Wacom Wintab Pressure Sensitivity Arrives for Surface Pro

Published May 10, 2013

 

 

 

After a long and ridiculous wait for functionality that in February was promised to be coming soon, Wacom pressure sensitive functionality has arrived for users of Photoshop and other products that rely on the Wintab API.

On May 9, Panos Panay tweeter he was using beta drivers. I replied to that tweet asking if drivers were/would be made available to the public. No response. No indication in the on-going forum thread at http://answers.microsoft.com/en-us/surface/forum/surfpro-surfusingpro/surface-pro-pen-pressure-sensitivity-is-not/72f34b0e-e931-4fa0-8322-5f3933b061f6?page=1&tm=1368189377290 of driver availability either (but Microsoft personnel abandoned users in that thread long ago)

Strangely, not a single mention of Surface Pro in the description. The description reads “Expand the capabilities of your tablet computer with the enhanced tablet driver for systems that use Wacom Feel IT® technology! Installing this driver will provide many advanced pressure-sensitive features that Wacom pen tablet users have come to enjoy.” And no mention of Feel IT on the official Surface Pro specifications page at http://www.microsoft.com/surface/en-US/surface-with-windows-8-pro/specifications 

Shortly after that tweet from Panos Panay, strangely labeled drivers appeared on the Wacom driver download site. And again, not a single tweet from Microsoft, Panos, or the official @Surface Twitter account about this.

I downloaded the drivers, and after a restart, launched Photoshop CS 5.5 and did this quick and dirty test.

test

Yes! Exhale. Deep sigh of relief.

I find it odd that the Microsoft folks are so quiet over this release. There are release notes showing some potential bugs, but to have ANY driver in hand at this point is great.

Tagged , ,

Windows Azure SDK 2.0 and Tools

Published May 5, 2013

Last week is version 2.0 of the Windows Azure SDK and Visual Studio tools released. And this time not just a few bug fixes, but really good additions.

Ok, version number is updated and Windows Server 2012 is the default osFamily of a Role.

30-4-2013 22-28-2130-4-2013 22-35-38

Also the new VM sizes are added to the tools.

 30-4-2013 22-33-55

Beside the known Web and Worker Roles there is also a Role specific for the Windows Azure Servicebus added.

 30-4-2013 22-28-49

But the real news are in the Diagnostics and the Windows Azure Storage in the Server Explorer. The diagnostics is now much better to setup.

 30-4-2013 22-34-44

 30-4-2013 22-34-56

And the Windows Azure Storage in the Server explorer has more functionalities besides a read function. We missed a really simple editor for example Windows Azure Storage tables. A separate tool was needed for that, but know we do not have to leave the Visual studio environment. Also selecting from Storage Table is possible.

 1-5-2013 16-57-33 1-5-2013 16-59-04 1-5-2013 16-59-51

1-5-2013 16-59-24 1-5-2013 16-59-36

Publishing to Windows Azure Websites can also be done by importing data from the Windows Azure website itself.

 30-4-2013 22-46-31

The deployment of a Cloud Service can be setup far easier. One of the great advantages of Windows Azure is your app is always up, even during a new deployment. The deployment will be split, first server A and then Server B. Sometimes this is not really wanted and now it is possible to bypass this.

 30-4-2013 22-52-19

More info on my blog when I use it, but ofcourse also on the blog of Scott Guthrie

http://weblogs.asp.net/scottgu/archive/2013/04/30/announcing-the-release-of-windows-azure-sdk-2-0-for-net.aspx

6th Annual Ottawa IT Camp – Completed

Published May 4, 2013

OCC

   Another great event for 2013 goes by and it was a pleasure to present my signature talk on Social Engineering and ASP.Net Defences. There is something about hacking live    and getting reactions to defending the same site and seeing the crowd smile.

The Code Camp (IT Camp) is all about networking and learning , this year I contributed by sponsoring the event www.opulentasp.com and by presenting in two tracks. The subjects were avant guard and very informative.

Social Engineering – ASP.Net Defence Systems

By: Joel Hebert
Social Engineering from the ground up. From creation of the attack vectors in the Social Engineering Toolkit, to execution, to defence in ASP.Net. We shall oversee what defence mechanisms or techniques exist to defend against certain Social Engineering Attacks. The take away: ASP.Net Techniques and modules, SET Experience and techniques.

