Anti-Malware and Spyware help for home users

Working for Microsoft means that I become de facto technical support for my friends and family.  That should be the experiences of many folks in the computer industry.  When I introduce my job title as “senior security consultant” to friends and family, I get promoted to become technical and security support, and instantly I am…

1

HTTP Header Injection Vulnerabilities

HTTP Response Splitting was discovered several years ago.  It allows attackers to split a HTTP response into multiple ones by injecting malicious response HTTP headers.  This attack can deface web sites, poison cache and trigger cross-site scripting. Rather than splitting responses, I want to demo how to poison user cookies by using Response.Cookies as an attack…

1

Reset Outlook connections without restart

This is a well hidden trick in Outlook.   Not sure why this needs to be hidden.  You can open Connection Status window by holding CTRL + right-clicking on the Outlook system tray icon on the Task Bar.  I want to highlight a couple features: * Reset all connections by clicking on Reconnect.  It helps resolve some problems* Diagnose…

1

Silverlight security MSDN magazine article

I have submitted an article proposal to MSDN to write about Silverlight security with my buddy in Silverlight team.  If this proposal gets accepted, you will see the article on MSDN magazine soon.  Abstract: Silverlight is the latest cross-browser and cross-platform web application development technology offered by Microsoft.  It enables authoring of more dynamic and graphic web…

1

Just learned how to cross-post via MetaWeblog API

I work for ACE team, and want to cross-post from http://blogs.msdn.com/esiu to http://blogs.msdn.com/ace_team.  Community Server supports MetaWeblog API, but I am not able to figure out how to configure cross-posting.  After a few tries, I am able to cross-post now. Community Server asks for several things URL: http://blogs.msdn.com/blogs/metablog.ashx.  Don’t use http://blogs.msdn.com/<appkey>, and in my case,…

0

IE Developer Toolbar helps me hack

I was browsing IE blog articles to get research ideas.  I came across IE Developer Toolbar, and decided to play with it.  I was checking out different options, and it impressed me as a good web client developer tool, as it offers a breakdown of HTML elements, such as image dimension and structure validation.  Almost…

1