BufferOverrun: Brian Johnson: Security

Calling 911

Tue, 05 Feb 2008 14:52:48 GMT

OK, on the way to taking the kids to school today, I'm waiting in the right turn lane. I'm about 4 or 5 cars back from the light and there's a woman on the corner waiting to cross the street. I'm talking with the kids and I look back up and she's gone. I just thought oh, oh. A few seconds later, got up the the corner where one of the cars ahead of me had hit the woman. She was down on the ground, but conscious.

At least three cars drove around an accident scene where a woman is down on the ground. When I got up there I jumped out of the car and ran to the driver. I asked him if he had called 911 and he said no. I asked the woman about her injuries and I dialed 911 on my cell phone.

While I was talking to the 911 operator, two off duty Orange County Fire Rescue workers showed up and were taking care of the scene.

I have two points to this post. I'm just a little bit irritated that at least three cars pulled around this accident with no thought of what could be happening. (It was very clear that a woman was hit by a car.) Second, when there's an accident with injuries you have to call 911. The pedestrian wasn't visibly injured, but she couldn't get up and she was shaking badly. Shock can kill a person and so you need to get rescue workers on the scene as quickly as possible. Luckily we had the two off duty rescue workers show up on the scene very quickly.

Calling 911 isn't hard at all and it could save somebody's life. It's easy, you just dial 911. If you're on a cell phone, it doesn't matter what city your in, the call gets routed to the local 911 operator. Be ready with an address if you can figure it out, but don't let not having all the information slow you down. Just call. The operators will walk you through everything.

Technorati Tags: 911,Rescue,Emergency

Windows XP Security Guide

Tue, 25 Oct 2005 21:42:15 GMT

Tony Bailey dropped me a note to let me know that the Windows XP Security Guide has been updated. Check out the download details page for more information.

Quote

Windows XP Security Guide
The Windows XP Security Guide provides several levels of security guidance for customers who are interested in hardening deployments of Windows XP for desktop and laptop clients in their environments.

Here's some additional information from the download page:

This guide is primarily intended for consultants, security specialists, systems architects, and IT planners who plan application or infrastructure development and the deployment of Windows XP workstations in an enterprise environment. It is not intended for home users, but for individuals whose job roles include the following:

Systems architects and planners who are responsible for driving the architecture efforts for the workstations in their organizations.
IT security specialists who are focused purely on providing security across platforms within an organization.
Business analysts and business decision makers (BDMs) who have critical business objectives and requirements that need IT desktop or laptop support.
Consultants from both Microsoft Services and partners who need knowledge-transfer tools for enterprise customers and partners.

October Security Bulletins

Tue, 11 Oct 2005 18:15:29 GMT

Microsoft put out a number of security bulletins today. Three of these are marked critical, so please take a minute to look over the bulletin and run Windows Update. You can send friends and family here.

Microsoft Security Bulletin Summary for October, 2005

Download details: ILMerge

Mon, 10 Oct 2005 05:20:43 GMT

I see ILMerge is available from the download center. Here's a link to download with a little context.

Quote

Download details: ILMerge
ILMerge is a utility that can be used to merge multiple .NET assemblies into a single assembly. ILMerge takes a set of input assemblies and merges them into one target assembly. The first assembly in the list of input assemblies is the primary assembly. When the primary assembly is an executable, then the target assembly is created as an executable with the same entry point as the primary assembly. Also, if the primary assembly has a strong name, and a .snk file is provided, then the target assembly is re-signed with the specified key so that it also has a strong name.

