|
|
|
June 2006 - Security Briefs
-
I just got back from vacation and plugged my laptop back into my home network. I don't have a server at home; I just use simple netbios broadcast name resolution, but suddenly I couldn't resolve my laptop's name anymore. I've posted about this problem...
-
I get back from vacation and I find this . Talk about violating Kim 's first law of identity (user control and consent)... From Schneier : AT&T Rewrites its Privacy Policy AT&T has a new privacy policy , and if you are its customer you have no...
-
This quote, attributed to Whitfield Diffie , pretty much sums up this post: “A secret that is hard to change is a vulnerability.“ I've been thinking about this a lot lately as I see more and more systems that violate this rule. Take strong...
-
At my WCF Security talk at TechEd, I showed an example of a WCF service that accepts IssuedToken credentials (effectively a SAML token issued by a security token service). The easiest way to demo this today is using Windows CardSpace (or WCS, formerly...
-
I've got a separate hard drive that's mounted into my directory system using disk manager (if you've never done this, it's a cool way to avoid dealing with drive letters - you just mount a drive into a folder like “c:\data” like you would...
-
Fun show, as usual. I didn't attend the keynote, and was glad after I heard the reports - apparently it was very IT Pro focused - not a lot for devs, although I hear the 24 theme was entertaining at times. Fritz , Aaron and I had plenty of time on Monday...
-
From Soma : WinFx is now officially called, “.NET Framework 3.0“, and InfoCard is now called Windows CardSpace (WCS). Just in time for TechEd - see you all there!
-
The WCF team asked me to give a talk on security in WCF at TechEd 2006 (details below). Stop by and say hello if you're there, or better yet, sit in on the talk! Bring your business cards; we're going to be giving away a boatload of T-Shirts out in the...
-
A lot of the early documentation on InfoCard focused attention on certificates with logotypes (RFC 3709). The idea here is to move toward a more visual way for humans to recognize certificates. The InfoCard identity selector relies on these logos to help...
-
This week I had the pleasure of delivering a security workshop for VeriSign.* This had to have been the most rowdy group I'd ever taught; it was fun hanging out with them in the evenings. On the last day of class, one of the students gave me a demo of...
-
It must be fun to be a paid hacker. These guys got hired by a credit union for a security assessment, which often includes social engineering attacks. They scattered Trojan-laden USB keys around the premisis early in the morning before the employees came...
-
I'm proud to announce the launch of the Identity and Access Management developer center on MSDN , where you'll find a hub of information for building identity-aware applications. For people who are new to the topic, you'll find my new whitepaper helpful...
-
I've got the latest beta bits from late May up and running, and I've *almost* got the NotepadService InfoCard sample from my column fixed up to work with the new bits (the February CTP broke InfoCard pretty hard; sorry folks). Once I get it in good working...
|
|
|
|
|
|