Monthly Archives: April 2007

MVPS HOSTS File update [04-30-07]

Blocking Unwanted Parasites with a Hosts File (135 kb) (563 kb)
Note: the “text” version makes a good reference for determining possible

How To: Download and Extract the HOSTS file

HOSTS File – Frequently Asked Questions

Sign up for HOSTS file update notices

Visit the Hosts News blog

News: Web is dangerous

VoIP is scary, if you rememeber. Now, there’s something else that is scary: WWW, the World-Wide Web. And thanks to Tim O’Reilly and his invention of Web 2.0, it’s scarier than ever.

As in: there’s much more to FUD about. Here’s a perfect example: Web 2.0 Threats and Risks for Financial Services (by Shreeraj Shah). It’s full of dung, as pretty much any other FUD. But being targeted at the financial industry (people with your money) it excels at that. Let’s analyse:

The financial industry estimates that 95% of information exists in non-RSS formats and could become a key strategic advantage if it can be converted into RSS format.

RSS is just a way of delivering dynamic content (not quite a format), and not much of financial information really can use RSS. Market news (think of Reuters and Bloomberg services) and that is pretty much all. And the model is simple: authenticate and deliver content securely. RSS has no security implications here. And where the figure of 95% came from?

Ajax, Flash (RIA) and Web Services deployment is critical for Web 2.0 applications. Financial services are putting these technologies in place; most without adequate threat assessment exercises.

Of all corporations, financial industry is one of the most conservative. Every technology that is used undergoes rigorous assessment. And adequate (to the organisation’s risk management and regulatory requirements) security is one of the top priorities there. The process of the evaluation may not be the most efficient, but that’s a different issue – nothing to do with Web. Besides, Flash belongs more to entertainment industry: it’s neither critical nor required by financial institutions for business-critical applications.

In the last few months, several cross-site scripting attacks have been observed, where malicious JavaScript code from a particular Web site gets executed on the victim’s browser thereby compromising information on the victim’s system. Poorly written Ajax routines can be exploited in financial systems. Ajax uses DOM manipulation and JavaScript to leverage a browser’s interface. It is possible to exploit document.write and eval() calls to execute malicious code in the current browser context. This can lead to identity theft by compromising cookies. Browser session exploitation is becoming popular with worms and viruses too. Infected sessions in financial services can be a major threat. The attacker is only required to craft a malicious link to coax unsuspecting users to visit a certain page from their Web browsers. This vulnerability existed in traditional applications as well but AJAX has added a new dimension to it.

AJAX doesn’t add any new dimension to the XSS attacks: both the attack techniques and the ways to prevent cross-site scripting haven’t changed.

One of the key elements of Web 2.0 application is its flexibility to talk with several data sources from a single application or page. This is a great feature but from a security perspective, it can be deadly.

And may be not. The decision to use multiple data sources is driven by functional requirements. And it can be well-secured.

Web 2.0 based financial applications use Ajax routines to do a lot of work on the client-side, such as client-side validation for data types, content-checking, date fields, etc. Normally client-side checks must be backed up by server-side checks as well. Most developers fail to do so; their reasoning being the assumption that validation is taken care of in Ajax routines.

At this point, an example is necessary. Abstract applications and developers aren’t good enough. In the past couple of years the developers actually have learnt server-side data validation and more often use it than not. And the risk is of stupid developer, not of AJAX – if anything, AJAX is raising the bar for developers.

Web Services are picking up in the financial services sector and are becoming part of trading and banking applications. Service-oriented architecture is a key component of Web 2.0 applications. WSDL (Web Services Definition Language) is an interface to Web services. This file provides sensitive information about technologies, exposed methods, invocation patterns, etc. that can aid in defining exploitation methods. Unnecessary functions or methods kept open can spell potential disaster for Web services. Web Services must follow WS-security standards to counter the threat of information leakage from the WSDL file. WSDL enumeration helps attacker to build an exploit. Web Services WSDL file access to unauthorized users can lead to private data access.

Mr. Shah seriously suggests that security though obscurity is essential. That’s rubbish.

A lot more analysis needs to be done before financial applications can be integrated with their core businesses using Web 2.0.

If we need analysis, that must be nothing like Mr. Shah’s.

MIX 07 & Ray Ozzie

Si eres como yo y no pudiste ir a Las Vegas y asistir a Mix puedes ve el Keynote de Ray Ozzie (Microsoft CSA) en:


También puedes ver toda la otra información relacionada a Mix en:

XNA Pong from SnowJoy

Snowjoy has released his First XNA Endeavour “XPong”, included in the post is the Binaries, Source, and Creators Package for the project.

