Thursday, 24 March 2005

WindowsrocksF-Secure has a real knack for creative sarcasm on it's security weblog, and today is no exception in their headline linking to an interesting report. Apparently, a study has been published showing the relative number of vulnerabilities, comparing Windows 2003 Server to a Linux distribution in several configurations.

Update: In a won't-really-build-confidence-with-the-common-folk move, apparently the researchers did not reveal at the RSA conference that this study was funded (but according to the researchers, not influenced by) Microsoft. They reveal this fact in the published study itself, but did not tell the audience at the conference when they presented the results. Read more here.

Get the PDF file of the study here. For a document describing the methodology in detail and for more information (including an email address to provide comments), go here.

F-Secure used the headline, "It's Official - Linux Sucks?" No doubt others will comment that the reality of the situation is that Windows is better for stupid people (meaning people who don't harden their machines). Flames will go forth, but you can't deny the report.

The end result of the study is that Windows Server 2003 was more secure than the Linux distributions tested.

Uh, heh... That should make a few people stand up and scream.

Using out-of-the-box, standard/recommended OS installs, the researchers found that the Windows 2003 server was more secure, with less vulnerabilities counted and a lower average for days of risk, when compared to the Linux distributions tested (Red Hat Enterprise Linux in default and "minimal" recommended configurations):

"In this report, we have studied both quantitative and qualitative data that affects the vulnerability and thus operational security risk of different web server platforms. In order to produce a meaningful comparison of platforms, systems were tested in their default configurations and then looked at in minimal server role configurations. When the default configuration did not provide for a functional web server, systems were configured according to manufacturer’s directions."

For a quick Readers' Digest style overview of the result of the study, get the free PDF of the report and flip down to page 35 and look at the charts on that page. I won't post all the images and tables here, that's what the report is for.

In reality, this is a complex study that is worth reading. The methodologies applied appear to be good ones, and the results are pretty compelling. The real world is never as simple as s lab environment, but if nothing else, this certainly shows how far Windows Server has come over the years (or else it shows how poor Linux distributions have become, or maybe some of both).



Add/Read: Comments [4]
IT Security | Tech
Thursday, 24 March 2005 17:36:18 (Pacific Standard Time, UTC-08:00)
#  Trackback

Forgive the headline please, Robert. It's all in good humor. 

In a completely understandable and laudable move, Robert Scoble has announced he's decided to give up publishing to his linkblog, in order to have more time for more important things in life. You know, important things like family and friends. Good for him!

All things in moderation - That's a lesson I know I've had to learn from time to time. The truth of the matter is that sometimes the best way to manage over 1000 weblogs a day is - well - to not manage over 1000 weblogs a day. Or at least to manage them less. I know I just cut my own RSS subscriptions back drastically last weekend, so I am back down around 300 feeds now from something like 700 before the surgery. It took a drastic slash across my RSS reader, but it needed to be done.

Of course, the demise of Robert's link blog is also a bit of a bummer in a way, since for many it's been a regular source of great links and information - or even more often for me, links to links to links...

Multi-layer clickthroughs from Robert's linkblog have always been valuable to me. More often than not I will read something he posts on the linkblog, and that will entice me to click through to the linked author, and from there I will uncover more interesting things and links to other interesting people.

But it's completely understandable that when you find you're spending anywhere from 8% to 33% of your day linking to and for others (sleep time included), a selection of robots just might do an effective enough job of what up til now has been a very human endeavor. Maybe. Those services show me what I am looking for based on what I put into them. The difference with the "human aggregator," so to speak, is that I am often pointed to things I would never have looked for. Of course, there are also other services existing and coming that will help people see what others are reading and how popular items are, in order to find things of interest. I hope those don't work out to be the electronic version of the high-school popularity contest, but we'll see.

So, when Robert points to a few popular search and aggregation services as alternatives to his link blog, I can't help but think of the perfect tongue-in-cheek name for them as a collective replacement for Robert's link blog...

"Robot Scoble"

(Yeah, you have to read it carefully. Spelling counts.)

Says Robert:

"I've been looking at my link blog, and the requests lately about it, and I've decided just to stop doing it.