Keith Brown & Fritz Onion: Guidelines to ASP.NET Security

Thu, 06 Oct 2005 22:09:30 GMT

Keith Brown and Fritz Onion are giving a Webcast on ASP.NET Security. Tune in Friday, October 07, 2005 at 1:00 PM (GMT-08:00) Pacific Time . Dont miss it:

Quote

MSDN Webcast: patterns & practices Guidelines to ASP.NET Security
Microsoft patterns & practices provide task-oriented guidance to help you improve security for your Microsoft ASP.NET 2.0 applications. This webcast discusses the patterns & practices approach to security engineering and provides an overview of the different guidance modules. You will learn where to find prereleased and released guidance and view a demonstration of the security guidance available in an ASP.NET 2.0 application.
Presenter: Keith Brown, Partner, Pluralsight & Fritz Onion, Partner, Pluralsight

Microsoft Learning Paths for Security

Tue, 04 Oct 2005 02:52:59 GMT

TechNet has put together an awesome page of guidance for anybody interested in security. I'll headline these on MSDN as soon as I can, but I wanted to get the link up on the site right away. Check it out here:

Microsoft Learning Paths Home
Use these Learning Paths to find a range of Microsoft training references and resources on security threats and appropriate countermeasures. Learning resources are organized by level (from basic to expert) and provide information on the planning, prevention, detection, and response phases of security implementation.

PDC 2005 Security Symposium

Wed, 07 Sep 2005 20:11:19 GMT

Today we posted a page with information about the PDC 2005 Security Symposium (Friday, September 16th at the PDC). This is a great opportunity to hear some of the top security people from Microsoft discuss security issues. Here's the link to the page:

Security Developer Center: PDC 2005 Security Symposium
Want to learn more about what it takes to build security into each phase of software development? Come hear some insider tips and best practices from Microsoft and industry developers that are doing just that – building security into the software development process using the Microsoft Security Development Lifecycle (SDL) as their model. The SDL is a process that Microsoft implemented to provide customers with high quality software that is meticulously engineered and rigorously tested to help withstand malicious attack.

I'll update that page with addional resources as they come available. For now, be sure to review the page and read the SDL Document as prep for the symposium. If you're not going to the PDC, stay tuned and I'll try to get as much information about these topics as I can added to the page.

Windows Server 2003 R2 RC 0

Tue, 06 Sep 2005 19:47:11 GMT

Windows Server 2003 R2 RC 0 is available for download. You can get more information here:

Windows Server 2003 R2 Release Candidate 0
Try Windows Server 2003 R2 RC0 today and extend your connectivity and control to data and applications throughout and beyond your organization.

This page contains links to information about new features, a reviewer's guide, a FAQ, and a product overview. There's additional infomation available on the TechNet Windows Server 2003 R2 Beta Roadmap page.

This is the introduction from the Product Overview page:

Windows Server 2003 R2 is an update release of the award-winning Windows Server 2003 operating system. Built on Windows Server 2003 with Service Pack 1 (SP1), Windows Server 2003 R2 takes advantage of the stability and security of a proven code base while extending connectivity and control into new areas. Windows Server 2003 R2 offers all the benefits of Windows Server 2003 SP1 while greatly improving branch office server solutions, identity and access management, storage setup and management, and application development inside and outside your organization's traditional boundaries. Windows Server 2003 R2 is easy to integrate into an existing Windows Server 2003 environment as it has the same application compatibility, manageability, and serviceability as the existing servers with SP1.

Understanding Security in IE 6

Tue, 06 Sep 2005 19:44:20 GMT

The IE team has published a new whitepaper describing IE 6 security. Get it here:

Understanding Security in Microsoft Internet Explorer 6 in Windows XP SP2
Web browser security is a major concern for individuals and organizations. Each time a new vulnerability is found, news headlines proclaim dire warnings. As a result of their importance, security issues dominate competitive browser analysis and discussions, overshadow debate about their respective features and functionality. As the market share leader in Web browser software, Internet Explorer (IE) is often the subject of media scrutiny. Since IE is so prevalent, it is an attractive target for hackers to attack, and has come to be considered, in some circles, insecure. This paper examines the real state of Web browser security and the correlation between a browsers vulnerability and its advanced functionality.

This paper isn't targeted at developers, but it gives a good overview of the security features in the browser.