In this project SnowJoy makes a complete game package, including menus, game states and different input functions (Game Pad, Keyboard and the WiiRemote). One of the features that I like is the Clock, when the system is on one of the menus the system will display the time in the background. It does this by having the hours as one sides score and the minutes as the other.

Well worth the Download.

Cross Post from

Bear Gulch in FSX

My good friend and fellow FS developer Bill Womack has posted new images of his fourth-coming update of Bear Gulch scenery that will accompany the RealAir Simulations Scout FSX package.  The images are courtesy of the talented screen shot "grabber" Nick Churchill.  The images look great, so be sure to have a look!

While checking those out, be sure to take a look at Bill’s post introducing Dillingham Field in Hawaii – simply stunning!

SimHQ celebrating 10 years

SimHQ, a site that covers the entire spectrum of simulation software from air, land, & sea combat, and driving genres, is celebrating ten years of community service starting this week.  One of their contributors, John "Spoons" Sponauer, has written a nice commentary called "Ten years of SimHQ" telling his perspective of those ten years.  He includes a couple of screens showing how the site has changed over time (and he mentions that the site is due for a redesign this year).

On each Monday from now until the end of the year, they will¬†present what they call SimHQ DejaNews.¬† I’m sure it will bring back many memories of yesteryear in the world of simulation.¬† This week, they talk about a review done on Jane’s F-15, MiG Alley previews, and news related to Rendition and VooDoo2 video cards – boy, those were the days!!¬† Be sure to check it out before the day is over!

XNA SimpleGUI update

It was only yesterday when I introduced Cryovat’s Blog and SimpleGUI Project, now for the second day we have another update and some more information on the project. Hopefully we will also get a sample this week.

Cross Post from

WSUS 3.0 verfuegbar

Was lange w√§hrt, wird meistens gut…oder?

Seit heute (30.04.2007) sind die Microsoft Windows Server Update Services 3.0 nach langer Betaphase verf√ľgbar. Erfreulicherweise stehen auf der Downloadseite sowohl eine 64-Bit- als auch eine 32-Bit-Version bereit. Ebenfalls stehen einige Whitepaper und HowTo’s zur Verf√ľgung.

Bitte wie immer unbedingt vor der Installation in einer produktiven Umgebung Release Notes etc sorgf√§ltig lesen und testen, testen, testen…

Viele Gr√ľ√üe

Dieter Rauscher
MVP ISA Server

Breaking VOIP Barriers

You have to check out this cute VOIP demo brought to you by the Microsoft people that are bringing you Office Communications Server 2007.

The cool factor in this is very high as is the quality of the TTS.

As always, enjoy and let me know what you think of it.

Jasper : the friendly Entity framework non ghost


Just as some bloggers harp over the delays in the entity framework, talking about object spaces, etc, the ADO.NET team released today Jasper.


Jasper leverages the power of dynamic languages and the concept of convention over configuration to provide a programming surface for data that enables rapid development of data-bound applications. While most other rapid data access frameworks are only capable of working against simple databases, Jasper can scale to almost any database, regardless of size or complexity. This is possible because Jasper takes advantage of the ADO.NET Entity Framework’s significant investments in mapping and conceptual data modeling.



How sweet it is J


Silverlight SDK 1.1 Alpha available now.

The goodies from MIX are now starting to pour into Microsoft’s servers…. Silverlight SDK being just one

PowerPoint Games – Anthony’s Projects

Yup, Anthony Barfield is our new PowerPoint Games contributor. I have published 3 of his PowerPoint Games including Pixels Neon. Anthony has a high standard for quality and game play aspects. He has created many quality works which include his Pixels series. He is also the first PowerPoint Heaven contributor to utilize PowerPoint 2007 on his recent works.

To download the game, visit PowerPoint Heaven at:

Take note that Pixels Neon requires PowerPoint 2007. If you are using PowerPoint 2003 and below, you will not be able to run the game. Alternately, you can download the free PowerPoint Viewer 2007.

Un fond d’écran DreamScene

Hop, un petit fond d’√©cran anim√© pour DreamScene…

Source et téléchargement.

Dell PowerEdge 2850 Hardware issues

Dell we have a problem.

