Homomorphic Encryption 101

In this article from his blog, Premier Developer consultant Razi Rais covers some of the basics of a powerful security & privacy tool – homomorphic encryption. I was recently exploring methods for improved privacy using various encryption schemes and stumbled upon Homomorphic Encryption that has a huge potential  in that area. I do feel that…


How to create a self-signed SAN certificate, wildcard certificate vs SAN

I have some domain names that I use for testing out Azure features, write some blogs and other fun stuff.  I find myself needing, wanting to use HTTPS and using the instructions I wrote some time ago, see below, to create the certificate is long and tedious.  I had an epiphany which lead me to…


Configuring disk and file encryption

In Skill 1.1 from Exam Ref 70-744 Securing Windows Server 2016, learn about whole-disk and file encryption in Windows Server 2016.


Unified Service Desk 3.1.0 is Released

Continuing towards our goal towards a high performance, more reliable and secure Unified Service Desk, we have released the latest version 3.1.0. (https://go.microsoft.com/fwlink/p/?linkid=862012) Unified Service Desk version 3.1.0 has enhancements primarily focused on aligning with the latest security enhancements in Dynamics CRM online version 9.0. The highlights of this release are 1. TLS 1.2 support:…


Using Azure API Management to prevent Denial of Wallet attacks

While it would be high near impossible to DDoS a solution running on a serverless platform (scaling would just continue to handle all the requests it needed to), somebody still has to pay for the execution. Most (good) serverless implementations use what is often called “micro-billing” whereby you are billed only for each *actual execution* of your code. But, if we think of this nefariously and I send a few thousand requests/second to your endpoints guess what happens. Yup, one hefty bill. This has become known as a Denial of Wallet attack.


How to delete a VNET from the Azure portal

After writing this article here “Create a VNET and access an Azure VM hosted within it from an App Services Web App” I wanted to then remove the resources because I was using them for testing and not for a real production, money generating project.  I also wrote this article here “Create and deploy an…


Understand more about Office.js, it’s add-in runtime environment and Internet Explorer protected mode!!

In addition to the earlier blog post, you can refer the following: – Microsoft Office addins using the Apps for Office platform are designed to run in isolation, using a low rights sandbox. – Several features, such as the task pane view, use web views provided using Internet Explorer APIs.  – To ensure these components…


Failed to save Auth settings Easy Auth Azure Authentication

When I tried to configure a a URL into the ALLOWED EXTERNAL REDIRECT URLS text box, as shown in Figure 1, I received the following error. The initial thought was that because the domain I was trying to add was a multi-subdomain format like:  public.admin.contoso.com that for some reason wasn’t liking that. What I figured…


The WCF Service, the Load Balancer and the Transport Security

Looking at the title of this post it looks almost that I will be talking about a remake of some “Western Spaghetti” of the old days, but no, rest assure, that is not the case the topic is something much more dangerous. Lets talk about WCF Services, Load Balancers and Security stuff, scary talk, right?…


The Inherent Insecurity of Data Science

Data Science attempts to derive meaning from data. There are a lot of techniques, processes and tools you can use to do that – I cover those in this blog site. But Data Science is insecure – by default. And that’s a real problem. In a solution involving a Relational Database Management (RDBMS) system, you’ll…