Tuesday, September 23, 2003

BaseLine Security Analyzer

Just came across this tool called Microsoft BaseLine Security Analyzer which scans the PCs of choice (either the local system) or the PC that you are intending to scan on the network. Of course, you must have privileges to scan the destination PC.

It scans the systems for SQLServer, Windows Security Updates etc. It further analyzes Window User Manager and gives you hint whether the passwords are strong and number of administrators for the system etc.

http://www.microsoft.com/technet/security/tools/Tools/MBSAhome.asp?frame=true

This would be a handy tool to keep the system secure, since the Slammer and similar viruses used the blank and weak passwords of the SA account. Is'nt it? Perhaps a definite tool that must be with any system administrator or helpdesk personnel. Perhaps common users intending to keep their PCs secure, if they want to test and keep thier PCs secure and for them it is really a valuable tool.

Personal Time Manager

How much time you have said 'I forgot', to any of your schedules? How much time you have got delayed? Perhaps here is a simple tool to keep yourself reminded of your schedules right over your desktop.  That too, without nagging you of your schedules and to remind yourself in most friendly ways.

Check out:http://www.turbonote.com/ Perhaps it a is Free Program too. Also the website says you can also send the setup program to your friends etc. The website itself supports 'Mail It' functionality of the Setup Application. Perhaps a nice and elegant tool to keep yourself reminded of schedules.

[Imported from Blogdrive]Keep yourself Reminded Of Your Schedules

Personal Time ManagerHow much time you have said 'I forgot', to any of your schedules? How much time you have got delayed? Perhaps here is a simple tool to keep yourself reminded of your schedules right over your desktop.  That too, without nagging you of your schedules and to remind yourself in most friendly ways.

Check out:http://www.turbonote.com/

Perhaps it a is Free Program too. Also the website says you can also send the setup program to your friends etc. The website itself supports 'Mail It' functionality of the Setup Application.
Perhaps a nice and elegant tool to keep yourself reminded of schedules.<!--
bd_ad_type = 'inline';
bd_ad_id = '43949';
//-->

 


        Posted at 01:58 pm by Deepak Kumar Vasudevan
 

 

 

 

  Original BlogDrive Post on Tuesday, September 23, 2003

Friday, September 19, 2003

Protect yourself from W32.Swen.A@mm

A new virus/worm seems to be spreading W32.Swen.A@mm I just checked the Symantec URL and here are the details:

http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html

Perhaps SpamPal is a savior in these cases with its HtmlModify Plugin since all bad attachments are renamed as plain text files that only Notepad can open. The worm seems be bit powerful, since it also deactivates Network Firewalls from being functional, as the Symantec WebPage claims. While SpamPal cordons off one way for the worm spreading (the 70% communication medium), the worm also seems to spread via Network shares. Perhaps care should be taken in exercising logon attempts at remote workstations using logon credentials with administrative privileges like accessing network shares using administrative shares, since if the system used to access administrative share is infected, then the worm may drop a copy of the same onto the target subsystem. I am not sure whether the worm does this, so if you have a comment, why not update as a comment out here.

Monday, September 15, 2003

Making effective use of BITS Windows Service

Windows XP and its successors have a Windows Service called Background Intelligent Transfer Service, shortly known as BITS. The purpose of this Windows Service is to make use of idle network bandwidth for making large transfers, instead of clogging the network and processor time, during effective user interactive session.

I was quite interested in knowing how to use this Windows Service. This will be of significant use while deploying Windows Forms since we can configure the Windows Forms application to automatically updates its data files from a preconfigured datasource. I was just searching for some nice resource, as I mentioned in the start of this paragraph. And just came across this one:

http://www.microsoft.com/downloads/details.aspx?FamilyId=874CDE91-E95F-47DF-9C75-778F63A4F5CF&displaylang=en


This has complete sourcecode on making large chunks of data transfer using BITS Windows Service.  The following URL also gives a complete description of the sourcecode:

http://msdn.microsoft.com/library/en-us/dncodefun/html/code4fun02282003.asp?frame=true

Thank you Duncan Mackenzie, for the really informative article. I hope it would be really useful for Windows Forms developers worldwide. And many thanks to MSDN for a highlight of the same in WindowsForms.net, the definitive WindowsForms developers resource on the web.

Friday, September 12, 2003

Automated Builds in a typical .NET development

A typical .NET development involves regular builds taking latest versions from the respective SourceControl system. To ensure that each build is unique in itself and ensure cross verification of the same, when the build is made, a labelling of the same would be useful on the Source Control level. Perhaps this labelling concept is easy to describe and use as far as Microsoft Visual SourceSafe  is considered. 

Though there may be Build Managers in the Team, to assist in daily builds and sending reports to the team, it would be an effective way to have regular builds moved to an Automated Scheduled Task, so that the system itself would automatically take care of getting the latest versions of the files from the Source Control, make the build and generate appropriate reports. The advantage is that an automated tool ensures accuracy of the sequence of operations, as this would have gone through an exhaustive testing stage, removes monotony that is a bane with human interventions and operations.

