|
|
|
|
|
|
|
<<
Page 1 of 9
>>
Setting Up ClickOnce Certificate Files - Revealed At Last!!!
Keith Elder
writes "Looks like Brian Noyes stole my thunder for a blog post I was going to do soon. I get asked the same question. "How do you sign your ClickOnce program with a valid provider like Versign?".
Unfortunately for myself, I had to figure this out the hard way last year during the VS2005 beta when I had to publish the new CRM app out with a Go Live license. It's a wonder I was able to ..."
More MSDN updates for NAP
MS NAP Team
writes "We’ve made the following changes to the NAP API documentation:
"
10 things you should do to protect your network against wireless devices
Thomas Shinder
writes "#3: Force client health checking for all hosts connecting from ..."
What's New in Beta 2? - Group Policy Updates
Windows User Account Control Team
writes "Since Beta 1, the UAC policies have adapted to address customer recommendations, enhance security, and to enhance usability. Beta 1 included 5 security policies (or Group Policy Objects (GPOs)) and Beta 2 includes 7. The rest of this post will detail each policy and provide background information about why we decided to change or add the policy in Beta 2.
1. User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
This setting was formerly called...
"
TechEd 2006 and an Invitation to a UAC Chat
Windows User Account Control Team
writes "Many of the UAC team members attended TechEd 2006 this week in Boston. I really had a great time talking to customers about the UAC project, how the technology works, how the policy options affect its operation, and what direction Microsoft is taking it.
The aspect that surprised me the most this week was that well over 50% of ...
I have had two customers so far ask me “I am already locked down Standard User, why should I care about Vista”. We have three answers here:
"
Exploits Proliferating for Microsoft's Patched Flaws
Mary Jo Foley
writes "Less than 24 hours after Microsoft made available 12 security bulletins with patches for 21 product vulnerabilities, all kinds of exploits for ..."
NAP API reference material updated on MSDN
MS NAP Team
writes "The NAP API documentation has been updated on MSDN. Here’s a list of changes for the beta 2 docs:"
Inrtoducing Microsoft Forefront
teched06
writes "Margaret Arakawa discusses the Forefront brand of security products and what it means for developers, administrators and hackers...."
More Microsoft Rebranding, This Time on Security
Mary Jo Foley
writes "Microsoft officials announced on June 11 that the company is rechristening Windows Client Protection as ..."
Certificates with logotypes
Keith Brown
writes "A lot of the early documentation on InfoCard focused attention on certificates with logotypes (RFC 3709). The idea here is to move toward a more visual way for humans to recognize certificates. The InfoCard identity selector relies on these logos to help the user decide whether she wants to share identity details with a relying party.
VeriSign has been issuing certificates with their own embedded logo for awhile now. As an example, if you visit ...
"
Secure Wireless Access NOW!
MS NAP Team
writes " What does secure wireless mean? There is really no one answer to this question but you can certainly start with the basics. For example, using a combination of IEEE 802.1X and WPA, dynamic WEP or WPA2 you can get the following security properties...
"
Welcome to the Identity and Access Management Developer Center!
Keith Brown
writes "I'm proud to announce the launch of the Identity and Access Management developer center on MSDN, where you'll find a hub of information for building identity-aware applications. For people who are new to the topic, you'll find my new whitepaper helpful: The .NET Developer's Guide to Identity. This roadmap will help you learn the zen of Identity on the Windows platform, and will guide you to other resources where you can drill down on topics you care about.
As we move forward, this site will .."
Why Don't Real People understand information security
Steve Lamb
writes "Many Information Security people have mused why on Earth "Real People" (i.e. those without propellers) simply don't "get" security.
Jesper's written a thought provoking article on the very subject.
Like Jesper I've worked in Information Security for many years and the fundamental challenges remain - it's very easy to get most people to circumvent the pesky information security measures...
"
Smartcard error
Mike Pope
writes "...That didn't fix it? Proceed ... Check Device Manager to be sure that the device is working:
Right-click My Computer.
Click Properties.
Click the Hardware tab.
Click Device Manager.
If there's no entry for Smart card readers, there's your problem. As they say, contact your administrator.
If there is an entry, open the node, right-click the device, click Properties, and make sure that it says "This device is working properly."
If all appears to be well, it can be something as simple as that..."
Defense In Depth != Secure Flanks
RockyH
writes "Often, when I'm looking at applications and I hear "We used a Defense in Depth approach, there's no way a user can submit malformed data to our system!", I get butterflies inside. I love to hear it, and I hope they're right. More often than not though all it takes is thinking like an insider or even anyone that can send data through a covert channel, or an unexpected inroad to the application. For example, most people forget to ..."
Group policy goodies
Anthony Trudeau
writes "Jeroen Ritmeijer has a blog post about turning off the nag screen that asks you to reboot every 10 minutes after installing a patch through Windows update. The update involves making a change to the group policy for the local computer. In spirit of that, here are a few more things in the group policy relating to the Windows Media Player that I like to change:
Prevent Windows Media DRM Internet Access:
"
WindowsTokenRoleProvider - Dominick's view
Keith Brown
writes "My friend Dominick responded to my query by pointing to this post where he's shared his thinking:
ASP.NET 2.0 ships with three role providers - one for SQL Server, one for AzMan and one for Windows tokens...
The Windows token provider is special - it only works with Windows authentication whereas all the other providers seem to be more targeted at Forms Authentication (the AzMan provider supports both).
Why do I need a..."
Least Privilege and Admin Access in Vista
RockyH
writes "We've been discussing this on the Readify internal list today. So I thought I'd share my Least Privilege for Vista information with you.
What is UAC?
As it stands, User Account Control (UAC) enforces a least privilege status on most of us by default. What this means is that even if you are running with an account that has been added to the Local Administrators group, you do not automatically do everything with ...
"
Infocard: on Cards & Tokens
Vittorio Bertocci
writes "Well, I knew that. This is a question that, unspoken or explicit, often arose every time I introduced somebody to Infocard (and between enterprise engagements, Mix,
regional events, webcasts, colleagues & relatives that actually happened quite a lot of times by now :)). And the question is:
"When I authenticate with a website using Infocard, to whom I send the card?"
When you hear this, it's usually the case to...
"
Microsoft Windows Vista Security Advancements
trobbins
writes "A really good white paper that covers some of the Windows Vista security information that someone pointed me to. Well worth the read.
"
<<
Page 1 of 9
>>
|
|
|
|
|
|
s
|
|
|