 |
| |
| |
|
| |
|
| |
| |
Security:
Security Enhancements in the .NET Framework 2.0
Security support in the .NET Framework got a lot of love in version
2.0. Here, Keith Brown takes you on a whirlwind tour of the goodies
you'll find there. (Jan 24, Technical article) |
| |
Just
Released: SAML STS for WSE 3.0 QuickStart
Learn how to broker a trust relationship across organizational boundaries
using Security Token Service (STS) issuing Security Assertion Markup
Language (SAML) tokens.This deliverable includes a QuickStart sample
application and associated documentation. (Jan
23, Announcement) |
| |
Security
Briefs: Encrypting Without Secrets
Encryption turns big secrets into smaller secrets called keys. But
there's still a key somewhere. If you encrypt your secret data, you'll
need to separate the key from the data to keep them safe. Keith Brown
shows how. (Dec 15, Technical article) |
| |
Web
Service Security Guidance
Provides architectural, design, and implementation guidance for Web
service security by using Web Services Enhancements (WSE) 3.0. Includes
scenarios, patterns, decision matrices, and QuickStarts to help you
make the most appropriate security decisions. (Dec
13, Headline) |
| |
| |
|
| |
 |
Welcome to the Microsoft
Security Developer Center. Here, you'll find the
information and links related to Security for developers. |
|
| |
| Spot the Bug with
Rick Samona |
| |
| Can you spot the bug in
the code sample below? Add a comment with your answer. |
 |
| Spot
the Bug - March 13, 2006 |
| |
| It seems like more and more
developers are making security mistakes when dealing with
sockets. See if you can Spot the Bug. |
| |
void Socket_Setup(void)
{
WORD wVersionRequested;
WSADATA
wsaData;
wVersionRequested = MAKEWORD(
2, 2 );
::WSAStartup(wVersionRequested,
&wsaData);
SOCKET sTCPServer
= ::socket(AF_INET, SOCK_STREAM, 0);
struct
sockaddr_in saTCPServAddr;
saTCPServAddr.sin_family
= AF_INET;
saTCPServAddr.sin_addr.S_un.S_addr
= ::htonl(INADDR_ANY);
saTCPServAddr.sin_port
= ::htons(5678);
int len = sizeof(saTCPServAddr);
int iFail =::bind(sTCPServer, (struct
sockaddr*)&saTCPServAddr, len);
DWORD
dwErr;
if(0 != iFail)
{
dwErr = ::WSAGetLastError();
printf("\n\t Error occured.\n");
return;
}
iFail = ::listen(sTCPServer, 2);
struct sockaddr_in saClient;
int
iClsize = sizeof(saClient);
SOCKET sClient
= ::accept(sTCPServer, (struct sockaddr*)&saClient
,&iClsize);
char
strData[1024];
::recv(sClient, strData,
1024, 0);
printf("\n\nRealServer--Data
from client --- %s ---", strData);
::shutdown(sTCPServer,
SD_BOTH);
::WSACleanup();
return;
} |
| |
| Posted on Mon, 13 Mar
2006 18:00:00 GMT Comments
(3) |
| |
 |
| |
See the answer
to the last posting.
Spot the Bug is created for MSDN by Foundstone. |
| |
|
| |
| Community Resources |
| |
|
| |
|
|
| |
| Latest Security
Bulletins |
| |
| Get information about the
latest Microsoft security bulletins at the Microsoft
Security Bulletin Search page. |
|
MS06-010:
Vulnerability in PowerPoint 2000 Could Allow Information
Disclosure (889167)
Bulletin Severity Rating:Critical - This update resolves
a newly-discovered, privately-reported vulnerability.
The vulnerability is documented in the "Vulnerability
Details" section of this bulletin. An attacker who
successfully exploited this vulnerability could remotely
attempt to access objects in the Temporary Internet Files
Folder (TIFF) explicitly by name. Note that this vulnerability
would not allow an attacker to execute code or to elevate
their user rights directly, but it could be used to produce
useful information that could be used to try to further
compromise the affected system. We recommend that customers
apply the update at the earliest opportunity.
Posted
on Tue, 14 Feb 2006 00:00:00 GMT Comments (0) |
| |
|
| |
MS06-009:
Vulnerability in the Korean Input Method Editor Could
Allow Elevation of Privilege (901190)
Bulletin Severity Rating:Critical - This update resolves
a newly-discovered, privately-reported vulnerability.
The vulnerability is documented in the "Vulnerability
Details" section of this bulletin.An attacker who
successfully exploited this vulnerability could take complete
control of an
Posted on Tue, 14 Feb 2006 00:00:00
GMT Comments (0) |
| |
|
| |
MS06-008:
Vulnerability in Web Client Service Could Allow Remote
Code Execution (911927)
Bulletin Severity Rating:Critical - This update resolves
a newly-discovered, privately-reported vulnerability.
An attacker who successfully exploited this vulnerability
could take complete control of an affected system. An
attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest
opportunity.
Posted on Tue, 14 Feb 2006 00:00:00
GMT Comments (0) |
| |
|
| |
|
| |
| Articles and Information |
| |
|
| |
|
| |
|
|
| |
| |
| |
|
|
| |
| |
 |
 |
 |
|
|
Essential
Information |
|
|
|
|
|
| Top Downloads |
|
|
|
|
|
| Microsoft Security Sites |
|
|
|
| |
|
|