"Why? Well, there are so many other ways for you to find cool new blogs now. Pubsub. Bloglines. Technorati. Feedster. NewsGator (Greg Reinacker reminded me again that NewsGator has a really cool set of online services including a search engine)."

Robert's right, but again it's worth pointing out that the human factor is part of what makes his linkblog so valuable - I think many people liked it because they appreciate the "Scoble Filter" - you don't get that with automation. Well, not quite yet anyhow.

At the same time, it had to be painful to maintain, with well over a hundred entries some days, and since Robert says he may still post a little bit there from time to time, hopefully we will still get a few Robert Scoble Human Filter links now and then.

Hey, there's always his regular weblog. In fact, chances are his Scobleizer weblog will just become a better place for information - kind of a quality over quantity thing.

By the way, in the linkblog department - Jeremy Zawodny's linkblog is another I subscribe to and enjoy, but it is quite different than Robert's.



Add/Read: Comments [0]
Blogging
Thursday, 24 March 2005 14:44:06 (Pacific Standard Time, UTC-08:00)
#  Trackback

In the random fun, complete waste of time department (you know you want to, come one, go ahead, click already):

Eggblog

Click click click.

Your entertainment options?

(via Scoble)



Add/Read: Comments [0]
Humor | Random Stuff
Thursday, 24 March 2005 07:16:19 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Wednesday, 23 March 2005

Skype v1.2 has been released. Check out the changes here, read the press release here, and download it here.

What's skype? It's software that runs on your computer and can let you talk in high quality audio to other skype users or to people with plain-ol' telephone lines. From their web site:

What we’ve got is a simple bit of software we want to give you. It’ll let you make free calls to your friends all over the world. And we don’t want any money for it. It’s free.

You could think of us as the big, free Internet telephony company. We prefer to think of ourselves as a big group hug, even a present. Yes… that’s it… we’re a present… but without the ribbon.



Add/Read: Comments [1]
Tech
Wednesday, 23 March 2005 22:06:53 (Pacific Standard Time, UTC-08:00)
#  Trackback

FirefoxAnother update to the Firefox web browser has just been released, and all users are advised to download and install the new version, as it contains a critical security patch.

The new version includes a number of fixes:

MFSA 2005-32 Drag and drop loading of privileged XUL
MFSA 2005-31 Arbitrary code execution from Firefox sidebar panel
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2

Download here: http://getfirefox.com/



Add/Read: Comments [0]
IT Security | Tech
Wednesday, 23 March 2005 21:25:27 (Pacific Standard Time, UTC-08:00)
#  Trackback

Microsoft has announced a large number of security webcasts that are set for April. The list here is quite long, so click to see them all, or check out the Security Webcast Calendar, which is a Word doc calendar with all the upcoming webcasts listed and linked.

There are lots of very good sessions planned. Anyone with a security responsibility or emphasis in their jobs should take a good look at these upcoming webcasts and consider viewing...

Upcoming Security Webcasts: April 2005

Security Webcasts are a convenient way for IT Professionals and Developers to stay technically updated on the latest Microsoft Security Guidance. These webcasts concentrate on security information and are presented by senior executives and other subject matter experts. They feature interactive technical presentations, product demonstrations, and question-and-answer sessions.

Microsoft Security Webcast Series: Upcoming & On-Demand

Security Webcast Calendar

NEW: Now you can register for an on-demand webcast and choose how you would like to view the archive. Downloadable Microsoft Office System PowerPoint and .wmv files are available for most webcasts that took place Dec. 1, 2004 or later. Once you register, you will be directed to the on-demand webcast and also shortly receive a confirmation email with links to the PowerPoint and .wmv downloads.

Additional Webcast Resources

Microsoft Security Webcast Series:  Upcoming & On-Demand

Digital Blackbelt Series: Defend your code from attacks

Ongoing through May

How would your code stand up to an attack? If you are not sure, join us for the Digital Blackbelt webcast series as Developer Community Champion Joe Stagner discusses security risks, vulnerabilities, and solutions from the software developer's perspective. We will provide real-life examples and security tips and tricks that can help you gain the knowledge and techniques to become an experienced “blackbelt” in writing secure code.

