in

Utah .NET User Group

Home of Utah's professional .NET developers.

Scott Golightly's Blog

August 2008 - Posts

  • Good Sites with Bad Content

    I have been getting more phishing e-mail lately that points me to "bad" files on what would normally be "good" sites. Last week I got a message that pointed to index1.htm on a site. Index.htm was the valid home page and appeared to be the personal site for a young lady in Brazil. I couldn't read the page but it didn't look malicious. When I went to the index1.htm page it had a flash application that would tell me that I needed to download a new viewer to view a news article.

    The message today pointed me to a web site for a doctor. The link went directly to a .exe file in the URL so I knew better than to click on it. The interesting thing about this message is that I supposedly got an e-card from "a friend". At the bottom of the message was a link to www.greetingcard.org which has a section for an "Email Scam Alert!" on the lower right of its home page. You would think that the phishers would not put in clues that their e-mail is bogus right in the e-mail. Then again, maybe I should be thankful that they are not better as it would be harder to figure out which e-mails are legitimate and which ones I can blog about.

    Posted Aug 26 2008, 08:02 PM by Scott Golightly's Blog
    Filed under:

  • Reset Password Link as a Security Threat

    I read the article at http://redtape.msnbc.com/2008/08/almost-everyone.html about the "Forgot your password" link to reset your password as being a possible attack vector. I think they discussed the security issue quite well and also pointed out that there are no reports that this method has been used widely to attack accounts. I know that in all the time that I have had a Hotmail account I have twice gotten e-mails about a password reset that I didn't initiate. The first time I ignored the e-mail until I got a reminder about 10 days later that it was about to expire, the second time I immediately clicked on the link stating I hadn't started the password reset. I also went and changed my password just in case someone had compromised my account.

    The article has some good advice about not using obvious answers to the reset questions. I think this might be one case where my generation has a lot more latitude in choosing a non-obvious answer. While my birth date and mother's maiden name might be easy to find on the Internet, when I was a teenager there was no blogging so I would assume outside of the people that I went to school with and a few close family members nobody would know the name of my first girlfriend. It might be easy for a hacker to guess the answer to that question but hopefully it would take them a few tries and the back end systems would be alerted well before they guessed the correct answer.

    Another tactic that I have used is to pick an "obvious" question but then give it a false answer. As was pointed out in a recent issue of the RISKS digest, they aren't validating the answer, just that you can type in the same value twice. I use the name of my pet as a question but rarely if ever use Max which was the name of my dog but instead make up other "names". The best are a semi random set of number and letters that aren't even a name so if someone is running a dictionary attack of the most common pet names your answer will not be in the dictionary.

    To help me not forget the password in the first place, or to remember the answer if I need to I can always look at my Password Minder file. The thing I like is it will automatically generate random passwords for me and has a notes area where I can write down my secret question and answer. The data (both passwords and comments) is encrypted on the disk so I feel pretty safe about it not being stolen from me.

    Posted Aug 26 2008, 03:16 PM by Scott Golightly's Blog
    Filed under:

  • PDC Early Bird Discount Extended

    I got an e-mail stating that the PDC 2008 early bird registration deadline had been extended to Monday, September 8. That means that you still have time to save on registration. Here is a snippet of the body of the e-mail with more details on the Professional Developers Conference.

    Get Your Head above the Clouds at PDC2008

    Have you ever attended a Microsoft Professional Developers Conference? It’s an event so packed with great information and new technology, attendees claim their brains start sending back “out of memory” error messages. That’s what happens when a torrent of peer-to-peer geekology throttles your cerebral cortex.

    At PDC2008, you can engage your senses and discover what’s new with Cloud Services, Live Mesh, Windows 7®, multi-core development, the Dynamic Language Runtime, and F#. There’s also much more, but we want to save a few surprises.

    Oh, and here’s a little bonus for you: when you register before September 8th, you’ll save $200 USD. Sweet!

    Let’s break it down:

    · PDC2008 is the place to hear about the future of Microsoft’s platform. You’ll hear from the actual engineers that architect and build our technologies, and they’ll blow your mind with everything they have to reveal.

    · And what about the UnSessions, better known as Open Space? It’s our conference-within-a-conference for attendees…Microsoft folks need not apply. You can also spend time in our Hands-On Labs, which is like a big sandbox for geeks like us.

    · Use your Jedi mind tricks to convince your boss to let you sign up for one of 10 super deep pre-con sessions, presented by industry experts and Microsoft technology leaders.

    · Hear Ray Ozzie and other executives (don’t worry, they used to write code too) share their perspectives on the future of technology and computing. We call them keynotes, and you can expect some big news.

    So, if you value your brain, we’d love to see you at PDC2008. Let us help you get your head above the clouds!

