Via here, I found Dave, where I found a Vista-oriented feed aggregation:
http://www.vistablogs.com UPDATE – it seems that VistaBlogs is no longer what it says it is…it’s for sale. Too bad.
Dave’s also here, here, and here.
Technorati Tags: Vista, dwc1972, blackhatspider
Event Overview
Windows Vista provides the most secure and reliable operating system ever that will have a positive impact on developers. Come along and see how Windows CardSpace provides federated identity management. We will also show you how to build applications that take advantage of User Access Account Control and best practices for building least-privilege applications. If you are interested in developing on Windows Vista then this session is essential for you.
When
06 March 2007 18:30 – 21:20
Welcome Time: 18:00
Where
Microsoft Edinburgh
127 George Street
Edinburgh EH2 4JN
United Kingdom
Sign-up and an agenda can be found here:
https://msevents.microsoft.com/cui/EventDetail.aspx?culture=en-GB&eventid=1032326093
There’s a similar event in Glasgow on 03 April 2007, more details can be found here.
Technorati Tags: security, Vista, Edinburgh, Martin Parry, DPE
Event Overview
In this session, we will discuss many of the innovative design philosophies and development strategies involved in making Windows Vista the most secure Windows operating system to date. One way that this security has been achieved is through service hardening. This means that most services run with low privilege to minimize resource access. Vista introduces several user-level security features within the Windows interface as well as additional enhancements to Internet Explorer including anti-spyware and anti-phishing capabilities. The Windows Firewall has also undergone significant improvements, including enhanced UI functionality, inbound and outbound filtering, filtering by application, and full support for IPv6. We’ll also talk about some of the other security enhancements available in Windows Vista, such as BitLocker, data protection, and improved smartcard support.
When
03 April 2007 09:45 – 12:30
Welcome Time: 09:00
Where
Strathclyde University
Collins Building
22 Richmond Street Glasgow G1 1XQ
United Kingdom
Sign-up and further information can be found here:
https://msevents.microsoft.com/cui/EventDetail.aspx?EventID=1032327539&Culture=en-GB
A similar event is being held in Edinburgh on the 06 March 2007 in the evening, more details here.
Technorati Tags: security, Vista, Glasgow, Strathclyde, Stephen Lamb, DPE
Hot on the heels of 2.1 and 2.0.7, wordpress.org announces the release of 2.1.1 and 2.0.9.
Technorati Tags: WordPress, WordPress 2.1.1
BCS Edinburgh: Transportation Planning and Modelling Software
Wednesday 21st February 2007, 6:30 pm
Speaker: Pete Sykes, SIAS Limited
Venue: The Royal Scots Club Hepburn Suite, 30 Abercromby Place, Edinburgh EH3 6QE.
This talk is free of charge and no reservation is required. Non members are most welcome. Refreshments available from 6:10 pm.
Synopsis
Transport planning and modelling software has been undergoing a quiet revolution over the last few years. The underlying methodology has moved from the analogy of a smooth river of metal flowing down the road to simulation of individual vehicles in a road network all interacting with each other as they try to get to their destination. Micro-simulation software can now model these interactions in large areas with thousands of vehicles.
Hardware in the loop simulation can also be used to bring in the effect of Urban Traffic Control systems software.
The modeller’s goal is to build and calibrate a model of the current road network and the activity on it. Then this is used to test proposed changes such as urban traffic management schemes or the addition of new traffic through industrial or domestic developments. The model can also be used to evaluate efforts to try to extract more capacity from the road network through active management and Intelligent Transport Systems.
This talk will cover what does micro-simulation do, how does it do it, what is it used for and how do you get answers out if it.
About the Speaker
Pete Sykes was the first programmer on an early version of S-Paramics in 1986. Since then he worked on large networked virtual reality training systems and network monitoring and management before returning to SIAS in 1998 to once again take over development of S-Paramics. He is now Micro-simulation Marketing and Development Director.
Technorati Tags: BCS, BCS Edinburgh, Transportation, Planning, Modelling, Pete Sykes, S-Paramics, Micro-simulation, SIAS, urban traffic control, simulation
Speaker: James O’Neill, Microsoft
BCS Aberdeen Branch Meeting, 6pm for 6.30pm RGU, St Andrews Street, Aberdeen
Free of charge, but please register in advance by email.