Web Development: Increase the security of your applications

Ongoing through May

Increasing the security of your software is not the result of a single event. From design through development, to testing and deployment, a multi-disciplinary approach must be taken to deliver a quality software product that minimizes organizational risk. Join Dennis Hurst, Senior Consulting Engineer at SPI Dynamics, and other guest speakers as they detail knowledge that can help developers increase security around the coding of web applications. 

Security360

Third Tuesday of Every Month

Learn best practices to guide your security strategy during this monthly webcast series. Each webcast focuses on a specific security topic and includes commentary from industry experts outside of Microsoft.

Security Webcast Calendar

Security webcasts listed in an easy-to-use calendar format.

BONUS: Attend any live webcast through June and you could win a Portable Media Center. See official rules for more details.

Additional Live & On-Demand Webcast Series Available NOW:

For IT Executives

Microsoft Executive Circle Webcast: Security360 with Mike Nash: Secure E-mail, It’s More than Filtering (Level 100)

Tuesday, April 19, 2005 - 9:00 AM - 10:00 AM Pacific Time

Mike Nash, Corporate Vice President Security Business & Technology Unit, Microsoft

Reducing the amount of spam clogging e-mail systems is top-of-mind. However, e-mail security is not just about preventing unsolicited messages; it is also about protecting the digital information assets you send through e-mail. On this month's Security360, guest host Amy Roberts, director of product management in Microsoft's Security Business and Technology Unit, will discuss with industry experts the whole spectrum of e-mail security, including filtering technologies, e-mail policies and enforcement, and partner solutions. As with every Security360, this session includes a checklist of recommendations and resources, as well as a live Q&A with industry experts.

http://go.microsoft.com/fwlink/?LinkId=43965

For IT Professionals

TechNet Webcast: Implementing Exchange Server Security (Part 1 of 2): Securing Services and Messaging Protocols (Level 300)

Monday, April 04, 2005 - 1:00 PM - 2:00 PM Pacific Time

Harold Wong, TechNet Presenter, Microsoft

Securing communication over networks is essential to securing your organization from intrusions, overloads, and interruptions of many types. In this first session of a two-part series on Exchange Server Security, we describe how to deploy a more secure Exchange Server 2003 infrastructure and how to secure its server services and messaging protocols.

http://go.microsoft.com/fwlink/?LinkId=43587

TechNet Webcast: How Microsoft IT Deployed PKI Inside Microsoft (Level 300)

Tuesday, April 05, 2005 - 9:00 AM - 10:00 AM Pacific Time

Larry Talbot, Microsoft IT SECURITY TECHNOLOGIST, Microsoft

This webcast presents a detailed discussion of how Microsoft IT installed a Public Key Infrastructure, built originally with Windows 2000 Server Certificate Services, and later upgraded with Windows Server 2003, to implement a secure communications and remote authentication infrastructure. This enabled the use of S/MIME signatures and encryption, secured Web connections by using SSL or TLS, ensured the confidentiality of stored data by using EFS, ensured the confidentiality and integrity of transmitted date by using IPSec, and enabled strong network user authentication by using Smart Cards. Join this webcast to find out how you can do this - or something similar - too.

http://go.microsoft.com/fwlink/?LinkId=44148

TechNet Webcast: "Ask The IT Security Experts" Series: Building Security Training and Awareness (Level 100)

Tuesday, April 05, 2005 - 11:00 AM - 12:00 PM Pacific Time

Ben Smith, Senior Security Strategist, Microsoft

Experts often talk about the importance and need for security training, but few actually talk about how to do it. Join us for this webcast as we bring together some of the sharpest security-focused Microsoft IT professionals to provide expert answers to your questions about Building Security Training and Awareness. This webcast presents proven, and slightly unconventional, methods of training users and administrators on security. As with all of our "Ask the Experts" webcasts, there will be plenty of Q&A time for the experts to field your questions. Send your security-related questions to our panel of experts ahead of time at: itxcast@microsoft.com.