Of late, I came across a nice automated BuildTool from MSDN. The tool is cute in almost all the aspects that you see. Some of the salient features of the same (from a core developer's perspective) are:
  1. The Tool comes with full Source Code in C#. It is quite well documented in each step of what it does, so that a starting developer also can learn to program and an advanced developer learns more advanced techniques in programming as well refines his programming practices.
  2. It does not reinvent the wheel in making the Build Operation:
    1. The files are automatically checked out by the program itself from Visual SourceSafe, a Label is Set in SourceSafe.
    2. The building is done via Visual Studio .NET itself by automating Visual Studio .NET. This way if you had set a previous Build Options in Visual Studio .NET Solution or the project file, they are reused.  Furthermore, from the developer's perspective, we learn about automating Visual Studio .NET programmatically.
    3. Application Logging is achieved via Microsoft Application Blocks for Exceptions. All exceptions are logged onto the System EventLog. So some more interesting Exception Handling strategy that we can learn and adopt in our programming practices.
Perhaps, you can try out the free BuildIT Tool from the following URL:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/tdlg_app.asp

In short, BuildIt is just not a Build Tool. It is a developer Guru for Beginners and advanced developers and also for Project and Technical Leads in giving them the exact picture of the daily build status.

Keeping mailbox SpamFree

The mailboxes getting swamped by junk messages these days is not an uncommon scene. We put our email addresses while registering or filling up the Contact Forms of so many websites. Spammers use more sophisticated email harvesting tools that catch these addresses, catalog them into database, perhaps regionwise, Countrywise etc and sell them on CDs too. Perhaps sometimes junk mails keep coming like 'Get CD of 1 Million Addresses'.

The email clients nowadays also come with MessageRules that aide us in filtering out unwanted mails. However, the amount of filtering capability is restricted to the Internet Headers and a limited set of previously stored details regarding the particular sender in question.  Fortunately, we have a few Internet Spam Prevention softwares too. The unfortunate thing is that not all are free and some are bulky and some are too tedious to configure.

Of late, I came across a free software called SpamPal, a free Spam Detection software from http://www.spampal.org.uk/ Once the software is installed, you need to configure your mailclient to connect to your mailserver through SpamPal. SpamPal acts similar to a POP-Proxy. As the message downloads, SpamPal activates its plugins one-by-one, making them to act on the mail, its internet headers and the body.

The address and its parent domain, routing IP addresses that the message was relayed through are all checked and verified against standard DNSBL servers. To protect against network getting clogged from multiple and redundant DNSBL queries, the DNSBL queries are remembered for a specified time, that is configurable from the SpamPal Control Panel Applet.

SpamPal also comes with a host of plugins that help in detecting Bad Attachments (.pif,.bat) and renaming them to .txt etc, BadWords Plugin (that detects bad and indecent words), WebBugs and prohibited JavaScript in messages.

If a message is certified as Spam, the subject of the message is branded as **SPAM** along with an Internet Message Header. Now a message rule in the mail client can be set to delete messages from server without downloading if the subject or Internet Message Header was classifed as **SPAM** as above.

Note:  I am just a normal user of SpamPal. I found SpamPal is really an excellent piece of software.  At the moment, SpamPal is free software and the licensing restrictions could be found from http://www.spampal.org.uk/  For support and help using SpamPal, what I have learnt from using, I can help you, if you would like to contact me. But you may instead check out SpamPal forums and Contact Pages from SpamPal website. However SpamPal comes with a more descriptive and a step-by-step user manual to keep your mailbox clean and spam-free.

Thursday, September 11, 2003

Dangers Lurking for Innocent Websites Due to Cross Site Scripting

Often this Cross Site Scripting has been talked during some site updates and been forgotten. Perhaps if you have installed .NET Framework 1.1, then Scripting and HTML tags via QueryStrings or HTML form tags are just stopped by the framework with the message similar to the following one:

A potentially dangerous Request.QueryString value was detected from the client (DocLinkUrl_Begin="javascript:window.opener...").

Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.


Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.QueryString value was detected from the client (DocLinkUrl_Begin="javascript:window.opener...").
Of course, the framework gives an option to enable the page being exempt from this HTTP Request Validations. But it is strongly recommended to have the framework validate your requests before they are being processed by our scripts. Is'nt it?


[Imported from Blogdrive]Perils of Cross Site Scripting

Dangers Lurking for Innocent Websites Due to Cross Site ScriptingOften this Cross Site Scripting has been talked during some site updates and been forgotten. Perhaps if you have installed .NET Framework 1.1, then Scripting and HTML tags via QueryStrings or HTML form tags are just stopped by the framework with the message similar to the following one:

 

A potentially dangerous Request.QueryString value was detected from the client (DocLinkUrl_Begin="javascript:window.opener..."). Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.
Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.QueryString value was detected from the client (DocLinkUrl_Begin="javascript:window.opener...").