Further information: http://aberdeen.bcs.org/VistaMeeting.pdf
Technorati Tags: Community, Vista, James O’Neill, BCS, Aberdeen
Agile Washes Whiter
Wednesday 28th February 2007, 6:30 pm
Speaker: Brian Swan, Exoftware
Venue: The Royal Scots Club Hepburn Suite, 30 Abercromby Place, Edinburgh
EH3 6QE
“Agile” is quickly becoming the hot buzz-phrase in many organisations but Agile is simply an umbrella term for a number of specific development methods including; eXtreme Programming (XP), SCRUM, Feature Driven Development, DSDM and Crystal. What does it mean to “Be Agile”?
This talk will compare a number of the Agile methods and identify some common strategies and pitfalls when adopting an Agile method.
Booking required – please register here: www.exoftware.com/events/47
More details: http://www.edinburgh.bcs.org/events/070228.htm
Technorati Tags: BCS, Agile, Scrum, Brian Swan, exoftware, FDD, DSDM, Crystal
I am pleased to see that the chaps over at the NxtGenUG are having their first developer festival.
It’s early days, but the speaker line-up promises to be super (you should expect nothing less of the chaps at NxtGenUG!) The session abstracts are taking shape too!
Here’s what the chaps have to say:
The NxtGenUG boys are pleased to announce their very first One-Day Event. We’re not calling it a conference, as we want it to be more than that! We want it to be a day to remember, and another annual highlight for the UK Developer Community.
It’s called NxtGenUG Fest 07 and the initial details are at http://www.nxtgenug.net/fest07. The event will take place at Microsoft UK Headquarters at Thames Valley Park (TVP) on Wednesday 23rd May 2007 and starts at 0900. Food will be provided and we want everybody to go home with a decent amount of quality ‘swag’.
The day has a theme: “Into the future …”. We start the day looking at current technologies such as Vista, then we move into the ‘Orcas’ time-frame, then to 12 months hence or so, probably taking a look at dynamic languages and then really moving out into ‘who knows’ with a session from Microsoft Research. There will be a keynote, with an appearance from UK DPE manager Kevin McDaniel and words from the NxtGenUG crew and finally the day will finish with a new ‘Game Show’ style session courtesy of NxtGenUG featuring an awful lot of ‘swag’!
We’re absolutely chuffed to bits to announce that the ‘headline’ speaker is top TechEd speaker Rafal Lukawiecki and we will also be joined by Daniel Moth and Mike Taulty (perhaps) of the UK DPE and also by Lorna Brown from Microsoft Research. We have one more speaker to announce too, which we hope to do next week.
At lunchtime there will be ‘Grok’ talks presented by NxtGenUG members, on a variety of subjects to be announced.
This event is FREE to all fully paid-up NxtGenUG members and a mere £54.99 for non-members until 1 March 2007, check out the URL for more details. Numbers are strictly limited (we know … everybody says that … but we really mean it this time – 230 tops!) so register early is our advice!
Technorati Tags: NxtGenUG, Fest07, UK Community, community, developer events, Rafal Lukawiecki, Lorna Brown, Daniel Moth, Mike Taulty
Scottish Developers are pleased to announce a full-day security-oriented event to be held in Edinburgh on the 12th of April 2007
You’ve taken the courses, you’ve scoured the Internet, you’ve attended many presentations, but alas, you still have many unanswered questions about website security.
Scottish Developers have secured the support of two consultants from Charteris plc, a respected IT and Managemant Consultancy and Microsoft Gold Partner. Barry Dorrans and Chris Seary are security specialists who regularly speak on subjects relating to the securing of web applications.
Come along on the 12th April for a full day of presentations and demonstrations surrounding the real world implications of the most common .NET web techologies: learn about the best practices, issues, gotchas, etc.
Bring along your questions and problems to gain assistance in finding solutions.
AGENDA
08:45 Registration
09:00 Hacking websites for fun and profit
10:30 Break
11:00 Securing applications and communications in ASP.NET
12:30 Lunch
13:30 Code Access Security – in-depth explanation and design pattern for web applications
15:00 Break
15:15 Securing Web Services with WS-*
16:45 Break
17:00 Managing Identity using Windows Cardspace
18:30 Close
– These are rough timings. Some session may end earlier or run later. We aim to shape the day around people’s need, not a time schedule!