ASP.Net 4.5 A triage of the best features

By: Joel Hebert
Showcase includes: New request validation features, databinding augmentations, page inspector, unobstrusive validation and much more

 

Tagged ,

IISConfigurator Error

Published May 2, 2013

During the Global Windows Azure Bootcamp we saw an IISConfigurator error a few times. The attendees had everything installed according to the Windows Azure prerequisite. But after starting a ‘clean’ Windows Azure Cloud Service the following appeared.

iisconfiguratorerror

The solution in our cases was setting up the IIS feature on the machine. It is not completely clear if the IIS management Console alone is enough.

Time to eat humble pie (A PayPal followup)

Published May 2, 2013
I recently posted that
It only takes one small event to destroy the goodwill of hundreds of events.
I need to follow this up and say that “goodwill can be earnt by great deeds”.
 
I need to give a big thank you to PayPal. Whilst they did not refund my lost money that I disputed (due to Terms and Conditions). Whilst I still do not have my product. Whilst their communication via email was not very useful and I had lots of stress working with them towards a solution ….
 
… they have made a Goodwill payment to cover my loses. They did not need to legally do this and it is not a normal procedure. They have covered my payment and made me a happy man.
 
I am not sure if this is in response to my tweets, Facebook or blog posts. It might even be from the dispute customer service survey I filled in.
 
Regardless, my faith is restored. This was a selfless unnecessary positive act. I am back in love with Paypal.
goodwill can be earnt by great deeds
Tagged , ,

Word 2013: Missing object model documentation

Published May 2, 2013

I think many of us are still trying to come to terms with the fact that the only Help for Office 2013 is on-line. The official information can be found here:
http://technet.microsoft.com/en-us/library/cc178954.aspx
in the section AWS (Assistance and Worldwide Services).

The official line is that this is “better” all around. Help can now be searched on-line and translated. Of course, the fact that this was already the case for almost ten years isn’t mentioned…

Truth be told, the real reason is resources (financial). If Help has to be delivered with the product, then it has to be written before the product is released. This means lots of man-hours just prior to release, then down-time until the next product release. So, to a certain degree, the decision is understandable.

The other side of the coin, however, is that there’s no deadline that forces the documentation to actually be done and finished.

The result at the time of this writing, some months after the official release of Office 2013, is that the object model language reference (Help) hasn’t been reviewed for relevance to Office 2013, and new functionality isn’t fully incorporated. So you can spend literally hours trying to find information in the new, less friendly MSDN interface with the result that
you can’t find what you were looking for because it’s simply not there.

The “final straw” for me was a question about the Word object model in the Word for Developers forum the other day. So I’ve set up a new “page” on this blog to document un-documented behavior and information concerning Office. Everyone is welcome to contribute!

Tagged , ,

PDF Security – Malicious attacks increase during April 2013

Published May 1, 2013

Corporate and home users should avoid suspicious PDF documents as well as ensuring they use the latest version of PDF software.  For example, Adobe Reader XI (11.0.02) now offers sandbox security controls, protected mode processing, and other security controls not found in earlier versions.

http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-pdfs-on-the-rise/

QUOTE: Throughout 2012, we saw a wide variety of APT campaigns leverage an exploit in Microsoft Word (CVE-2012-0158). This represented a shift, as previously CVE-2010-3333 was the most commonly used Word vulnerability.  While we continue to see CVE-2012-0158 in heavy use, we have noticed increasing use of an exploit for Adobe Reader (CVE-2013-0640) that was made infamous by the “MiniDuke” campaign. The malware dropped by these malicious PDFs is not associated with MiniDuke, but it is associated with ongoing APT campaigns.

Our research indicates that attackers engaged in APT campaigns may have adapted the exploit made infamous by the MiniDuke campaign and have incorporated it into their arsenal. At the same time, we have found that other APT campaigns seem to have developed their own methods to exploit the same vulnerability.  The increase in malicious PDF’s exploiting CVE-2013-0640 may indicate the start of shift in APT attacker behavior away from using malicious Word documents that exploit the now quite old CVE-2012-0158.

Twitter Security – Best practices for Group Account

Published April 30, 2013

Several protective practices are shared as follows:

http://securitywatch.pcmag.com/security/310959-how-to-protect-your-group-twitter-account

QUOTE: Several Twitter accounts belonging to the United Kingdom’s Guardian were hit by the Syrian Electronic Army over the weekend, and last week, Associated Press, CBS News, and BBC were also hacked. SEA threatened to keep up its attacks because Twitter keeps suspending its account. Several of the recommendations fall under basic Security 101 and are tips anyone should follow, for both their personal accounts as well as shared ones.

