Security

Here are the events listed in Community Megaphone for the next week (or so) for the Mid-Atlantic area, as well as webcasts of interest…this list includes events imported from the UGSS event calendar : .NET Security - A to Z Tuesday, March 15, 2011 6:30...

Here are the events listed in Community Megaphone for the next week (or so) for the Mid-Atlantic area, as well as webcasts of interest…this list includes events imported from the UGSS event calendar : Microsoft Web Camp Tuesday, March 08, 2011 9:00 AM...

Scott Guthrie has all the details, and links to manual installs for the patches if you don’t want to wait until they show up on Windows Update. If your site is hosted remotely, you should check with your web host to find out when they plan to install...

UPDATE : Scott Guthrie just announced that the patch for this issue will be released tomorrow (Tuesday, Sep. 28th) at approximately 10:00am PDT. The patch will appear first on the Microsoft Download Center, and will be released to Windows Update and the...

If you’ve ever been in the situation where you’re visiting a site where some of the content is delivered via http, and some via https, you may have seen the following security dialog (this is the IE version, but Firefox has a similar dialog): It’s not...

Denny Boynton , a fellow Microsoft Evangelist, has started a new blog series on Windows 7 that looks interesting, starting with a post on locking down which apps can be installed on your PC : I’ve been running Windows 7 Beta on all of my machines, work...

While getting ready to roll out some new functionality for Community Megaphone , I decided to go ahead and add an SSL cert to the site to support SSL encryption of credentials used by event approvers and other site features. Although it had been almost...

So says Stephen Walther (who recently keynoted the Reston MSDN Developer Conference ). Why not use Delete links in an MVC app? I’ll let Stephen tell you : I created a sample ASP.NET MVC application that I plan to post at the http://www.ASP.net/mvc...

[bumped and updated] For folks who attended my MSDN Event yesterday in Reston, covering WPF, Windows Vista Security, and .NET 3.5 SP1, here’s where you can get the decks and some of the code from those talks ( I’m seeing if we can get the rest of the...

Here are the events listed in Community Megaphone for the next week (or so) for the Mid-Atlantic area: Monday, September 22, 2008 7:00 PM: DC-MD-VA Microsoft Robotics Studio Group - MRDS Workshop 2. We all know there is some complexity using Microsoft...

Here are the events listed in Community Megaphone for the next week (or so) for the Mid-Atlantic area…note that the MSDN Events in Reston (9/16) and Richmond (9/18) are being presented by yours truly, as is the presentation on AJAX at the Charlottesville...

Sounds like one of those stories with a predictable punchline. But there's a surprise and I won't spoil it: My blog was hacked over the weekend. ... ZDNet broke the news on Monday - I was awakened by PR people. The headline read, “Microsoft privacy guru...

This is definitely one tool you should be trying if you're writing web apps with Visual Studio. Cross-site scripting bugs are one of the most frequent classes of security issues in web apps, and as such any tool that can help you identify and remove these...

Catherine Heller has posted a very detailed how-to on implementing the new web-auth for Windows Live ID ...as soon as I have a little extra time, I'm going to play around with this, in case I need it for http://www.madcodecamp.com/ . Windows Live ID Web...

Some interesting info on the what, how and why of the Windows Live ID SDK : Microsoft recently opened up its Windows Live ID service to third-party web developers. Windows Live ID—formerly known as Microsoft Passport—is a web-based authentication service...

I know there are probably some folks who roll their eyes when Microsoft uses the term "platform-neutral" : Windows Live ID Web Authentication 1.0 SDK Brief Description The Windows Live™ ID Web Authentication 1.0 software development kit (SDK) gives you...

There's an updated version of the Anti-XSS (cross-site scripting) library that I blogged about a while back. Check it out here: http://msdn2.microsoft.com/en-us/security/aa973814.aspx

It only covers a six-month snapshot, but the conclusions run counter to popular wisdom: http://www.internetnews.com/security/article.php/3667201

Looking for developer security info? Check out the Patterns & Practices Security WIKI on Channel 9 .

Join us for the next FAQ Fridays devBrainPick event tomorrow at noon eastern time, when we'll have special guest Randy Hayes joining us to discuss Least Privilege and software development. Randy Hayes is the President of the Central Maryland Association...

From my friends at NoVaSQL : Everyone, The Northern Virginia SQL Server Users Group ( www.novasql.com ) is announcing its next session for 2006 to benefit IT Professionals (DBAs, Developers, Admins, etc.) in the Northern Virginia, Washington...

Help them stay safe ...

More importantly, who is that accessing your site? Want to find out more easily? Check out the new MSDN Identity and Access Management developer center .

I've been somewhat lax in my postings on least privilege of late, in part because I've been pretty pleased with what I've been seeing in Windows Vista for low privilege, which we call the User Access Control (UAC) feature. UAC allows you to run as either...

Are you responsible for managing or planning how your organization will deal with regulatory compliance with things like SOx, HIPAA, or other regulations? You might want to check out the Regulatory Compliance Planning Guide .