Monthly Archives: April 2007

Microsoft Silverlight Streaming – Home

Wow - more good news in the wake of the announcement that SilverLight was “born”.

On the SilverLight Live site you can get 4GB of hosting space for free – so if you want to try your hand in SilverLight head on over and start tapping those keys.

Cheers and happy coding!!! 

Link to Microsoft Silverlight Streaming – Home

Microsoft for Partner Roadshow Plus: Coming soon to a city near you!

Here’s some great news for the Perth MSFT Partners – the roadshow is here. 5 more sleeps and it’s rock and roll.

I’d suggest you hurry up and register if you haven’t already!!!


Dear Partner,

The Microsoft for Partner Roadshow Plus kicks off in Perth in just six days! If you haven’t already registered for one of the cities on the Roadshow tour, then make sure you register today.

A Microsoft for Partner Roadshow Premiere

For the very first time, Microsoft Australia is introducing interactive and instructor-led technical training sessions at the Microsoft for Partner Roadshow. So, in addition to the valuable business update and product roadmap information you will get at no charge, you can also choose to attend two of the very affordable technical training sessions.

For just $129 per person, you get six hours of hands-on lab training, delivered by Microsoft Technical Specialists. At this price, you can’t afford NOT to miss it!

Secure your spot and register today!

Don’t forget: Partner Briefings in Hobart and Darwin

The Partner Briefing sessions have been designed exclusively for our Partners in Hobart and Darwin, and will provide the latest product updates, complimentary technical training, and the opportunity to chat with the Microsoft team and experts.

Register for the Partner Briefing session today!

Kind regards,
The Microsoft Australia Partner Team

Please note: The Microsoft for Partner Roadshow Plus Registration Web site takes credit card only, so make sure you have your credit card details handy.

MVPS HOSTS File update [04-30-07]

Blocking Unwanted Parasites with a Hosts File (135 kb) (563 kb)
Note: the “text” version makes a good reference for determining possible

How To: Download and Extract the HOSTS file

HOSTS File – Frequently Asked Questions

Sign up for HOSTS file update notices

Visit the Hosts News blog

News: Web is dangerous

VoIP is scary, if you rememeber. Now, there’s something else that is scary: WWW, the World-Wide Web. And thanks to Tim O’Reilly and his invention of Web 2.0, it’s scarier than ever.

As in: there’s much more to FUD about. Here’s a perfect example: Web 2.0 Threats and Risks for Financial Services (by Shreeraj Shah). It’s full of dung, as pretty much any other FUD. But being targeted at the financial industry (people with your money) it excels at that. Let’s analyse:

The financial industry estimates that 95% of information exists in non-RSS formats and could become a key strategic advantage if it can be converted into RSS format.

RSS is just a way of delivering dynamic content (not quite a format), and not much of financial information really can use RSS. Market news (think of Reuters and Bloomberg services) and that is pretty much all. And the model is simple: authenticate and deliver content securely. RSS has no security implications here. And where the figure of 95% came from?

Ajax, Flash (RIA) and Web Services deployment is critical for Web 2.0 applications. Financial services are putting these technologies in place; most without adequate threat assessment exercises.

Of all corporations, financial industry is one of the most conservative. Every technology that is used undergoes rigorous assessment. And adequate (to the organisation’s risk management and regulatory requirements) security is one of the top priorities there. The process of the evaluation may not be the most efficient, but that’s a different issue – nothing to do with Web. Besides, Flash belongs more to entertainment industry: it’s neither critical nor required by financial institutions for business-critical applications.

In the last few months, several cross-site scripting attacks have been observed, where malicious JavaScript code from a particular Web site gets executed on the victim’s browser thereby compromising information on the victim’s system. Poorly written Ajax routines can be exploited in financial systems. Ajax uses DOM manipulation and JavaScript to leverage a browser’s interface. It is possible to exploit document.write and eval() calls to execute malicious code in the current browser context. This can lead to identity theft by compromising cookies. Browser session exploitation is becoming popular with worms and viruses too. Infected sessions in financial services can be a major threat. The attacker is only required to craft a malicious link to coax unsuspecting users to visit a certain page from their Web browsers. This vulnerability existed in traditional applications as well but AJAX has added a new dimension to it.

AJAX doesn’t add any new dimension to the XSS attacks: both the attack techniques and the ways to prevent cross-site scripting haven’t changed.