Twitter encouraged users to change passwords and select strong passwords and be on the lookout for suspicious communications or that may be a part of a spear phishing campaign. All organizations, not just media, should be aware of potential phishing attacks. “These incidents appear to be spear phishing attacks that target your corporate email. Promoting individual awareness of these attacks within your organization and following the security guidelines below is vital to preventing abuse of your Twitter accounts,” the memo said.

Since Twitter uses email for password resets and official communications, users need to keep their email accounts secure, first by selecting strong (and different!) passwords. If two-factor authentication is available on the email account, it should be enabled, Twitter suggested. Users should never send passwords via email, even internally, Twitter warned. That way, attackers can’t find the password of the account through someone else’s archived messages.

Proof of Concept Airplane software vulnerabilities should not impact safety

Published April 30, 2013

Initially, saw this as a POC against simulation software and certainly a wakeup call to promote safety.  However, Hugo’s comments are worth noting below … He noted software exploits and vulnerabilities, that with the right delivery system that could be potentially manipulated.   While there are limitations on what can be accomplished, there are many mitigating controls that make this impractical currently.  Still industrial automation and especially remote control systems must be as secure as possible. 

http://commandercat.com/2013/04/posthitb2013.html

QUOTE: After reading some of the news related to my talk at HITB 2013, I am writing this post with the goal of clarifying some misunderstandings, probably due to the lack of time I had during the talk, because I omitted details or other reason. Some of the most common wrong statements I have seen are related to:

  • The Android application: No, the Android application I developed cannot attack an airplane by itself. This application is just a user interface that send commands to the base station and receives feedback. Without the base station, and all the other hardware shown on the slides, the application is by itself useless.

 

  • The flight simulator: I did not found the vulnerabilities in the flight simulator; I found all the vulnerabilities on real software and hardware of on-board aircraft systems.

 

  • ACARS exploitation: No, I did not attack ACARS, neither ADS-B. I just used those protocols to send and receive information to/from the aircrafts. Exploits and payloads are delivered using those protocols but I don’t attack them. That would be like saying that an exploit attacks TCP just because it is delivered via the network.

 

  • Real airplanes: No, none of my tools or code can be used directly against real aircrafts. I did and kept it this way on purpose, but the vulnerabilities I found apply to real aircraft systems and code.

 

  • Old hardware: For my research I targeted both old FMS models (dating back from the 70s) as well as some of the newest ones (two or three years old).

 

  • Exploitability: I understand the skeptical community saying “this is not possible because ACARS does not offer commands for doing X or Y”. Once again, I only used ACARS as a communication channel and my research targeted the FMS. So, have you ever heard of memory corruption? Also, when I mentioned “No rootkit” I was referring to the fact that hiding is currently not necessary so it was not implemented, not that the post-exploitation did not include hooking.

A counter-response is noted in this thread, which documents some key safety controls that make the scenario shared very difficult to achieve (and these type comments, led to the points above)

http://www.askthepilot.com/hijacking-via-android/

Computer Firewalls – Benefits of bi-directional protection

Published April 30, 2013

Intego security notes benefits of outbound protection where malware attempts to connect to the Internet from an infected computer.  By definition, all firewalls offer in-bound protection, and there are additional benefits in detecting and preventing malware from phoning home 

http://www.intego.com/mac-security-blog/whats-the-difference-between-incoming-and-outgoing-firewall-protection/

QUOTE: The other day, we mentioned that the OS X application firewall provides only inbound protection. I imagine there are some of you who are wondering what exactly that entails, and more specifically, how that differs from what’s in Intego’s products. Well, guess no more! Here’s a handy explanation about the difference between incoming and outgoing firewall protection.

As you may imagine, inbound protection protects you from threats that originate outside of your Mac and try to get in. There are many types of automated or direct attacks that this type of protection is useful to combat, and this is the type of protection that OS X’s application firewall provides.

But arguably the more important component, from an anti-malware perspective, is outbound protection. Outbound protection alerts you to attempts to connect out from your machine. There are a lot of legitimate processes on your machine that do need to connect out (such as to get email, surf the web, get or update settings, etc.) but if there is unknown malware on your machine, you want to be able to prevent it from connecting out to send data or to alert its controller.

Recent Comments



Wordpress Theme by Barb Bowman

Copyright © 2012. All Rights Reserved.