Contents tagged with Security
-
Why you shouldn't be using passwords of any kind on your Windows networks . . .
…use passphrases instead:
-
Now running under WPA...
It took me a while, but I’ve finally upgraded my home network to use WiFi-Protected Access (WPA) instead of WEP for securing my wireless connectivity. The upgrade was complicated by a laptop with a built-in WLAN adapter that didn’t support WPA (I switched to using the wired connection on that one) and a wireless bridge that was the wrong hardware revision to support an upgraded firmware patch to enable WPA (a Linksys WET54G). The good news is that after a few frustrating phone calls to Linksys, they allowed me to swap my wireless bridge for the later revision, which supports WPA via a firmware update. I got the new unit today, updated the firmware, configured my router (WRT54G), bridge, and TabletPC to use WPA, and all is working quite nicely. If only it was as easy getting WPA-enabled hardware as it was to configure the settings…
-
Nifty solution to some of the problems of least privilege
One of my fellow Microsofties has come up with a neat solution to some of the hassles of running your workstation using a non-admin account. My advice for getting around things you can’t do as a non-admin has long been to simply run programs from a command prompt that you’ve started with RunAs, using the credentials for an account with admin privileges. The problem is that some programs don’t play well in this scenario, particularly install programs that run based on specific settings for the user installing the program. When you run programs like this, they (and/or their settings) end up associated with the admin account you’re using, rather than your less-privileged account.
-
An open letter to wireless networking manufacturers
Dear Wireless Networking Manufacturer,
-
Security at Home
If you’ve got friends or family who are the non-geek types, and need help with security, this might save you a few of those “how do I…?” phone calls…
-
MS04-024: Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)
Another example of why it’s a bad idea to run as an administrator on a day-to-day basis:
-
Security...not just a Microsoft problem
As evidenced by a Linux kernel flaw that resulted in a DoS attack against Akamai, effectively denying access to large sites like Google, Yahoo, and Microsoft. Not gloating here, just observing that this demonstrates that all operating systems can be vulnerable to security issues. This also suggests that the “more eyes = more secure” assertion made by open source advocates is perhaps a little overstated. After all, the Linux kernel is probably one of the most read parts of the Linux codebase. If it’s possible to find a flaw in the kernel, what does that say for other parts of the codebase that are not as thouroughly vetted? Again, this is not about trashing Linux, it’s about being clear that security is an issue for everyone, it’s not just a Microsoft problem.
-
Security Tour Complete
The MSDN Security Briefings tour I was on is complete, as of this week. My sincere thanks to everyone who came out to listen and learn. I especially appreciate all the kind comments I received.
-
Debugging an ASP.NET application as a non-admin
One of the many Microsoft bloggers provides a workaround for those of us looking to debug ASP.NET applications without resorting to Admin privileges…a workaround that uses the predecessor of the Whidbey web server from ASP.NET Web Matrix to do debugging locally:
-
The consequences of poor security...
…apparently apply to l33t h4x0r5, too: