January 29, 2008
MSDN Ignite Security Conference - My "Thinking like a Hacker" slidedeck
So it's been fun today. I have been a speaker at the Ignite MSDN Virtual Security Conference presenting to a few hundred developers interested in secure software development. I presented on how to "Think like a Hacker", where I discuss the views, motives and processes an adversary may use to attack your applications. For those that asked, you can download a copy of my slidedeck here.
I have to apologize for a few of the pauses during my presentation. We are having a snow storm and the heat in the building has went out. I had people walk into my office with portable heaters and they disturbed my thoughts and flow, and I had to stop to let them plug in in the heaters so I could warm up. (I could almost see my breath)
No matter though. All is good. Thanks to Microsoft for inviting me to come speak, and to all of you that came out to listen!
January 17, 2008
Stop it! Can we stop with everyone being OpenID providers, and start being more consumers?
So everyone is a buzz that Yahoo announced that it is now joining the OpenID craze. At the end of the month you will be able to visit openid.yahoo.com and set your Yahoo account to sign into other sites that support OpenID.
Sounds great. Anyone tried to use their OpenID from a different IdP to get into Yahoo? Ya, not so easy. Nor will it be expected too. How about AOL? Or Google? They all are fine being the IdP... but no one wants to trust the IdP I want to trust.
This is the problem with OpenID. Everyone wants to be the provider of the identity. No one wishes to consume it and trust someone else. Well, except for the smart guys over at 37Signals that use their OpenBar for single sign on.
We need more consumers.... not more providers. I talked about this back in 2006. Until we get more consumers going, OpenID will be on the cusp of being a geek thing.
And before I get nasty emails that will be routed to /dev/null.... numbers DO lie. Just because there are now going to be millions of OpenIDs thanks to AOL and Yahoo accounts means dick if they can't be used at each other's sites. Talk to me when I can use my favored IdP to log into both my Yahoo and Google accounts.
January 14, 2008
Know of an inexpensive ASP.NET module that can collect SCORM results from Camtasia?
If any of you out there know of a really inexpensive ASP.NET module that will collect quiz results via SCORM, can you please drop me a line at firstname.lastname@example.org? I want to be able to collect the quiz results from Camtasia Studio output for use in some content where we want to measure the retention rate with small quizzes.
I really don't want to buy an LMS just to do this. If you know of any solutions, please let me know. Thanks!
Find your bandwidth in Vista really slow? Here is a simple hack for you.
So, since the beginning of beta testing on Vista I have always found the new TCP stack to be overly hyped, and rarely with the performance you would expect.
Charlie and I have always hacked the registry to turn off autotuning, TCP Chimney and Receive-side scaling. Recently I had 3 employees within a matter of minutes come up to me complaining that their bandwidth sucked, which was actually affecting customers as they were getting dropped from our online chat support system. Not good.
So I mucked with netsh and remotely tuned their NICs. The result was quickly seen. They went from 700Kbit download speeds to 18Mbit. Yes that's right. It makes that much of a difference.
To be fair, Vista SP1 has this cleaned up pretty well now, but if you are like my employees and are freaking out and can't wait, start a cmd window as an administrator (* see below) ... and type this magic in:
netsh interface tcp set global autotuning=disabled
Do that and then run another speed test. You will probably find it works REALLY well. Well, except to other Windows Server 2008 systems, where the stack really comes into play.
If you are unsure if you have the settings on or off, you can run:
netsh interface tcp show global
Of course, if you need to turn it back on, you can do this by typing:
netsh interface tcp set global autotuning=normal
*NOTE: To start a cmd window as an Administrator click on the Start orb on the bottom left and type "cmd" in the Search field, but do NOT hit enter. Right click on the cmd window icon and select "Run as Administrator".
UPDATE: Thanks to Lawerence and Bruce for correcting the syntax for re-enabling it
January 09, 2008
The Lone Server Story
I got a chuckle off of the Lone Windows Server 2003 story. Check it out.
More info here.
RSA restructuring within EMC causes layoffs. Are you one of the employees affected? Then read this!
Recently EWeek pointed out that RSA reported that they would be laying off up to 1,250 people globally in their research and sales teams as part of the EMC restructuring.
I don't normally talk about business on my personal blog, but this seemed like an opportune time to point out that all is not lost. Sometimes when one door closes, another opens. If you are a driven sales associate of RSA with a proven track record in Canada, the United States, or Australia you might want to check out the career opportunity posted up on the Scorpion Software corporate blog.
Come join our dynamic and exciting team focusing on delivering strong authentication and identity assurance solutions to small businesses. We are a lean, mean fighting machine that has a lot of growth potential. You know who we are; we are the team that builds AuthAnvil. You guys are visiting our site every day. :-)
January 01, 2008
Awarded with the Windows Security MVP designation for another year!
Happy New Years everyone!
Looking back in the last year it's been really fun. I have spoken in the community from Microsoft's campus in Redmond all the way to their campus in Sydney Australia. I have keynoted at a few conferences and even helped work on the technical track at SMB Nation. I have been a subject matter expert in many areas of new products that aren't even public yet at Microsoft, and have been able to make a real difference in the direction of critical components in Microsoft product.
I have found critical vulnerabilities and stupid bugs, and was able to expand my circle of influence with new friends with brilliant minds in the security field. Many thanks to everyone who I have been able to engage with during this trek. I look forward to seeing many of you at the next MVP Summit!!!
And above all, many thanks to my close friends in the MVP community. For as much as I give back to the community, I learn even more from my peers. And I thank you for that.