It has come to my attention that ALL DELL PE2850’s have a hardware issue. It seems the dudes at Dell really messed up some firmware updates. If you are not running BIOS A06 and BMC 1.68 or higher download Dell’s Server Update Utility 5.1.1. ( or later (I have only tested 5.1.1 though). Get 5.2 here

So what happens if you are running the bad version? CPU IERR EO7F0 on every CPU in the machine at the same time. And then you get the famous Dell amber flashing light. Every OS locks up without processors, no really they do. If you call Dell Support (which I have done), you get greeted by a tech that says “Hi, welcome to Dell support. Please update your firmware and BIOS.”. DOH!


Cincinnati SharePoint User Group Meeting May 14

The website doesn’t have much but will get you time and directions. The planned schedule is

<6:00 – 6:30  Social Time and Food

6:30 – 7:15  Presentation: “Why Utilize SharePoint in the Enterprise”

7:30 – 8:15  Presentation: “Upgrading to SharePoint 2007”

It will be hosted at Max Train in Mason, Ohio.

I would say hope to see you there but I will be out of town for this one. L

Shane ‚Äď SharePoint Help

Annexe : Winform et Xna

Il est tout √† fait possible d’interconnecter un affichage “Xna” √† un affichage Winform. Deux choix s’offrent au d√©veloppeur : soit amener les fonctionnalit√©s Winform dans un programme Xna, soit int√©grer du Xna dans une application Winform. Cette annexe aborda ces deux cas au travers d’exemples simples.

Fonctionnalités Winform dans un programme Xna

La fen√™tre dans laquelle s’ex√©cute un programme Xna correspond √† un objet de type GameWindow.L’√©quipe Xna ne s’est pas amus√© √† “red√©vellopper la roue” ; chaque fen√™tre sous Windows est identifi√© par un handle qui l’identifie de mani√®re unique parmi toutes les fen√™tres affich√©es par le syst√®me d’exploitation. L’astuce consiste donc ici √† charger un objet Form (Winform) √† partir du handle de l’objet GameWindow.

A ce stade l’acc√®s aux fonctionnalit√©s Winforms est un jeu d’enfant. Nous allons cr√©er une application affichant un carr√©. Elle donnera √† l’utilisateur la possibilit√© de modifier la couleur du cube par l’interm√©diaire d’une combobox et sa taille via un slider. Un bouton permettra de tout r√©initialiser.

Fonctionnalités Xna dans un programme Winform


L’association Winform Xna est un cas exceptionnel qui r√©pond √† un ensemble de probl√©matiques particuli√®res : besoin de profiter de la maturit√© ou de rapidit√© d’impl√©mentation de Winform

BUG in VS 2003 with MSSCCI 1.2 Provider in TFS

Dear All,

I’d like to share with you a problem on VS 2003 ONLY and not in VS 2005.

The bug as follows; if you install MSSCCI 1.2 Provider for TFS in VS 2003,you can’t switch to VSS as a source control.

This problem will affect you because you can’t open any project binded to VSS as a source control;it takes TFS as a default source control even if you change it from the TOOL-> Source Control Menu in VS 2003.

NOTE : This problem ONLY exist in VS 2003 and i tried in VS 2005 and its working fine.

I submitted this to VS Product Team as a bug;for now;to solve the problem;you have these options :

1) Either to change in the registry of your machine (I DONT RECOMMEND THAT).
2) Use Third party tools “SCP Selector” , here is the download url :

Hope this is useful ūüôā

Moustafa arafa

Control Panel Windows Vista

Microsoft Windows sejak awal sudah menyertakan Control Panel, begitu juga Windows Vista juga menyertakan Conrol Panel yang lebih lengkap dan interaktif. Dalam Windows Vista, setiap jendela selalu bisa diatur dari menu standar menjadi menu Clasic. Bagi mereka yang sudah terbiasa dengan Windows Vista, perpindahan dari standard ke clasic tidak ada masalah, karena di Windows Vista sendiri sudah tersedia fasilitas ini.

Dengan Control Panel pemakai bisa mengubah setting, menambah program baru, menghapus program yang tidak diperlukan, setting hardware dan sebagainya. Dengan kata lain Control Panel merupakan kumpulan fasilitas yang bisa digunakan untuk berbagai keperluan, mulai dari yang sederhana, misalnya menambah dan menghapus Account hingga ke yang rumit, misalnya menambah hardware dan security.

1. Home Control Panel

Control Panel Windows Vista pada prinsipnya sama seperti Windows XP, hanya ada beberapa yang berubah dan penambahan beberapa komponen. Selain itu tampilannya juga sudah mengalami banyak perubahan, baik tampilan Clasic Menu maupun tampilan standar.

Melalui Control Panel ini Anda bisa menambah dan setting hardware baru, menambah dan menghapus Account, menambah dan menghapus program, menambah dan meghapus komponen Windows, dan sebagainya.