http://go.microsoft.com/fwlink/?LinkId=43974

TechNet Webcast: Network Isolation Using Group Policy and IPSec (Part 1 of 3): Overview of Internet Protocol Security (Level 300)

Wednesday, April 06, 2005 - 11:00 AM - 12:30 PM Pacific Time

John Baker, TechNet Presenter, Microsoft

Data Isolation: How can it make your IT infrastructure safer, and how do you use Group Policies and IPSec to implement it? This session is the first of a three-part series presenting the information and tasks needed to implement data isolation using Group Policies and IPSec within an organization. This first installation provides an overview of the nature of Internet Protocol Security - the challenges to secure network communication, how IPSec can help, and the various ways IPSec can be implemented to achieve different types of secure communication.

http://go.microsoft.com/fwlink/?LinkId=43592

TechNet Webcast: Windows Server 2003 SP1 Technical Overview (Level 200)

Thursday, April 07, 2005 - 9:00 AM - 10:30 AM Pacific Time

Rand Morimoto, Author, President, Convergent Computing

Windows Server 2003, the latest server operating system from Microsoft, builds upon the security, reliability, and performance improvements implemented in previous versions. Organizations need these continuing improvements as their networks develop and network usage evolves with new technologies. Organizations also need Service Pack 1 to protect themselves from an increasing variety of network and computer. Join this webcast for a technical overview of Windows Server 2003 Service Pack 1, where we will present its features, configuration tools, system security enhancements, network security enhancements, and deployment options.

http://go.microsoft.com/fwlink/?LinkId=43599

TechNet Webcast: SQL Server 2005 Series (Part 4 of 10): Securing your SQL Server (Level 200)

Monday, April 11, 2005 - 9:00 AM - 10:00 AM Pacific Time

Bryan Von Axelson, TechNet Presenter, Microsoft

Parts four and five in our series highlight the security enhancements in SQL Server 2005. Part four of this series focuses on authentication and authorization while crypto support is covered in part five. We begin with authentication, examining the Security model, endpoint-based authentication and the password policy. Then we move on to explore authorization, covering User Schema separation, module execution context, granular permission control and Catalog security.

http://go.microsoft.com/fwlink/?LinkId=42448

TechNet Webcast: Implementing Exchange Server Security (Part 2 of 2): Protecting Against Unwanted E-Mail (Level 300)

Monday, April 11, 2005 - 1:00 PM - 2:00 PM Pacific Time

Chris Avis, TechNet Presenter, Microsoft

This second session of a two-part series on Exchange Server Security describes how to increase the security of e-mail that flows through an organization's Exchange servers. We also introduce you to Exchange Server 2003 features such as Real Time Block List support and Intelligent Message Filtering, tools making it easier to reduce the amount of unwanted e-mail before it spreads through your organization.

http://go.microsoft.com/fwlink/?LinkId=43602

TechNet Webcast: How Microsoft IT Implements Trustworthy Messaging at Microsoft (Level 300)

Tuesday, April 12, 2005 - 9:00 AM - 10:00 AM Pacific Time

Grant Hogan, Microsoft IT Service Manager, Microsoft

Similar to most enterprise organizations, Microsoft shares information among its resources through e-mail and other electronic documentation. At the same time, we have a concern for the security and privacy of this data. With that in mind, Microsoft created the Trustworthy Messaging initiative to provide confidentiality for key business sensitive data sent to and from internal corporate clients without sacrificing their ability to freely share this data. Join us as we review, in detail, Microsoft IT's implementation of Trustworthy Messaging.

http://go.microsoft.com/fwlink/?LinkId=44151

TechNet Webcast: Information about Microsoft's April Security Bulletins (Level 100)

Wednesday, April 13, 2005 - 11:00 AM - 12:00 PM Pacific Time

Christopher Budd, CISM, CISSP/Security Program Manager, Microsoft

Debby Fry Wilson, Director/Security Response Marketing, Microsoft

On April 12th, Microsoft will release its monthly security bulletins. Join this webcast for a brief overview of the technical details of these April security bulletins.  This webcast will provide you the opportunity to raise your questions and concerns about the security bulletins. A majority of the session will be devoted to addressing your questions and providing answers from our security experts.