Of course, the framework gives an option to enable the page being exempt from this HTTP Request Validations. But it is strongly recommended to have the framework validate your requests before they are being processed by our scripts. Is'nt it?

Related Links On Cross Site Scripting:

http://httpd.apache.org/info/css-security/
http://www.cert.org/advisories/CA-2000-02.html

Tuesday, September 09, 2003

Online Books @Vijay Mukhi's Technology Cornucopia

Just came across this website http://www.vijaymukhi.com/. Perhaps most of us know Vijay Mukhi, who has been the most popular author of Books on C++ etc. The site has really exhaustive collection of documentation and online tutorials on ASP.NET, ASP, VB.NET, C#, C# and MSIL. The website also covers J2EE topics like J2EE on Mobile etc.

Perhaps you can bookmark this site and visit it often as your reference.

The more elegant and cool feature of this website is the simple and easier to navigate Tree Navigation System, which facilitates quicker access to any of the pages, that we intend to reach.

I can also observe a couple of Sample Projects (with sourcecode).

A surestop reference to all sections of developers, whether J2EE or Microsoft Technology (start or advanced).

CodeReview -- Now along with Visual Studio .NET

A CodeReview Phase always is not that welcome step among developers. Most of us do not want to have faults to be found at us. Is'nt it? But there is a gentle way of indicating faults, so that we can take corrective actions and make our programs more user-friendly (developer-friendly). 

Check out the following URL for a friendly CodeReview Checklist that should be helpful, even from during the development stage. The website also gives a 30 day Trial Edition of the CodeReview AddIn, but not many of us can afford it, to be frank.

http://www.macadamian.com/codereview.htm

There are simple Compiler options that can also make us enforce some discipline like Compiling under 'Type 4 Warning Level'  and 'Treat Warnings As Errors'. A Warning is just not a warning. The dumb and innocent compiler is really helping us to smell something wrong or out of normal sequence. Hence it would be wiser, to have the warnings corrected too.

Perhaps these are simple and trivial things. But in fact, these simple steps go a long way in making programs robust @Runtime and developer-friendly, in future updates and maintenance.

Help Networks

Searching for manuals or help information? Perhaps the following site has lots of information on the same, under diversified category set.

http://www.geocities.com/crmail2000/

But if you want to know some technology and how it works, without delving into details, perhaps HowStuffWorks™  should be able to help you. Check out HowStuffWorks™ at:

The Definitive COM and ActiveX Reference

Are you searching for in-depth COM and ActiveX fundamentals references? Perhaps the following URL would be helpful to you:

http://www.opengroup.org/onlinepubs/009899899/


The pages are fast, since they don't have advertisements or shockwave or flash movies. It has quite indepth coverage. Perhaps while reading, it may be like reading the Control Systems Book, during the fifth Semester of Computer Science and Engineering degree course. Perhaps you can bookmark this URL and keep for your COM and ActiveX references.

Monday, September 08, 2003

Get Saved from Blaster Worm

Get Saved from Blaster Worm

The BlasterWorm that exploits certain API of DCOM in Windows seems to be very devastating. I can personally observe more than dozens of my close friends complaining of thier Windows systems being infected. I just made a small research on Blaster Worm and thought the following article would help in saving ourselves from the BlasterWorm menace. Check out this step-by-step link from Microsoft: What You Should Know About the Blaster Worm and Its Variants

I would suggest the following tools too, which are from the freeware (for personal/home use) domain, which can help you get saved from BlasterWorm menace.

Kerio Personal Firewall

Kerio Personal Firewall is quite easy to install and configure, according to what I have observed. Since it sits near the TCP layer, it catches almost all packets that sniffs in or tries to sneak out of Windows and barks at bad packets and warns the user that some packets are going crazy. The help pages are also very informative.

Perhaps at this juncture of random threats lurking in the cyberspace for a casual user, a Personal Firewall is mandatory to protect the PCs

In fact, I would also suggest, the following URL, which can help you to find out how protected your PCs are:

http://securityresponse.symantec.com/ (which checks your system and gives online reports to you to indicate how vulnerable you are to Online Threats).

Saturday, September 06, 2003

Crystal Reports under .NET

VB Developers should be more familiar in interacting with Crystal Reports right? Crystal Reports had been the choicest Reporting Tool for many enterprises worldwide. Starting VB.NET and C#, with its most feature-rich Windows Forms, Crystal Reports for .NET again, no doubt, becomes the choice of most enterprises. 

Here is a simple Tutorial URL, that helps a novice developer in Crystal Reports for .NET to walk through the same.

http://www.crystalreportsbook.com/

The pages are plain-vanilla and load almost fast, since there are'nt much graphics, flash or shockwave movies to slow down the pages. The language is pretty simple too.  Perhaps starting crystal reports developers would be benefitted by this tutorial.

[Imported from Blogdrive]Online Virus Scanners

Online Virus Scanners Virus Scanners are no longer difficult to install, tedious to configure. There are easy to use Online Virus Scanne...