    Register (http://www.microsoftpdc.com/Registration/) for PDC2008 by September 8th at (www.microsoftpdc.com) to save $200!

    PDC2008 Dates and Location

    WHEN:
    October 27-30, 2008
    Pre-cons October 26, 2008

    WHERE:
    Los Angeles Convention Center (http://www.lacclink.com/), Los Angeles, CA

    REGISTER NOW( http://www.microsoftpdc.com/Registration/)

    Posted Aug 22 2008, 04:11 PM by Scott Golightly's Blog
    Filed under:

  • Get a Word Cloud at Wordle.net

    I ran across an application at http://wordle.net that will allow you to paste in a bunch of text, the URL to a RSS or ATOM feed, or a del.icio.us user name and it will read the text, remove common words, and then create a word cloud. I created one for my blog.

     

    The most surprising part of this word cloud to me is that the largest words don't necessarily match with the tags that I have defined. I think I will have to rethink my tagging system to make sure that content is easy to find.

    Posted Aug 20 2008, 09:45 PM by Scott Golightly's Blog
    Filed under:

  • August UCNUG Meeting

    Join us on Wednesday, August 20 for our monthly meeting. The meeting will start at 6:00 at the NuSkin NOC located at 1175 S 350 E, Provo. Our topic will be continuous integration and the speaker will be Craig Berntson. Here are some more details on the meeting:

    Continuous Integration with .Net
    Continuous Integration is a development practice where code changes are continuously checked in to source control and then automatically checked out, built, and tested. Whether you are a one person shop or have many developers, by using Continuous Integration, you will improve the quality of your software and increase your productivity.

    This session will show you how to use Continuous Integration in your daily development by integrating several free tools. Attendees will learn:
    - How to implement Continuous Integration methodology into the development process
    - How to automate code check out and the build
    - How to automate unit testing, code standards checking, documenting, and other needs
    - How to report the results of all the automation to the development team

    Craig Berntson a Microsoft Certified Solution Developer and has been a Microsoft MVP for over 10 years. He wrote the book “CrysDev: A Developer’s Guide to Integrating Crystal Reports”, available from Hentzenwerke Publishing. He has also written for FoxTalk and the Visual FoxPro User Group (VFUG) newsletter. He has spoken at various developer events in North America and Europe. Currently, Craig develops hospital software for a Fortune 100 company in Salt Lake City.

    Posted Aug 19 2008, 04:11 AM by Scott Golightly's Blog
    Filed under:

  • PDC Plans Coming Together - Register Soon

    Microsoft has been busy planning for PDC. Some important things that you may need to know.

    1. The early bird discount ended yesterday so if you were counting on that to persuade your boss you need to come up with some other justification. The registration link is http://www.microsoftpdc.com/Registration/

    2. Microsoft has been posting additional sessions. You can check out the agenda at http://www.microsoftpdc.com/Agenda/

    3. If you can't get your boss to pay for your trip and conference fee don't despair. You may still be able to get a chance to go to L.A. through one of the several contests running on the PDC site. Check out the different contests and the prizes at http://www.microsoftpdc.com/Social/Contests.aspx

    Posted Aug 16 2008, 11:05 PM by Scott Golightly's Blog
    Filed under:

  • I'm Back Blogging Again

    It has been almost a month since I posted last. Part of it has been that I have been busy but the biggest part was that the computer that I was hosting my blog on decided to die. I am still not 100% sure what the problem is but the machine would only boot about 1 in 4 times and then would tell me that it couldn't find a core Windows Server file. After spending a couple of days trying to fix the problem I decided that now is the time to upgrade the hardware (I had been contemplating it for a while). I ordered the hardware but between shipping problems and my travel schedule I didn't have a lot of time to work on the new machine. Unfortunately remote access doesn't help me add memory or hard drives to a case. I got a new machine with dual processors, mirrored system disks, and 4 GB RAM. I also got to upgrade to the latest version of dasBlog.

    I installed Windows Server 2008 with Hyper-V and have started setting up virtual machines for things like my domain controller, this web server, etc. That will hopefully allow me to not have another month long crash and even if something that is not redundant in the machine dies I can start up the virtual machines that I really need on another machine to get it up and running quickly. I will also have the ability to create virtual machines to check out new technologies.

    While I was down a lot of interesting things happened but the one that sticks out most in my mind is the Release To Manufacturing (RTM) of SQL Server 2008 last week. I am looking forward to learning more in the months and years ahead.

    Posted Aug 11 2008, 10:12 PM by Scott Golightly's Blog
    Filed under:
Copyright © 2000-2007, Utah .NET User Group
Powered by Community Server (Commercial Edition), by Telligent Systems