Hacking websites for fun and profit
Presented by Barry Dorrans
How safe are your web sites?
Do you know what cross site scripting is?
SQL injection attacks?
Search engine leaks?
Learn how to check your sites for nasties by seeing how it’s done against badly written code and what you can do to secure your sites.
Securing applications and communications in ASP.NET
Presented by Barry Dorrans
This session aims to provide you with recipes to secure your asp.net application architecture, be they internet, extranet or intranet exposed. Covering authentication and authorisation strategies, identity management, securing communications, secrets, viewstate and more the session will discuss common best practices for secure architecture of ASP.NET applications.
Code Access Security – in-depth explanation and design pattern for web applications
Presented by Chris Seary
Chris has implemented CAS in several secure enterprise scale web applications. This talk will explain how CAS works, and also give details of a design pattern for implementing CAS in web applications.
We start by showing a web site being hacked, and then alter the application to stop the hacker while preserving the full functionality of the web site. We also look at OneClick and how it uses Partial Trust.
Securing Web Services with WS-*
Presented by Chris Seary
Why use WS-Security – surely IPSEc and SSL will secure our site?
Actually, WS-* specifications provide functionality that network protocols do not.
We look at what WS-Security can add to web service security, and go through a good deal of sample code (which will be available to download).
This presentation covers both WSE and WCF. We also look into WS-Federation, and how it is to authenticate users from different domains.
Managing Identity using Windows Cardspace
Presented by Barry Dorrans
Windows CardSpace is a framework developed by Microsoft which securely stores digital identities of a person, and provides a unified interface for choosing the identity for a particular transaction, such as logging in to a website.
This talk will cover the identity metasystem, how CardSpace works and how you can use within it ASP.NET.
BIOGRAPHIES
Barry Dorrans has spent 15 years cutting code, starting with mainframes, through DOS, Visual C and MFC before finally ending up on the .NET platform. His experience has ranged from banking systems to Europe’s largest streaming network. He now mentors developers through .NET migrations and Expert Witness services with Charteris plc (http://www.charteris.com).
Chris Seary has been awarded the Most Valued Professional (MVP) award by Microsoft for his contributions to the field of application security. He has been securing large scale applications for several years, including the Australian Taxation Office’s mid-range systems, which make up the world’s largest .Net application. He regularly speaks on security, and has had articles published in journals and on MSDN.
DATE
Thursday 12th April 2007, 9:00am – 6:30pm.
Registration begins at 8:45am.
VENUE
Microsoft Edinburgh,
127 George Street,
Edinburgh
EH2 4JN
LUNCH
Approximately one hour will be set for lunch and a place can be pre-booked at a local restaurant.
Please let us know if you have any special dietary requirements.
Lunch is NOT included in the price for this event.
REGISTRATION
Please send an email to john@scottishdevelopers.com indicating you’d like to register. We’ll then complete the registration and book you a place.
Technorati Tags: security, CAS, Code Access Security, Barry Dorrans, Chris Seary, WS-Security, IPSec, SSL, Hacking, ASP.NET security, Charteris, web service security, ScottishDevelopers, community, Scottish Developers, UK Community
I’m pleased to see that the BarCamp initiative has reached Scotland!
BarCamp is an ad-hoc gathering born from the desire for people to share and learn in an open environment. It is an intense event with discussions, demos, and interaction from attendees.
Saturday 3 March 2007, 2pm-6pm (flexible), APPLETON TOWER – Concourse, School of Informatics, University of Edinburgh
Further information can be found here:
http://barcamp.org/BarCampScotland
Technorati Tags: BarCamp, BarCamp Scotland, Scotland
We are pleased to announce the date for the next DeveloperDeveloperDeveloper! event.
The planned date is: 30th of June 2007
More details to follow, but if you’d like to speak at DDD5, now is the time to start thinking about your session(s) and/or GrokTalks – we’re hoping to open the Call For Speakers on the 24th of March.
Watch this feed (other feeds are available!) for more important date announcements!
