3 min read

Missing Drive Space? Check IntelliTrace Files

My laptop has a relatively old SSD, so it only has about 128 GB of space.  This works out nicely because I like to keep projects and extraneous files on an external drive.  However, when you’ve got Visual Studio 2005-2010 installed, 2 instances of SQL Server installed, and god knows what else installed, space gets…

4 min read

Vulnerabilities in Twitter’s OAuth Implementation

Earlier this week Twitter disabled Basic Authentication for clients, and switched over to their new OAuth implementation.  It turns out though that OAuth is fairly weak in a few areas, as it hasn’t really become a mature standard.  While this isn’t the end of the world, it does leave each implementer to their own devices…

Less than a minute read

Bizarre Error Message from Explorer

Interesting error found in explorer.exe.  I tried hitting [Windows] + [E] and got this message: Kinda bizarre.  I blame solar flares.

2 min read

ADFS 2.0 Windows Service Not Starting on Server 2008

I’ve been working on getting a testable ADFS environment setup for evaluation and development.  Basically, because of laziness (and timeliness), I’m using Windows Virtual PC to host Server 2008 guests for testing.  I didn’t have the time to setup a fully working x64 environment, so I couldn’t go to R2. One of the issues I’ve…

4 min read

AntiXss vs HttpUtility – So What?

Earlier today, Cory Fowler suggested I write up a post discussing the differences between the AntiXss library and the methods found in HttpUtility and how it helps defend from cross site scripting (xss).  As I was thinking about what to write, it occurred to me that I really had no idea how it did what…

3 min read

Visual Studio Step Up Promotion…The Headache

A few months ago some friends of mine at Microsoft told me about a step-up promotion that was going on for the release of Visual Studio 2010.  If you purchased a license for Visual Studio 2008 through Volume Licensing, it would translate into the next version up for the 2010 version.  Seems fairly straightforward but…

8 min read

Bad User Interfaces are Insecure

The Best of Intentions So you’ve built this application.  It’s a brilliant application.  It’s design is spectacular, the architecture is flawless, the coding is clean and coherent, and you even followed the SDL best practices and created a secure application. There is one minor problem though.  The interface is terrible.  It’s not intuitive, and settings…

16 min read

Six Simple Development Rules (for Writing Secure Code)

I wish I could say that I came up with this list, but alas I did not.  I came across it on the Assessment, Consulting & Engineering Team blog from Microsoft, this morning.  They are a core part of the Microsoft internal IT Security Group, and are around to provide resources for internal and external…

1 min read

Deleting Temporary Internet Files from the Command Line

A quicky but a goody.  Sometimes you just need a quick way to delete temp files from IE.  In most cases for me its when I’m writing a webapp, so I’ve stuck this in the build properties: RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8 RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2 RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1 RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16 RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32 RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255…

10 min read

Security, Security, Security is about Policy, Policy, Policy

The other day I had the opportunity to take part in an interesting meeting with Microsoft. The discussion was security, and the meeting members were 20 or so IT Pro’s, developers, and managers from various Fortune 500 companies in the GTA. It was not a sales call. Throughout the day, Microsofties Rob Labbe and Mohammad…