Navigation

Search

Categories

On this page

Multi-monitor and Windows 7
Live Mesh ready for Windows 7
DEP is useless?
Windows 7 x64 Beta 1 and Google Chrome
MD5-signed X.509 certificates in trouble
Internet Explorer HttpOnly Cookie extension implemented in all major browsers
ReSharper v4.5 nightly previews started
Update for .Net Fx 3.5 SP1 available
Google Chorme v1.0 is out
Live Client Applications Wave 3 Updated
Silverlight 2.0 RTM
Tired of all the UAC prompts?

Archive

Blogroll

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

RSS 2.0 | Atom 1.0 | CDF

Send mail to the author(s) E-mail

Total Posts: 83
This Year: 0
This Month: 0
This Week: 0
Comments: 20

Sign In

# Thursday, 15 January 2009
Multi-monitor and Windows 7
Thursday, 15 January 2009 18:49:49 UTC ( Windows 7 )

A just noticed that Windows 7 has added support for moving windows between monitors.

Use Win+Shift with Left or Right arrow key to move the current window around. You can also do some fun positioning when combining the Windows key with the arrow keys.

Much appreciated improvements!

Comments [1] | | # 
Live Mesh ready for Windows 7
Thursday, 15 January 2009 18:44:13 UTC ( Windows 7 )

The latest version of Live Mesh doesn’t disable Aero anymore, and throws in better conflict handling as a bonus.

Live Mesh has become a critical part of my computer setup, and this is the final piece that completes my Windows 7 installation --  and everything is working great!

You can get the updated build at mesh.com or simply trough the built-in updater if you were tough enough to survive without Aero.

Comments [0] | | # 
DEP is useless?
Thursday, 15 January 2009 18:35:06 UTC ( Security )

Interesting point by Magnus Akselvoll.

Perhaps two of the most malware-facing application are the ones that don’t quite work. Enough said.

Comments [0] | | # 
# Friday, 09 January 2009
Windows 7 x64 Beta 1 and Google Chrome
Friday, 09 January 2009 15:04:41 UTC ( Browsers | Windows 7 )

If you you’ve tried to install Google Chrome v1.0 on Windows 7 x64 Beta 1 you have seen a number of warnings about compatibility, and Chrome crashes whenever you load a page. There are some problems with the Chrome sandboxing model and Windows 7 x64, so if you run Chrome with the parameter –no-sandbox everything should work fine.

Happy testing :)

Comments [0] | | # 
# Wednesday, 31 December 2008
MD5-signed X.509 certificates in trouble
Wednesday, 31 December 2008 10:25:26 UTC ( Security )

Security researchers have proven a successful collision attack against MD5-signed X.509 certificates. This would enable an attacker to create their own X.509 certificate with same digital signature as the original certificate. This certificate can then be used to sign additional certificates and provide whatever details they please, all trusted by existing security infrastructures. This will work great phishing and man-in-the-middle attacks.

This was performed using a cluster of 200 PlayStation 3’s and is reproducible with a couple of days of computing.

The risks inherent when using the MD5 hash algorithm have been known for quite some time and the recommendation is to move to the SHA family. Most certificates should as such be signed with SHA-1 instead of MD5, but history has proven that there are always old installations and old configurations around.

The following public Certificate Authorities are still using MD5 signing:

    • RapidSSL
    • FreeSSL
    • TrustCenter
    • RSA Data Security
    • Thawte
    • verisign.co.jp

The security researchers sampled 30.000 certificates, whereof 9.000 were using MD5 and 97% of those were issued by RapidSSL.

It’s time to review the algorithm used on your certificates; hopefully it is using SHA. This is easily verifiable if you look at the certificate properties. This is not a problem with EV certificates as they do not support the MD5 algorithm.

Microsoft recently issued this security advisory.

Comments [0] | | # 
Internet Explorer HttpOnly Cookie extension implemented in all major browsers
Wednesday, 31 December 2008 09:36:17 UTC ( Browsers )

The WebKit engine was recently enhanced with the HttpOnly Cookie feature originally introduced in Internet Explorer. This is a security feature that restricts access to certain cookies making them only available for HTTP requests and not from JavaScript running within the browser; a feature originally developed to help with XSS attacks.