http://go.microsoft.com/fwlink/?LinkId=43750

TechNet Webcast: Network Isolation Using Group Policy and IPSec (Part 2 of 3): Understanding Network Isolation Using IPSec (Level 300)

Wednesday, April 13, 2005 - 1:00 PM - 2:00 PM Pacific Time

John Baker, TechNet Presenter, Microsoft

This session is the second of a three-part series with the information and tasks you need to implement data isolation using Group Policies and IPSec. This session shows how to use IPSec to create network isolation zones. Topics include the advantages and limitations of network isolation, where network isolation fits into a defense-in-depth scheme, and how to use Group Policies and Active Directory groups to restrict access to specific servers.

http://go.microsoft.com/fwlink/?LinkId=43606

TechNet Webcast: Maximizing Security Features within Microsoft Office Live Communications Server 2005 (Level 300)

Thursday, April 14, 2005 - 9:00 AM - 10:30 AM Pacific Time

Sean Olson, Lead Program Manager, Microsoft

This technical session describes potential security threats and their mitigations for the Microsoft Office Live Communications Server 2005 release. We will focus on the new features and challenges differentiated from Live Communications Server 2003. The ultimate goal of this presentation is to provide you with the information commonly required to satisfy a security audit of a product prior to its commercial deployment. Topics will include authentication, auditing, and security recommendations for the new Live Communications Server 2005.

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032269267&Culture=en-US

TechNet Webcast: Securing the Network Perimeter with ISA Server 2004 (Level 200)

Friday, April 15, 2005 - 11:00 AM - 12:30 PM Pacific Time

Keith Combs, TechNet Presenter, Microsoft

Do you currently have an effective way to secure your network perimeter against risks introduced by the Internet, remote users, and remote network segments? Learn how Microsoft Internet Security and Acceleration (ISA) Server 2004 can help protect against all of these threats and more. This session demonstrates how ISA Server 2004 can enhance security for internal servers as well as external-facing resources such as Microsoft Exchange Server or Microsoft Internet Information Services. We will also show how ISA Server can operate as a virtual private networking server for more secure remote access to the internal network.

http://go.microsoft.com/fwlink/?LinkId=43759

TechNet Webcast: SQL Server 2005 Series (Part 5 of 10): Protecting Sensitive Data (Level 200)

Monday, April 18, 2005 - 9:00 AM - 10:00 AM Pacific Time

Bryan Von Axelson, TechNet Presenter, Microsoft

Parts four and five in our series highlight the security enhancements in SQL Server 2005. Building upon the discussion of authentication and authorization in the previous session, part five of the series covers the crypto support in SQL Server 2005. We begin with an introduction to the concepts of database encryption including encryption support, keys, certificates and key management. We show how SQL 2005 can protect sensitive data using data encryption and module signatures, and introduce sign modules, what these are and how they work.

http://go.microsoft.com/fwlink/?LinkId=42450

TechNet Webcast: Assessing Network Security (Part 1 of 2): Planning and Research (Level 200)

Monday, April 18, 2005 - 1:00 PM - 2:00 PM Pacific Time

Kai Axford, Security Specialist, Microsoft

How do you know whether your network is secure? And how do you know how to find out? This session is the first of a two-part series to help organizations plan and implement processes to identify vulnerabilities to network attacks. This first session shows how to plan your security assessment and how to gather information such that the methods and results fit your organization's needs. In this presentation we'll specifically show how to plan a security assessment and the details and processes for gathering network security information about your organization.

http://go.microsoft.com/fwlink/?LinkId=43762

TechNet Webcast: Threat Mitigation for Windows 98 and Windows NT 4.0 (Level 200)

Wednesday, April 20, 2005 - 9:00 AM - 10:30 AM Pacific Time

Harold Wong, Senior Technology Specialist, Microsoft

While migration to a newer platform is recommended, many customers have key business applications that will only run on legacy operating systems. This session offers prescriptive information and test plans for hardening legacy Windows clients and servers, with the goal of reducing the security risk factors for Windows NT and Windows 98 systems as much as possible. We also provide guidance on how to upgrade securely to newer operating systems.

