InvalidCastException after applying MS14-009

Note that in some situations after applying security bulletin MS14-009, your application that uses .NET and COM interop may experience an InvalidCastException. If so you could be running into the issue described here – HTH Doug

Web browser fails to connect to some SSL/HTTPS web sites

Following the publication of Microsoft Security Advisory (2661254) last week, clients that have applied the appropriate update may find they have trouble connecting to certain web sites that are using an HTTPS connection (SSL). This can happen if the server is using a certificate with an RSA key length of less than 1024 bits. For…

Fascinating read about the battle against Rustock

This Special Intelligence Report about the taking down of the Rustock Botnet makes for very interesting reading. Maybe they could make a film of it? Doug


Web server security and health tools

A couple of interesting tools for examining and keeping track of server configuration, particularly from the point of view of security: Web Application Configuration Analyzer v2.0 (not just for security, 2003/2008/2008R2) Attach Surface Analyzer Beta (not just for web servers, Vista/2008 and above) HTH Doug

Good news for web security

Having spent many hours trying to remove scare-ware products from the systems of various friends and family over the years I was very pleased to read that the FBI have broken at least one major crime ring responsible for it. If you are faced with dealing with a compromised machine, a couple of tools that…

New word of the day (for me): Malvertising

I’d not heard this before: Malvertising. I wonder how many new words with a longevity of 10 or more years get invented each day/month/year?

Install of Microsoft Security Essentials v2.0 may hang

Microsoft recently released v2.0 of Microsoft Security Essentials  (MSE) which is a great, free anti-virus solution for Windows. I recommend it all the time to my friends and family. Unfortunately I ran into a little issue with it not installing correctly on one of my home machines running Windows 7. The first time I let…

Anti-malware software on Windows Servers

From time to time in my support job I come across customers having problems, sometimes strange ones, that turns out in the end to be due to anti-malware software of some kind or another. By its nature anti-malware software has to be quite invasive if it is going to do things like checking resident files…

MS10-070 – Important ASP.NET security bulletin and update available

On Tuesday we released a very important security bulletin and update for ASP.NET. If you are responsible for an ASP.NET web server please take the time to review the information and act accordingly. I’m not going to try and regurgitate the detail here but here are some key links: Bulletin MS10-070 ScottGu blog ASP.NET…