Not so much software related , but something to keep in mind when designing user interfaces aimed for security purposes. From the following picture, guess which buttons are being used for typing in the parking lot gate code ...   BTW, this is a real life parking lot code key..

The team thinks it should be 5.0 since the new features were pretty huge! :)  The full release notes are here .  The new version includes role based security which allows you to slice and dice the access to various features across your organization.  We also have a new feature that allows...

This morning I signed up with a major credit card company website.  Much to my surprise I was greeted with this requirement while choosing a password: Your Password should contain 6 to 8 characters . at least one letter and one number (not case sensitive), contain no spaces or special characters...

If you understand hashing and salting then skip the next paragraph. Stored passwords for logins should be hashed and salted.  Hashing is a one way mechanism to produce a practically unique value based on the given input.  This is useful since we can store the hash (and validate the password...

Shipping software is one of the most exciting times for a development team but this new release is easily the most anticipated version of Secret Server to date by our customers. Secret Server 3.1 will feature the two most requested features from customers who visited our booth at TechEd in June 2007...

Our own Kevin Jones has been awarded MVP for ASP.NET by Microsoft. This award recognizes his excellence in technical skills and his contributions to the community in spreading best practices in software development. Kevin has been instrumental in the development of Secret Server since 2.0 and now including...

A simple way to compromise security of computers everywhere. How nice. AttackAPI (0.6) August 31st, 2006 AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client (and server) related technologies. The current release supports several...

as i have blogged earlier, this week starts with a firework of announcements. I missed a intresting new tool Microsoft Standard User Analyzer (pubished on thuesday) This application compatibility tool helps developers and IT professionals diagnose issues that would prevent a program from running properly...

Web page that is not attacked by security team or developers and testers before going to live can be considered as unsecure because nobody knows how it behaves under attacks. Unfortunately there are many web pages that are not secure and not event tested with security in mind. If some of these web pages...

Today’s stupid mistake comes to you via the web.config file in an ASP.NET 4 Web application project. At runtime, when navigating to default.aspx, ASP.NET choked with this error message: Parser Error Message: Sections must only appear once per config file.  See the help topic <location> for...