http://go.microsoft.com/fwlink/?LinkId=43789

TechNet Webcast: Network Isolation Using Group Policy and IPSec (Part 3 of 3): Advanced Network Isolation Scenarios (Level 300)

Wednesday, April 20, 2005 - 11:00 AM - 12:00 PM Pacific Time

Matthew Hester, TechNet Presenter, Microsoft

This session is the final presentation of a three-part series about the information and tasks needed to implement data isolation using Group Policies and IPSec within an organization. The session describes several scenarios where you can use IPSec to enhance network security by using IPSec to create network isolation zones. This scenario-focused view of Group Policies and IPSec is based on Microsoft's prescriptive guidance.

http://go.microsoft.com/fwlink/?LinkId=43792

TechNet Webcast: Assessing Network Security (Part 2 of 2): Penetration Testing (Level 200)

Monday, April 25, 2005 - 1:00 PM - 2:00 PM Pacific Time

Kai Axford, Security Specialist, Microsoft

How do you know whether your network is secure? And how do you know how to find out? This session is the second of a two-part series on assessing network security, to help organizations plan and implement processes to identify vulnerabilities to network attacks. This second session shows how to implement penetration testing for intrusive network attacks, presents checklists that will help identify and remediate common issues, the tools and processes for scanning systems for vulnerabilities, and concludes with a case study where all these factors are put to work at a typical commercial enterprise.

http://go.microsoft.com/fwlink/?LinkId=43818

TechNet Webcast: Security Risk Management (Level 300)

Wednesday, April 27, 2005 - 9:00 AM - 10:30 AM Pacific Time

Kai Axford, Security Specialist, Microsoft

When establishing security for your network, you must take risk assessment, cost-benefit analysis, and implementation of security countermeasures into account. The Security Risk Management Guide, designed by Microsoft, can help your organization establish the ongoing process of security risk management. This 90-minute webcast presents a qualitative approach to risk management, tying in best practices from both the industry as well as the ones learned and formulated by the Microsoft internal IT Group.

http://go.microsoft.com/fwlink/?LinkId=43821

TechNet Webcast: Defense-in-Depth Against Malicious Software (Level 200)

Friday, April 29, 2005 - 11:00 AM - 12:30 PM Pacific Time

Michael Murphy, TechNet Presenter, Microsoft

Malicious software has become increasingly advanced; worms and viruses can propagate more quickly and evade detection more effectively. This session describes how a defense-in-depth approach to antivirus solution design can help protect various components of a computing infrastructure from malicious software attacks, including client computers, servers and networking devices. This webcast also covers implementing an effective outbreak control and recovery plan and identifying, containing and remedying the effects of malicious software.

http://go.microsoft.com/fwlink/?LinkId=43841

For Developers

MSDN Webcast: Practical Security for Intranet Solutions (Level 200)

Friday, April 01, 2005 - 9:00 AM - 10:30 AM Pacific Time

Joe Stagner, Developer Community Champion, Microsoft

Internal Web and Windows-based applications often require integration with existing applications and systems, access to databases, strong authorization and authentication mechanisms, and identity management. This webcast discusses strategies for incorporating security best practices into intranet solution development. We will provide practical guidance on how to implement security enhancements throughout intranet solutions and introduce future security improvements available to developers through Visual Studio .NET 2005 and ASP.NET 2.0.

http://go.microsoft.com/fwlink/?LinkId=43408

MSDN Webcast: Practical Security for Internet and Extranet Solutions (Level 200)

Monday, April 04, 2005 - 11:00 AM - 12:30 PM Pacific Time

Rob Jackson, Developer Community Champion, Microsoft

This session discusses strategies for incorporating security best practices into intranet solution development. Internal Web and Windows-based applications often require integration with existing applications and systems, access to databases, strong authorization and authentication mechanisms, and identity management. This session provides practical guidance on how to implement security enhancements throughout intranet solutions and introduces future improvements available to developers through Visual Studio .NET 2005 and ASP .NET 2.0.