The next versions of Safari and Google Chrome will most likely include these updated bits completing the browser lineup as Internet Explorer, FireFox and Opera already have this feature implemented.

Nice to see innovation being accepted and implemented across the board.

Comments [0] | | # 
# Friday, 26 December 2008
ReSharper v4.5 nightly previews started
Friday, 26 December 2008 00:31:13 UTC ( Tools )

The Early Access Program for ReSharper v4.5 just started and nightly builds are available for download. Keep in mind that these are not official beta releases, but automated builds straight from the development branch. The current release has a few very useful features as well as performance and memory optimizations.

Solution-wide analysis has been updated with unused code detection that will highlight unneeded code segments throughout your solution. If you have a layered architecture with multiple solutions you will have to up a new solution that includes all your projects for this to work correctly. If you are doing some Christmas cleaning you may want take these new bits for a spin. It also features a much more flexible naming standard configuration.

Download here.

Comments [2] | | # 
# Sunday, 21 December 2008
Update for .Net Fx 3.5 SP1 available
Sunday, 21 December 2008 17:54:02 UTC ( )

If you had any issues with .Net FX 3.5 SP1, or if you are holding it back for some reason, it’s time to head over to KB959209 and get this patch.

It contains a set of fixed for both the .Net 2.0 and the .Net 3.0 bits that were patched as a part of this release. There is also a list of fixes incase you have been noticing some strange behavior lately.

The .Net Fx 3.5 Service Pack 1 contained quite a few interesting optimizations, and is well worth the install.

Comments [0] | | # 
# Tuesday, 16 December 2008
Google Chorme v1.0 is out
Tuesday, 16 December 2008 08:57:04 UTC ( )

It looks like Google decided to fast track a version 1 release, probably hoping it will be an acceptable deployment for enterprise and computer manufacturers.

It is still lacking a few important features like client certificate support, but it’s fast and stable. If you are heavy user of Google web applications and want the extra features or simply looking for new browser alternative head on over to Google to give it a spin. If you just want to test it you can simply leave the ‘make it my default browser’ setting unchecked, it’s easy to change that once you become a true believer.

Comments [0] | | # 
Live Client Applications Wave 3 Updated
Tuesday, 16 December 2008 08:47:45 UTC ( )

A update to the Windows Live Essentials package has been released. This includes Live Messenger, Live Mail, Live Writer, Live Photo Gallery and more. Make sure you uncheck any checkboxes for things you don’t want, and be mindful of the last settings page with home page and search engine settings.

This appears to be a release candidate build, and we should expect a final release very soon.

Get your bits at download.live.com.

Comments [0] | | # 
# Tuesday, 14 October 2008
Silverlight 2.0 RTM
Tuesday, 14 October 2008 08:28:11 UTC ( )

Finally, Silverlight v2.0 has been released and is now available for download.

This, to me, is really the first version of Silverlight. It’s the first version with a modern development environment, a rich set of controls and a familiar development framework.

You will even find a Eclipse-based development environment, if you are somewhere where you are unable to use Visual Studio.

Go fetch!

Comments [0] | | # 
# Sunday, 12 October 2008
Tired of all the UAC prompts?
Sunday, 12 October 2008 10:23:59 UTC ( Security | Tools )

Norton Labs have created a utility that removes a lot the UAC annoyances you may be experiencing in Windows Vista. It allows you to configure a list of applications that can be launched in admin mode without incurring a UAC prompt, basically a “do not ask me again” dialog. Great for everyday applications like Visual Studio.

May be a better solution than disabling it completely ;)

There is one caveat though, it will send information to Norton whenever you get a prompt. It will send the filename and hash of the files involved, as well as your response. The intention is to create a white list that will be shipped with the finished product.

There is a free beta version and a FAQ available at Norton Labs, both X86 and X64 editions.

Comments [1] | | #