Funnily enough WSS 3 was already out when I last posted (gee, has it been that long!)... you can download it here. XNA Game Studio Express also went GA, which is pretty cool... I hope to find some time to mess with that.
In other news I've installed Vista (x64) courtesy of a new MSDN subscription, however after the initial build I must admit I still haven't used it much... there's just something I don't like about it, that I can't put my finger on. Maybe is was the wierdness around configuring networks, or just the general unfamiliarity with a lot of the new services... I dunno, they just seem superfluous. If it wasn't for C# and Half Life 2, I don't think I'd use Windows at all really... wonder how much Microsoft is paying Valve to stop them from releasing a Linux client / Linux version of Source ;-)
Anyways, have a merry xmas!
Sunday, December 24, 2006
Tuesday, November 28, 2006
VM security - new threats on the horizon...
Here's a VERY interesting read from the legendary Ed Skoudis and Tom Liston, about some recent observations in attack code. Basically, code is surfacing that detects whether the machine is 'real' or virtual. The authors offer an explanation to the effect of "attackers perceive that a lot of honeypots are running as VM's, therefore their code doesn't execute on VM's in an effort to avoid detection".
Of course, VMware marketing are already trying to put a "VM's are more secure than physical boxes" spin on it, but really they are doing themselves more harm than good... I can only assume they didn't see the last few slides that demonstrate the isolation of VM's is somewhat questionable (I'm sure you'll agree when you see them). VM isolation is something VMware has aggressively defended in the past... I remember a whitepaper they released not so long ago in response to someone who was questioning storage isolation. That person clearly had no idea how VMware actually works, unlike Liston & Skoudis.
Of course, VMware marketing are already trying to put a "VM's are more secure than physical boxes" spin on it, but really they are doing themselves more harm than good... I can only assume they didn't see the last few slides that demonstrate the isolation of VM's is somewhat questionable (I'm sure you'll agree when you see them). VM isolation is something VMware has aggressively defended in the past... I remember a whitepaper they released not so long ago in response to someone who was questioning storage isolation. That person clearly had no idea how VMware actually works, unlike Liston & Skoudis.
Microsoft Patterns & Practices Security How Tos...
Here's a bunch of very handy articles from the Patterns and Practices group at Microsoft... they will go a long way towards helping infrastructure engineers work with application developers to ensure secure application architecture and deployment.
I don't know how many arguments I've had with developers who had no idea about what they were actually proposing to deploy from an infrastructure security standpoint (much worse than the usual 'must run with admin' demands), I'll be sure to point them at this link when relevant in the future!
I don't know how many arguments I've had with developers who had no idea about what they were actually proposing to deploy from an infrastructure security standpoint (much worse than the usual 'must run with admin' demands), I'll be sure to point them at this link when relevant in the future!
Saturday, November 25, 2006
Let the gIntegration begin!
I'm sure this option wasn't there last time I posted... looks like the integration of Google products is finally getting momentum!
New Microsoft releases coming thick and fast...
The final WAIK has been released, get it here. I know a ton of people have been waiting for that... finally Windows PE 2.0 is available for the masses.
I'm still holding out for WSS 3.0 though. I was hoping they would have released it when Office 2007 was RTM'ed, but I guess we'll be waiting for the GA of 2003 SP2. Although from reports about the quality of the 2003 SP2 RC, I guess I could probably use whatever is in that!
I'm still holding out for WSS 3.0 though. I was hoping they would have released it when Office 2007 was RTM'ed, but I guess we'll be waiting for the GA of 2003 SP2. Although from reports about the quality of the 2003 SP2 RC, I guess I could probably use whatever is in that!
Subscribe to:
Posts (Atom)