CloudSec

Security, Privacy, and Governance in the Cloud

  • CloudSec

    Understanding Service Credits under 99.9% Service Level Agreements (SLA)

    • 1 Comments
    The new Microsoft Online services represent an excellent option for businesses to base all or part of their Exchange, Sharepoint and MeetingPlace functionality within a Microsoft hosted data center. But what about Service Level agreements for these...
  • CloudSec

    SDL Trickle Down Theory

    • 0 Comments
    I just read a new article over in CSO-Online about our VP of Trustworthy Computing at Microsoft, Scott Charney. In it, they refer to him as the "Axe Man" and his ability to stop products from rolling out due to security concerns Since Charney...
  • CloudSec

    US Senate introduces strong privacy bill - YOU are accountable

    • 0 Comments
    This bill was introduced last year, and is making the rounds again. Some of the wording that IT Management might want to read very carefully, centers on their accountability when certain data breaches occur: Key features of the bipartisan legislation...
  • CloudSec

    New Threat Analysis and Modeling (TAM) 2.1 tool released

    • 0 Comments
    Containing many bug fixes and some enhancements , this is a great tool for organizations who may not have dedicated teams of security analysts, but want to model their application and automatically generate many of the possible threats. The following...
  • CloudSec

    Mono not mentioned in Novell WebCast - but it is in the FAQ

    • 0 Comments
    As a developer, the first thing I thought about with the Novell announcement was Mono and whether or not Microsoft would be putting resources toward that Herculean effort. Miguel makes reference to the FAQ which talks about this subject: Q: What...
  • CloudSec

    Should we say goodbye to SecureString?

    • 0 Comments
    Dominick over at Least Privilege makes reference to the new functionality added to HawkEye which allows developers to display the contents of SecureString, and also change the current principal of the running thread. This looks like a really great debugging...
  • CloudSec

    Guidance Library filled with security goodness!

    • 0 Comments
    The folks over at the Patterns and Practices Team have done it again with the Guidance Library - containing all kinds of best practices, mini "How-Tos" and coding samples for .NET. What's great about this site is that you can categorize the best practices...
  • CloudSec

    Don't be a Security Nazi

    • 1 Comments
    I was out at a customer site last week and needed to have access to their internal corporate network to do some work for the week. Their process for providing access to outside consultants was actualy quite mature - basically, I needed to send an email...
  • CloudSec

    Two kinds of people - and the Orcas CTP as a VM!

    • 0 Comments
    There is an old saying out there: There are two kinds of people in the world - those who have lost all of their data, and those who will! I now count myself in the party of the first part. To make a long story short, I decided to upgrade to Windows...
  • CloudSec

    Problems with Vista Security in Europe

    • 0 Comments
    I was wondering when this issue was going to come up in the anti-trust discussions. It seems as if the EU commission is raising concerns that the 'bundled' security features of Microsoft Vista might block out competitors in the security space. To me...
  • CloudSec

    Credit Card Companies form security council

    • 0 Comments
    It seems that the evolving PCI (Payment Card International) standard is getting more support with all of the major credit card companies agreeing to get together to form the new Security Standards Council . While the PCI is fairly high level right...
  • CloudSec

    Does AOL have a Secure Development LifeCycle in place?

    • 1 Comments
    Yet another set of headlines this week about data being leaked accidentally from internal employees. This time, the news is from AOL, where information was posted on-line about user searches. According to AOL “This incident took place because some...
  • CloudSec

    New Threat Modeling Tool and 'hip' video released

    • 3 Comments
    So everyone is talking about the new .NET 2.0 based threat modeling (Beta) that has just been released. From my initial fly-by, it looks like a very different approach than the older tool which relied on software developers to learn and master the concepts...
  • CloudSec

    Changing the default membership and role provider in Visual Studio 2005

    • 0 Comments
    When you initially install VS2005 and start to use the default membership and role providers for security, you usually use the default SQL provider for SQLExpress on your local box. But what if I want to later change from SQL Express, and instead use...
  • CloudSec

    AJAX poses security, performance risks

    • 0 Comments
    With the increasing popularity of Ajax/Atlas as the new 'holy grail' of development, it easy to predict the number of security problems in all of that javascript and xml flying all over the place. The folks over at the secure development mailing list...
  • CloudSec

    Mike Nash responds to Slashdot Security questions

    • 0 Comments
    Mike Nash responds to some of the most popular questions from the SlashDot crew on the state of Microsoft product security, and how we go about creating secure software. Say what you want about Slashdot, but I for one am glad to see that we are responding...
  • CloudSec

    Vista Security Love-Ins at TechReady in Seattle

    • 1 Comments
    I'm out at Tech Ready in Seattle and am attending as many Vista Security sessions as I can. The fact that for most users, Vista processes will be running by default as non-admin is going to make a world of difference in the security space moving forward...
  • CloudSec

    Spending a Saturday at Security code camp in Reston

    • 0 Comments
    A beautiful, crisp, fall Saturday with plenty of sunshine and fresh air. But I chose to spend it locked in a room full of about a hundred other people, talking about .NET security at the Mid Atlantic Security Code Camp hosted by G. Andrew Guthie. If...
  • CloudSec

    Letting SQL 2005 do they heavy work of encrypting data

    • 1 Comments
    Many of the developers I work with go through the pain of trying to figure out how to encrypt data before passing it on to the database tier. What encryption algorithms do I use? What key length? How do I create an operational infrastructure to manage...
  • CloudSec

    Security Patterns and Practices - ADO.NET 2.0

    • 0 Comments
    The Patterns and Practices team have come out with new guidance and best practices surrounding ADO.NET 2.0 . A great synopsis of all things most folks already know - but some new and interesting content around partial trust apps, and signing your database...
  • CloudSec

    Security Trimming in ASP.NET 2.0

    • 0 Comments
    Dan Sellers talks about Security Trimming in ASP.NET as a great way to easily limit access to certain areas of you application to certain roles/ I've never seen Dan's blog before - but it's chalk full of developer security goodness! Subscribed. ...
  • CloudSec

    Securing WPF when running in the browser

    • 0 Comments
    Karen Corby has written a great article about hosting Windows Presentation Foundation in the browser . At the end of the article, are some really great little nuggets about security considerations and capabilities when running WPF in a 'sandbox'. She...
Page 1 of 1 (22 items)