In 2009 Peleus Uhley (of Adobe) and I gave a chat about RIA security at Microsoft's Bluehat security conference. I neglected to post a link, so here it is now, a year-and-a-half late. We've released Silverlight 4 since then, but same ideas and attacks...

Aaron Oneal on Silverlight's restricted port ranges for sockets. http://blogs.msdn.com/b/ncl/archive/2009/06/23/why-does-silverlight-have-a-restricted-port-range-for-sockets.aspx Note that a Silverlight trusted app is allowed to make connections...

I just came across the eicar AV test files today: http://www.eicar.org/anti_virus_test_file.htm . Looks like a safe way to test and see if your antivirus software really works!

My esteemed collegue, Nick Kramer , has published a Silverlight Security Overview paper: http://download.microsoft.com/download/A/1/A/A1A80A28-907C-4C6A-8036-782E3792A408/Silverlight%20Security%20Overview.docx Enjoy!

As with similar browser plug-ins, Silverlight applications are not allowed to communicate with 3rd-party domains by default. That is, an app loaded from http://fabrikam.com cannot make web requests to http://contoso.com . Contoso can declaratively enable...

I've subconciously been avoiding using windbg because it seems to load DLLs so much more slowly than cdb. I could never quite figure it out. Until today. WinDBG has been loading symbols for all those DLLs automatically, which I kinda figured, but didn...

Eric Lawrence tackles the often-misunderstood details of the "deny-read" part of the same-origin policy: http://blogs.msdn.com/ieinternals/archive/2009/08/28/Explaining-Same-Origin-Policy-Part-1-Deny-Read.aspx I've never heard it called "deny-read...

I recently had the experience of taking a home-grown app I've been writing and using for a while, and having other people start using it. Sure, of course it has some rough edges. But the people I work with are smart, they'll figure a way around it, right...

http://www.inc.com/magazine/20090901/joel-spolsky-setting-the-right-priorities.html Joel talks about some of the lessons he learned while starting Fog Creek and getting CityDesk off the ground. The moral of the story is: quality matters. FogCreek...

Why doesn't my XAP load on a cross-domain page? Probably because you're not setting the mime-type of the XAP to "application/x-silverlight-app". What's the point of this restriction? Well, we found during the development of Silverlight 2 that threats...

http://blackhat.com/html/bh-usa-09/bh-usa-09-archives.html I'm watching the Dowd presentation on how browser components attack each other, looks like good stuff.

Why not... http://ocw.mit.edu/OcwWeb/Electrical-Engineering-and-Computer-Science/6-189January--IAP--2007/CourseHome/index.htm

I listened to this week's "Hanselminutes" last night, to hear him interveriew Michael Feathers (author of Working Effectively with Legacy Code ). He shared some interesting patterns he had come across when dealing with legacy code. One was called the...

http://www.greatmanagement.org/articles/520/1/What-Great-Managers-Do/Page1.html: The "Analyzer" -- Emphasizes preparation. Learning occurs before performance. Picks apart tasks into their compontents. Good at planning The "Doer" -- Learning occurs *during...

Internet Explorer 8 has a new feature called "loosely-coupled IE" (LCIE).  IE introduces some process isolation between tabs to improve reliability.  Now if one tab crashes, it won't bring down all the other tabs.  (as I understand it, there isn't necessarily...

I'm embarassed that I've only recently stumbled across Microsoft's "Security Reserach & Defense" blog: http://blogs.technet.com/srd/ It has some great information for what kinds of fixes are being shipped in updates and why. For example, this post...

CodingHorror announces the beta release of "server fault": http://www.codinghorror.com/blog/archives/001269.html The only answer I got right was Mark Russinovich, but according to Jeff that's enough to pass. I've been lurking on StackOverflow for a...

Batch scripting for fun and profit? I need to get a value in an xml file from a batch script. I could use cscript, or maybe grab or write an exe to parse it out for me. But sometimes it's more fun to try and do it in the batch script. In this case...

http://www.microsoft.com/downloads/details.aspx?FamilyID=7cef15a8-8ae6-48eb-9621-ee35c2547773&displaylang=en