Technorati Tags: DDD, DDD4, DDD5, DeveloperDeveloperDeveloper
I attended a BCS event in Dundee last night. The speaker was Guidance Software‘s Russell May, he was discussing and demonstrating EnCase. Russell’s presentation style was very good, a few slides and plenty of demonstrations.
EnCase is a rather powerful tool that provides access to the file systems of Windows, Linux, AIX, OS X, Solaris – or to be more precise: FAT12/16/32, NTFS, EXT2/3 (Linux), Reiser (Linux), UFS (Sun Solaris), AIX Journaling File System (JFS and jfs) LVM8, FFS (OpenBSD, NetBSD and FreeBSD), Palm, HFS, HFS+ (Macintosh), CDFS, ISO 9660, UDF, DVD, ad TiVo® 1, TiVo 2, VMware, Microsoft Virtual PC, DD and SafeBack v2 image formats. All this from a single unified interface. It’s a product that is intended to work with “ïmages” rather than live hard drives, which makes perfect sense from an evidence preservation perspective.
Speaking of evidence preservation, Russell showed us a handful of photographs from real live “busts”. He stressed the importance of photographing “the scene”, particularly if you are seizing computer equipment that will be used as evidence. The photographs allow you to recreate the scene very quickly, wiring and all. Also worth photographing is the inside of the computer. Folks tend to hide all sorts of interesting stuff inside their PC’s base unit…Russell has found secondary unconnected hard drives, money and drugs!
Russell brought along a handful of Word documents that contained some text and images. There were documents that looked fairly normal to the untrained eye, i.e. some regular text and some benign images. However, looking at the file size, it is perhaps obvious that we were not being shown the big picture [sic]. Indeed, one of the documents had one large image sitting on top of 4 slightly smaller images. Another document appeared to contain nothing more than a short paragraph of text – in reality, an embedded Picture Object had its width and height set to 0…all we could see were the overlapping grab handles (which looked remarkably like a full-stop!)
Further examples saw Russell restore deleted partitions, identify numerous files with the incorrect extension (e.g. .VXD instead of .JPG), discover DOS batch files (.BAT) that convert between file extensions. We were even able to see how EnCase dealt with Alternate Data Streams (ADS). One thing that we didn’t see was how EnCase handled encrypted drives (using, for example, Private Disk, BitLocker, etc.)
I was pleased to see Russell push home the fact that the Format command doesn’t actually wipe out anything. The Format command actually performs a number of reads (typically three) and a verify. Any sectors that fail this read-verify test are marked as bad sectors and are thus ignored. In a nutshell, using FDisk and/or Format isn’t enough to stop a tool like EnCase or even a disk sector editor (such as this one by Acronis).
My key “take away” was the fact that EnCase and all other software-based forensic tools struggle with files that have been securely deleted using such tools as Eraser, SDelete or CCleaner. These tools offer a variety of secure delete options, including 1-pass, 3-pass US DoD 5220.22-M (8-306/E), 7-pass US DoD 5220.22-M (8-306/E, C and E) and 35-pass (Gutmann). The importance of this fact cannot be under-estimated – if you plan to dispose of your PC, it’s important to clear it out such that the next owner cannot recover your personal data, The BBC reports tales of woe from folks who didn’t clear out their hard drives here, here and here.
Personally, I use Eraser and CCleaner – both have a clean Windows user interface, Eraser even integrates with the Shell so that it appears when you right-click on a file or folder. If you are using CCleaner, the secure deletion options are secreted away here:
…and if you’re using Eraser, the Edit -> Preferences -> Erasing (Control-E) menu option leads to this screen:
Related Links
EnCase (and here)
Secure File Deletion – Eraser, SDelete, CCleaner
Alternate Data Streams
Gutmann’s algorithm – Secure Deletion of Data from Magnetic and Solid-State Memory (here also)
Encrypted Disks – Private Disk, BitLocker
If you found this information useful, please consider donating via PayPal!
Technorati Tags: EnCase, Digital Forensics, Guidance Software, Bitlocker, Private Disk, evidence, preservation, Eraser, secure file deletion, Gutmann, Acronis, DiskEditor, disk sector editor, SDelete, CCleaner