October 2004 - Posts
I really like it! I think that it's a great product. And not because I received a free version 
.
I'm currently testing it at home, and it's great to use my desktop PC, connected also to my 29 inch TV, to display the content of my laptop, without having to switch cables...
The feature is called "Mirror display", and it's great. I'm thinking to use it also in classes and seminars that I teach, to show my demos without having to switch videos, or changing the PC.
I like the ability to extend my desktop on other PCs display's, but I don't think to use it too much, because my laptop has the best display.
But perhaps I'll change my mind when monday I'll try the 4 PCs extension...
You can find it here: http://www.maxivista.com/
 | My friend Andrea Boschin has released IMHO 1.0 Instant Blogger under the GPL license on SourceForge.
It allows to write your posts using an WYSIWYG HTML editor, to store them, and to publish them later.
English and Italian versions are available. |
The program is still in alpha, but it's very usable and stable. Andrea hopes to improve it with a lot of other features. If you have any suggestion you can contact him.
Here you can see a sample of the interface (in Italian):
Added the support for libero/wind mails.
Now it supports OWA2003, Squirrel, libero, wind, iol and blu mails.
You can find it here: https://sourceforge.net/projects/webmailplus/
I've released the VB.NET sources under CVS, they should appear in few hours.
I was using the GDISCAN.EXE to check my PC when I found a possibly vulnerable MSO.DLL in Common Files\Microsoft Shared\Office 10.
It says "possibly vulnerable under Office XP", but I don't have Office XP, so I thought that I could rename it to __MSO.DLL.
But... when Visual Studio .NET 2003 started... the MSDN Library October 2004 asked for the MSDN DVD... something was missing...
Guess what file was missing? I renamed the file and everything worked.
I searched for the patch, but the patch was only in .MSP format for Windows Installer, but I don't have the corresponding .MSI file installed.
So I asked a friend if he has updated his Office XP and I grabbed the patched DLL from his PC...
Now I don't have any other vulnerable GDI+ DLL installed, until the next installation...
As confirmed by my friend Raffaele Rialdi (an italian MVP) in this post on his italian blog, also other types of authentication are vulnerable by the %5c or \ characters in the URL.
Try to protect a site with Windows Autentication, and then to protect some pages that only Administrators (for example) can see, using location tags.
Log into the site as a user (if you're not logged IIS will block you...), and try to go to the protected page with the %5c character, and... you can see it...
The problem (as remarked by other italian .NET experts) is in the URLAuthorizationModule, and is a classic URL Canonicalization problem (see this and this posts, from Roberto Brunetti and Daniele Bochicchio [MVP], but they're in Italian).
At the end in this post from Paolo Pialorsi (also in Italian) it's explained that other sequences can result in troubles, and that ASP.NET 2.0 (tested with the built-in web server, because IIS6 was not vulnerable by default) is not vulnerable to a single \ or %5c, but it fails with two of them... 
As pointed by the post from Andrea Saltarello [MVP] and one post from me, using Windows 2003 or using URLScan will stop this problem.
Another solution is in Rob's post (in italian) and is to rewrite the URL in the global.asax or in an HTTPModule.
More Posts