One of the key elements of Web 2.0 application is its flexibility to talk with several data sources from a single application or page. This is a great feature but from a security perspective, it can be deadly.

And may be not. The decision to use multiple data sources is driven by functional requirements. And it can be well-secured.

Web 2.0 based financial applications use Ajax routines to do a lot of work on the client-side, such as client-side validation for data types, content-checking, date fields, etc. Normally client-side checks must be backed up by server-side checks as well. Most developers fail to do so; their reasoning being the assumption that validation is taken care of in Ajax routines.

At this point, an example is necessary. Abstract applications and developers aren’t good enough. In the past couple of years the developers actually have learnt server-side data validation and more often use it than not. And the risk is of stupid developer, not of AJAX – if anything, AJAX is raising the bar for developers.

Web Services are picking up in the financial services sector and are becoming part of trading and banking applications. Service-oriented architecture is a key component of Web 2.0 applications. WSDL (Web Services Definition Language) is an interface to Web services. This file provides sensitive information about technologies, exposed methods, invocation patterns, etc. that can aid in defining exploitation methods. Unnecessary functions or methods kept open can spell potential disaster for Web services. Web Services must follow WS-security standards to counter the threat of information leakage from the WSDL file. WSDL enumeration helps attacker to build an exploit. Web Services WSDL file access to unauthorized users can lead to private data access.

Mr. Shah seriously suggests that security though obscurity is essential. That’s rubbish.

A lot more analysis needs to be done before financial applications can be integrated with their core businesses using Web 2.0.

If we need analysis, that must be nothing like Mr. Shah’s.

MIX 07 & Ray Ozzie

Si eres como yo y no pudiste ir a Las Vegas y asistir a Mix puedes ve el Keynote de Ray Ozzie (Microsoft CSA) en:


También puedes ver toda la otra información relacionada a Mix en:

XNA Pong from SnowJoy

Snowjoy has released his First XNA Endeavour “XPong”, included in the post is the Binaries, Source, and Creators Package for the project.

In this project SnowJoy makes a complete game package, including menus, game states and different input functions (Game Pad, Keyboard and the WiiRemote). One of the features that I like is the Clock, when the system is on one of the menus the system will display the time in the background. It does this by having the hours as one sides score and the minutes as the other.

Well worth the Download.

Cross Post from

Bear Gulch in FSX

My good friend and fellow FS developer Bill Womack has posted new images of his fourth-coming update of Bear Gulch scenery that will accompany the RealAir Simulations Scout FSX package.  The images are courtesy of the talented screen shot "grabber" Nick Churchill.  The images look great, so be sure to have a look!

While checking those out, be sure to take a look at Bill’s post introducing Dillingham Field in Hawaii – simply stunning!

SimHQ celebrating 10 years

SimHQ, a site that covers the entire spectrum of simulation software from air, land, & sea combat, and driving genres, is celebrating ten years of community service starting this week.  One of their contributors, John "Spoons" Sponauer, has written a nice commentary called "Ten years of SimHQ" telling his perspective of those ten years.  He includes a couple of screens showing how the site has changed over time (and he mentions that the site is due for a redesign this year).

On each Monday from now until the end of the year, they will present what they call SimHQ DejaNews.  I’m sure it will bring back many memories of yesteryear in the world of simulation.  This week, they talk about a review done on Jane’s F-15, MiG Alley previews, and news related to Rendition and VooDoo2 video cards – boy, those were the days!!  Be sure to check it out before the day is over!

XNA SimpleGUI update

It was only yesterday when I introduced Cryovat’s Blog and SimpleGUI Project, now for the second day we have another update and some more information on the project. Hopefully we will also get a sample this week.

Cross Post from

WSUS 3.0 verfuegbar

Was lange währt, wird meistens gut…oder?

Seit heute (30.04.2007) sind die Microsoft Windows Server Update Services 3.0 nach langer Betaphase verfĂĽgbar. Erfreulicherweise stehen auf der Downloadseite sowohl eine 64-Bit- als auch eine 32-Bit-Version bereit. Ebenfalls stehen einige Whitepaper und HowTo’s zur VerfĂĽgung.

Bitte wie immer unbedingt vor der Installation in einer produktiven Umgebung Release Notes etc sorgfältig lesen und testen, testen, testen…

Viele GrĂĽĂźe

Dieter Rauscher
MVP ISA Server

Recent Comments