Seperti halnya pada Windows XP, Control Panel Windows Vista juga bisa dalam dua tampilan, yaitu tampilan Control Panel Home dan Clasic View.

2. Clasic View

Untuk melakukan berbagai perubahan, baik yang berhubungan dengan penambahan hardware, setting, menambah user, menambah dan menghapus komponen dan sebagainya akan lebih mudah dalam tampilan Clasic View. Tampilan ini digunakan bagi mereka yang belum mengenal dengan Microsoft Windows Vista.

Namun demikian baik tampilan Control Panel Home maupun Clasic View pada dasarnya sama saja. Jadi tidak ada perbedaan yang signifikan kecuali dalam hal tampilan saja.

Untuk pindah dari tampilan Control Panel Home ke Clasic View Anda cukup mengklik pilihan yang dimaksud, misalnya untuk menampilkan Control Panel dalam Clasic View, Anda cukup klik pilihan Clasic View, dan apabila Anda akan kembali ke tampilan standar, Anda cukup klik Control Panel Home.

Wireless Single Sign-On

Penerapan jaringan wireless menggunakan lapisan tingkat 2 pada jaringan seperti 802.1x yang memeriksa hanya komputer dan pemakai yang terhubung dalam jaringan radio tersebut. Pendaftaran ini harus dalam waktu yang tepat dan secara sepintas sama dengan windows logon. Dalam hal ini  Administrator dapat menggunakan group policy dan skrip program untuk melakukannya. Sekali terdaftar, jaringan akan memeriksanya. Hal ini dapat diterapkan untuk memeriksa pengguna yang mendapatkan prioritas untuk bergabung

Wireless Security

Arsitektur Wifi pada Microsoft Windows Vista mendukung teknologi keamanan terakhir yang meliputi perlindungan Extensible Authentication Protocol–Transport Layer Security (PEAP-TLS), protected Extensible Authentication Protocol–MS-CHAP v2 (PEAP-MS-CHAP v2), perlindungan Akses wifi 2 perusahaan dan pribadi, perlindungan Akses wifi (WPA) perusahaan dan pribadi serta WEP.

Dukungan luas ini mendukung interoperabilitas antara Microsoft Windows Vista dengan hampir semua wireless. Jaringan pribadi dikantor maupun dirumah akan lebih aman dengan WPA2-Personal and WPA-Personal. Kemampuan kartu jaringan wireless akan diperiksa Microsoft Windows Vista dan protokol yang teraman akan dipilihkan ketika tergabung dalam jaringan. Dengan Eap Host, dukungan keamanan dapat ditentukan oleh vendor atau perusahaan.

Microsoft Windows Vista melindungi jaringan wireless dari penyusup. Komputer hanya akan terhubung jika pengguna meminta dan menentukan sendiri kategori jaringannya. Komputer juga memperingatkan jika pengguna terhubung kedalam jaringan yang tidak aman. Sebagai tambahan komputer akan beroperasi jika memang dikehendaki oleh pengguna

Virtual Directory dan Virtual Server

Virtual Directory adalah direktori yang seolah-olah berada dalam hirarki Web Server, sebagai gambaran berikut ini adalah contoh Web Virtual Training merupakan virtual direktori yang seolah-olah berada di bawah Virtual Directory bisa berada di :

  • Drive yang sama komputer yang sama.

  • Drive yang berbeda di komputer yang sama.

  • Drive di komputer yang berbeda di jaringan.

  • Berikut ini adalah beberapa contoh Web Virtual Directory:

  •, berada di folder C:Sales

  • atau berada di folder C:WebSupport
Dalam satu komputer yang sudah terpasang IIS (Internet Information Service) 6.0 bisa memiliki beberapa Web server sekaligus. Misalnya Anda memiliki satu perusahaan hosting yang menerima hosting untuk beberapa web site sekaligus. Masing-masing web berjalan sendiri-sendiri dan tidak akan mempengaruhi web site yang lain jika misalnya terjadi masalah. Untuk membuat Virtual Server ada beberapa cara :

  • Menggunakan IP Address yang berbeda untuk masing-masing web server

  • Menggunakan Port yang berbeda untuk IP Address yang sama

  • Menggunakan host header untuk IP Address yang sama
Misalnya Perusahaan A menggunakan IP Address dan perusahaan B menggunakan IP Address dan perusahaan C menggunakan IP Address port 80 serta perusahaan D menggunakan IP Address yang sama di port 8080. Untuk mengaksesnya adalah dengan mengetikkan,, dan 


Recent Comments