Brian Johnson's Startup Developer Blog

October, 2004


    Security in Microsoft Products Chat


    Update: Chat is over, thanks everyone for coming. That was fun. Next chat is November 18th.

    Update: This chat is happeing now. Click here to enter.  (I'll pull this post off the security feed when the chat is finished.)

    There's a chat tomorrow (Thursday) at 2:00 PST around Security in Microsoft Products. Here's a link to the chat page with more information. You can add this chat to your Outlook calendar by clicking here

    Microsoft Security Chat Series
    Join Mike Nash, Vice President for the Microsoft Security Business Unit, and his team of security experts each month. Microsoft is working hard to improve security and Mike and his team invite you to join them in a candid Q&A session. Ask us your tough questions; share with us what is going well and what needs improvement. This is your chance to talk up front with the leading security minds at Microsoft.
    The host for this month's chat will be Rich Kaplan. This is really a great opportunity to talk to the top security experts at Microsoft, so be sure to drop in.

    Microsoft Security Bulletin MS04-028 Updated

    Microsoft Security Bulletin MS04-028 was updated today. We also published a new piece titled GDI+ 1.0 Security Update Overview. To help track the new and upcoming content around this issue, we created a new page on the Security Developer Center. This page links to any articles and information we publish around the issue and I'll add any new resources that I can find. This page also contains a short FAQ about the issue and about side by side deployment. You can get to the page here:
    All About GDI+
    This page contains information about a newly-discovered, privately reported vulnerability in GDI+. A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. This page contains information and links for developers who need to better understand this issue.
    I'll probably add more stuff to this page over the next couple of days. If there's anything specific you would like to see, just drop me a note.

    Wow: 'New' giant ape found in DR Congo

    From the BBC:
    'New' giant ape found in DR Congo
    Scientists believe they have discovered a new group of giant apes in the jungles of central Africa.
    Can't wait to see some pictures. I don't think the picture on the page is one of the new animal.

    October 2004 DirectX 9.0 SDK Available

    The DirectX 9.0 SDK Update (October 2004) is now available for download.
    DirectX 9.0 SDK Update - (October 2004)
    Download the complete DirectX 9.0 SDK - (October 2004), which contains the DirectX 9.0c Runtime and all DirectX software required to create DirectX 9.0 compliant applications in C/C++, and C#.

     Download DirectX 9.0cIf you haven't played with DirectX SDK before, this weekend might be a good time to download it and give it a shot. Be sure to check out the Microsoft DirectX 9.0 SDK Update item that gets added to your All Programs menu in Windows. There's a DirectX Sample Browser that lets you sort the samples available, and it even copies individual projects that you might want to start with to your Visual Studio Projects folder.

    You can find more DirectX information on MSDN here.

    Update: Mitch Walker has more information about the changes here.


    Schneier on Security

    I just found a post on Larry Osterman's blog that mentions that Bruce Schneier has a new weblog. I'll have to agree with Larry, these posts are a goldmine of security information.
    Schneier on Security
    A weblog covering security and security technology.
    Here's the RSS feed.

    ASP.NET Incident Page Updated

    The incident page detailing the reported ASP.NET vulnerability has been updated to include information about a new mitigation option for this issue. Check it out here:
    What You Should Know About a Reported Vulnerability in Microsoft ASP.NET
    This page was updated October 7, 2004, to include information about a newly released mitigation option, an HTTP module installer. This module protects all ASP.NET applications on a Web server against canonicalization problems that are currently known to Microsoft as of the publication date. We will continue to update this page as additional guidance and resources become available.
    And this is a link to the new ValidatePath module page in the download center:
    Microsoft ASP.NET ValidatePath Module
    Microsoft has released an ASP.NET HTTP module that Web site administrators can apply to their Web server. This module will protect all ASP.NET applications against all potential canonicalization problems known to Microsoft.

    SPOT Development

    Sorry, this is short notice, but I just found this on the Mobility Developer Center:
    Calling all Developers!
    The Microsoft Smart Personal Objects Technology (SPOT) group is looking for talented developers to create 'Channel' applications for the Smart Watch initiative - with payment of up to $10,000.
    It looks like the deadline is Monday, so if you have a cool idea, check this out and get it in.

    ASP.NET Security Issue Posted

    Tonight we posted some information and guidance around a reported security vulnerability in ASP.NET. The heart of the problem is a canonicalization issue in dealing with certain URLs. Check out the page here, and be sure to take a look at KB article 887459 if you're running an ASP.NET web site.
    What You Should Know About a Reported Vulnerability in Microsoft ASP.NET
    Microsoft is currently investigating a reported vulnerability in Microsoft ASP.NET. An attacker can send specially crafted requests to the server and view secured content without providing the proper credentials. This reported vulnerability exists in ASP.NET and does not affect ASP.
    Remember that in North America you can receive no-charge help with security update issues or viruses by calling (866) PCSAFETY (727-2338). I'll post more on this issue as information becomes available.

    Way cool concept...

    Check this out. It's called Yourself Fitness. It's an exercise game with a personal trainer. This is something I might actually use. :)
    Yourself!Fitness brings the expertise of a personal trainer to your home with the first health and fitness game for the Xbox. Your virtual personal trainer, Maya, will build a fully interactive fitness program personalized to your needs, keeping you motivated and delivering the results you've always wanted!

    Antivirus Defense in Depth Guide Updated for XPSP2

    On Friday, Microsoft posted version 2.0 of the Antivirus Defense in Depth Guide. You can find out more and download it from here:
    The Antivirus Defense-in-Depth Guide
    The information presented in the Antivirus Defense-in-Depth guide has been updated to reflect the security improvements provided as part of Windows XP Service Pack 2. A number of the features in Windows XP Service Pack 2 have made it more difficult for malware to attack a Windows XP based computer. The updates to this guide are designed to ensure these enhancements are identified and explained.
Page 2 of 3 (21 items) 123