I have posted slides and demo code from my talks this month at Code Camp 5, DevTeach, and VSLive! on my site here . I have also posted each of these individually on the respected sites for the conference. Each of these conferences went well. There were lots of great questions, and as with all speaking...

I haven't blogged for awhile (missed a month! -- wow, where does the time go?). I have been working various short-term gigs for several months now, typically flying onsite to a few locations, as well as one-three week assignments. I also spent a couple of days teaching a VB 2005 class at a company. Those...

A little late (voting ends today at 5:00 pm), but I have submitted a Birds of a Feather (BoF) session for TechEd 2006: Developing as a Non-Administrator with XP and Vista There has been lots of talk lately about the importance of running and developing software with least privilege accounts (LUA). Unfortunately...

I am planning my speaking for the first part of this year. Here are the various events that are already confirmed: Updated (2/21/2006): ICCA (Independent Computer Consultants Association) Boston Chapter meeting on February 28, 2006 in Waltham, MA. I will not be a panellist along with a few other consultants...

Yesterday's session on " Leveraging .NET 2.0 Security Features " went quite well. I have posted slides and code on my site here . This was the first time I presented on the ideas of SecurityTransparency -- a new way of separating your code into SecurityTransparent (code which doesn't require privilege...

It has been a busy month and a half since I last blogged -- too busy. But, it has been fun as I have done a few security code audits, lots of development in C++ and Java, new Windows Forms development in .NET 2.0, and kept up to date with the latest in security and development in general. I have been...

I mentioned last month I was interviewed by John Alexander and Jeff Julian for a podcast at the Heartland Developers Conference 2005 . The interview is now live . Here is the description of the show: Our guest this week is Robert Hurlbut, Microsoft Security MVP. We discuss Security Best Practices, encryption...

Dana Epp describes a Threat Modeling talk he recently heard presented by Dan Seller of Microsoft. One key idea from the talk is that DREAD is dead, according to Dan. If you don't know, DREAD was a way to assign ratings to threats, but this has proven to be too subjective when you have both security experts...

I spoke to the New England SQL Server User Group last night in Waltham, MA on SQL Server Security . The group was a good mix of DBAs, wanna-be DBAs, developers forced at times to be DBAs, and developers. I covered the problems with trying to secure SQL Server (various types of attacks, etc.) as well...

I will be speaking tonight to the New England SQL Server User Group at Microsoft in Waltham, MA. My friend Andrew Novick will give a talk on SQL Server Auditing at 6:00 PM and I will give my talk on SQL Server Security (covering SQL Server 2000 briefly and then the new features of SQL Server 2005) at...