Yasser'sThe Real World of XML Web Services book is back online
hereNice one to bookmark...
By Don Awalt and Rick McUmber
Summary: All great architects have mastered the ability to conceptualize a solution at distinct levels of abstraction. By organizing the solution into discrete levels, architects are able to focus on a single aspect of the solution while ignoring all remaining complexities. Presents techniques for applying levels of abstraction to IT solutions, and compares this to other engineering disciplines.
Via PC Mag : Windows XP Service Pack 2 promises to raise the security bar for the sometimes beleaguered operating system. Unfortunately, one of the new features could be spoofed so that it reports misleading information about system security, or worse, lets a malicious program watch for an opportunity to do damage without being detected. The feature is the Windows Security Center (WSC),
which displays the status (see the figure)of the key elements of your defenses: Firewall, Updates, and Antivirus. If your firewall has been disabled, or your antivirus is out of date, that news will display here. The information is stored in an internal database managed by the Windows Management Instrumentation (WMI) subsystem built into Windows. However PC Mag tried to spoof it with a simple script via WMI instructions...
Check the second figure...
then..spoofed like this..
Microsoft responds...."In SP2, we added functionality to reduce the likelihood of unknown/devious applications running on a user's system, including turning Windows Firewall on by default, data execution prevention, attachment execution services to name a few. To spoof the Windows Security Center WMI would require system-level access to a PC. If the user downloads and runs an application that would allow for spoofing of Windows Security Center, they have already opened the door for the hacker to do what they want. In addition, if malware is already on the system, it does not need to monitor WSC to determine a vulnerable point of attack, it can simply shut down any firewall or AV service then attack – no WSC is necessary." Read more here
Dave Johnson, the creatorof a nice java based weblog engine called "
Roller"is now offered by
Sun Microsystems to developa primary blogging system as a part of sun's next step towards community practice.Good step ..sun.
Roller is one of cool blogging systems avaiable now online. My J2EE buddy
Srinivas had recently moved his blog (
www.javablogs.net) from MT based engine to jroller.com and he was fascinated to blog everyday now. Welcome
Roller....
One of the Tech-Ed 2004 (Bangalore, India) attendees asked a nice question to the speaker of "Security in ASP.NET Applications" session.
i.e "Why do we need View-Source at all? when it is giving so much of hacking power to the end-user ?"
Probably this question looks like a novice question, but very valid one. I tried to find out about this, but in vain...But check out
this cool article on the same...via Scobleizer
link : http://weblogs.mozillazine.org/roadmap/archives/006284.html
Now http://www.mvpblog.com is up with a cool home page where anyone
can read all Indian MVP blogs (currently has indian mvps only) at one
place.
I hope this will be more usefull for the Local communities to read all
the MVP blogs at single site. Please pass this information to your
local communities.
Future plans :
-------------------
01. Categorized Feeds
02. Including MVP blogs from worldwide
CODE COVERAGE EDITION for .NET 2.0 Redist is avaiable for download here
The .NET Framework Version 2.0 Code Coverage Edition Beta 1 is a special edition of the .NET Framework redistributable package that enables developers to give Microsoft direct feedback on what portions of the .NET Framework and Win32 their applications and components are most reliant on.