http://go.microsoft.com/fwlink/?LinkId=43832

MSDN Webcast: Implementing Security for Mobile Device Solutions (Level 200)

Friday, April 08, 2005 - 9:00 AM - 10:30 AM Pacific Time

Joe Stagner, Developer Community Champion, Microsoft

Are you dealing with security issues and concerns with your Microsoft Windows Mobile-based solutions? This webcast will describe the various the security considerations for building mobile software solutions and the tools, technologies and strategies available to the mobile developer. Both traditional applications accessed through mobile devices and solutions designed specifically for mobile use can be affected. You will learn how to use the security features of the Microsoft .NET Compact Framework in conjunction with Windows Mobile-based PocketPC and Smartphone capabilities to provide more secure file storage and data access. During this 90-minute webcast will also cover how to protect mobile device communications with your application servers.

http://go.microsoft.com/fwlink/?LinkId=43585

MSDN Webcast: Digital Blackbelt Series: Defending the Database (Part 1 of 2): The SQL Injection Attack in Detail (Level 300)

Friday, April 08, 2005 - 11:00 AM - 12:30 PM Pacific Time

Joe Stagner, Developer Community Champion, Microsoft

Developers the world over underestimate the seriousness of a SQL Injection Attack. In this session we will dive deep into the topic and do some live hacks to see the huge danger of SQL Injection.  We'll discuss how a Mal-Tech might find and approach your box, discover your schema, table, and field names, steal your data, corrupt your table records, add himself as an administrator, reduce your own admin rights, pollute your network, take over your mail server, shutdown your application (and hide it from your ops people), upload his own wares and OWN YOUR NETWORK. Don't miss this webcast.

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032267306&Culture=en-US

MSDN Webcast: Writing Secure Code (Part 1 of 2): Best Practices (Level 200)

Monday, April 11, 2005 - 11:00 AM - 12:00 PM Pacific Time

Rob Jackson, Developer Community Champion, Microsoft

Do you want to learn more about analyzing, mitigating and modeling threats? This presentation is part one of a two-part series to help experienced developers build their knowledge of secure coding best practices. Join this 60-minute webcast to learn about established threat modeling methodologies and tools and how to apply them with other best practices to minimize vulnerabilities and limit damage from attacks.

http://go.microsoft.com/fwlink/?LinkId=43835

MSDN Webcast: Assessment: Tips and Tricks for Web Application Security Testing (Level 300)

Tuesday, April 12, 2005 - 11:00 AM - 12:00 PM Pacific Time

Dennis Hurst, Senior Consulting Engineer, SPI Dynamics

Caleb Sima, Founder and CTO, SPI Dynamics

This session will demonstrate the proper technique for testing a Web application to ensure that it is properly secure. In addition, we will discuss the challenges of Web application security throughout the development life cycle, and the available methods and tools used to test the security of Web-based applications. Attend this webcast and learn how to test a Web application using a Web browser and the inherent limitations of this approach. You'll also learn what obstacles must be overcome during application testing to ensure proper security.

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032267633&Culture=en-US 

MSDN Webcast: Developing Applications in Windows XP Service Pack 2 (Level 200)

Friday, April 15, 2005 - 9:00 AM - 10:30 AM Pacific Time

Rob Jackson, Developer Community Champion, Microsoft

Have you installed Microsoft Windows XP Service Pack 2 (SP2) and some of your applications are not working or are not working correctly? The new security features of SP2 may affect how certain types of applications run. Join this webcast to see examples of applications that may be affected and learn how to modify them to work with Windows XP SP2. Also, learn how to configure your development environment to work successfully on Windows XP SP2.

http://go.microsoft.com/fwlink/?LinkId=43793

MSDN Webcast: Writing Secure Code (Part 2 of 2): Best Practices (Level 200)

