. So the breeders will continue to breed, and the childless parents will continue to long for a child to love, and the children of the breeders will desperately wanted to be loved. And the breeders, they will have their "kid" get them 'nother beer from the fridge.