Monday, April 18, 2005 - 11:00 AM - 12:00 PM Pacific Time

Anand Iyer, Developer Community Champion, Microsoft

Are you looking for effective strategies to defend against common security threats faced by application developers? In part two of this two-part series for experienced developers, you will continue learning more about established best practices for applying security principles throughout the development process. During the 60-minute webcast we will discuss common security threats faced by application developers, such as buffer overruns, cross-site scripting and denial of service attacks, and how to effectively defend against these threats.

http://go.microsoft.com/fwlink/?LinkId=44153 

MSDN Webcast: Advanced Application Development with Windows XP Service Pack 2 (Level 400)

Friday, April 22, 2005 - 9:00 AM - 10:30 AM Pacific Time

Rob Jackson, Developer Community Champion, Microsoft

With Microsoft Windows XP Service Pack 2 (SP2), Microsoft is introducing a set of security technologies that will help improve Windows XP-based computers' ability to withstand malicious attacks from viruses and worms.  To developers these technologies will have an impact on the applications they create and the tools they use.  SP2 restricts how remote procedure calls are made across a network which may affect the operation of enterprise applications. Join this session as we discuss these interface restrictions and provide you with advanced application development techniques for SP2, including how to reduce RPC-based incompatibilities.

http://go.microsoft.com/fwlink/?LinkId=43812

MSDN Webcast: Digital Blackbelt Series: Defending the Database (Part 2 of 2): Making the Right Design Choices (Level 300)

Friday, April 22, 2005 - 11:00 AM - 12:00 PM Pacific Time

Joe Stagner, Developer Community Champion, Microsoft

After drilling down into the infamous SQL Injection attack in Part 1 of the Defending the Database, we will now address several of the questions and answers developers have concerning the database and security.  This session will cover topics such as, Secure Connections, SQL versus Windows Authentication, user versus role-based authentication, EXPs, Managed Stored Procedures, Alerts and Monitors.

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032267315&Culture=en-US 

MSDN Webcast: Implementing Security in the Development Lifecycle (Level 200)

Monday, April 25, 2005 - 11:00 AM - 12:30 PM Pacific Time

Joe Stagner, Developer Community Champion, Microsoft

Security should be your primary concern throughout the development process. This session discusses how security can be implemented at each stage of the software development life cycle. Microsoft has created the Security Development Life Cycle to describe how to implement security best practices by adding pointed and well-defined checkpoints to the existing development life cycle. This session outlines recommended changes to the design, development, testing, verification and release phases that can reduce the number and severity of security vulnerabilities shipped to customers.

http://go.microsoft.com/fwlink/?LinkId=43816

MSDN Webcast: Remediation: Developing Secure ASP.NET Applications (Level 300)

Tuesday, April 26, 2005 - 11:00 AM - 12:00 PM Pacific Time

Dennis Hurst, Senior Consulting Engineer, SPI Dynamics

Prashant Sridharan , Lead Product Manager - VS, Microsoft

Are you looking for a way to correctly validate input easily and quickly to ensure it is secure? This webcast will show you real-life examples and demonstrate how you can do this.  Throughout the webcast we will discuss secure state management, how to apply state management across multiple applications, as well as how to setup and develop proper authorization and access control to ensure that privilege escalation defects/vulnerabilities are removed. Attend this webcast to learn advanced Web application protection techniques covering how to code login forms and other form inputs so they are immune to malicious brute force attacks.

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032267641&Culture=en-US 

MSDN Webcast: Practical Security for Intranet Solutions (Level 200)

Friday, April 29, 2005 - 9:00 AM - 10:30 AM Pacific Time

Joe Stagner, Developer Community Champion, Microsoft

Internal Web and Windows-based applications often require integration with existing applications and systems, access to databases, strong authorization and authentication mechanisms, and identity management. This webcast discusses strategies for incorporating security best practices into intranet solution development. We will provide practical guidance on how to implement security enhancements throughout intranet solutions and introduce future security improvements available to developers through Visual Studio .NET 2005 and ASP.NET 2.0.

http://go.microsoft.com/fwlink/?LinkId=43913

Additional Webcast Resources 



Add/Read: Comments [0]
IT Security | Tech
Wednesday, 23 March 2005 16:54:28 (Pacific Standard Time, UTC-08:00)
#  Trackback