tag:blogger.com,1999:blog-61099024283945912352024-02-19T12:51:05.019+05:30Technology Blog - Vikas GoyalVikas Goyalnoreply@blogger.comBlogger15125tag:blogger.com,1999:blog-6109902428394591235.post-20133607291590902502015-06-26T12:29:00.001+05:302015-06-26T12:29:33.866+05:30Azure Subscription and TenantsQUICK TIP : When you add your Azure account using PS Add-AzureAccount, you get subscription id and list of tenant IDs created in the subscription. The tenant IDs are actually related to Azure Active Directory tenants which you have created. Vikas Goyalnoreply@blogger.com0tag:blogger.com,1999:blog-6109902428394591235.post-22148263146815557082011-12-16T09:25:00.001+05:302011-12-16T09:25:50.463+05:30Free eBook on Claims based Identity and Access ControlStarts with discussing basics of claims based identity and moves to advanced topics. Following industry standards are discussed : Security Assertion Markup Language (SAML) Security Association Management Protocol (SAMP) and Internet Security Association and Key Management Protocol (ISAKMP) WS-Federation WS-Federation: Passive Requestor Profile WS-Security Vikas Goyalnoreply@blogger.com0tag:blogger.com,1999:blog-6109902428394591235.post-49450617641682073862011-07-13T12:56:00.001+05:302011-07-13T12:56:26.408+05:30Whitepaper on exploit mitigation technologies A new whitepaper has been recently published which discusses about various exploit mitigation technologies and how to use them. Release by Microsoft Security Engineering Center. A must for every person on software development team. Covers following: economics of exploitation – attacker’s return on investment Tactics behind exploit mitigation technologies like enforcing variants, Vikas Goyalnoreply@blogger.com0tag:blogger.com,1999:blog-6109902428394591235.post-77765990944863655642008-12-26T19:59:00.001+05:302008-12-26T19:59:16.710+05:30* Silverlight : Cross domain access guidelinesRIA (Rich Internet Applications) client runtimes like Silverlight and Flash does not allow any code to access cross domain sites unless the target sites specifically grant access. This is done to avoid issues like Cross-Site Scripting (XSS) attacks. If you are involved in developing apps on Silverlight runtime, it helps to understand the runtime behavior for cross domain access both during Vikas Goyalnoreply@blogger.com0tag:blogger.com,1999:blog-6109902428394591235.post-49887972859653701712008-11-18T23:35:00.001+05:302008-11-18T23:35:38.341+05:30* Baking Security In This is the new campaign from Microsoft to bring awareness about how MS products are made more secure and also releases tools and guidance as part of Security Development Lifecycle. Catch all of it @ www.bakingsecurityin.com Vikas Goyalnoreply@blogger.com0tag:blogger.com,1999:blog-6109902428394591235.post-56574244562301414712008-11-05T00:16:00.001+05:302008-11-05T00:16:49.269+05:30* Windows Live ID to support OpenIDFor users, Windows Live ID has provided a single credential to login into all Microsoft sites like MSDN, Connect, Live Mail etc. ‘OpenID is an open, decentralized, free framework for user-centric digital identity. OpenID takes advantage of already existing internet technology (URI, HTTP, SSL, Diffie-Hellman) and realizes that people are already creating identities for themselves whether it be Vikas Goyalnoreply@blogger.com0tag:blogger.com,1999:blog-6109902428394591235.post-36089988185261403782007-11-12T15:07:00.001+05:302007-11-12T15:07:46.934+05:30* Agenda for Security Summit at BangaloreIn case you are still wondering what tomorrow's summit (Microsoft Security Summit) is going to offer to you .. here is the agenda : 0830hrs - 0915hrs              :                     Registration 0915hrs - 1000hrs  &#Vikas Goyalnoreply@blogger.com0tag:blogger.com,1999:blog-6109902428394591235.post-11309713603411205702007-11-12T09:36:00.001+05:302007-11-12T09:36:34.908+05:30* Microsoft Security Summit - IndiaCheck out this event to be organized across India.        Microsoft Security Summit Vikas Goyalnoreply@blogger.com0tag:blogger.com,1999:blog-6109902428394591235.post-21168632827236992002007-10-25T15:36:00.001+05:302007-10-25T15:36:26.865+05:30* Troubleshooting : Client Certificate AuthenticationYou are doing a setup for Client Certificate Authentication for your web application. The client and server tools involved are : Internet Explorer 6 or 7 IIS 6.0 Windows 2003 After installing client and server certificates and enabling 'Accept Certificates' at IIS end, you may face one of these problems: You are not able to verify whether the client certificate is currently Vikas Goyalnoreply@blogger.com1tag:blogger.com,1999:blog-6109902428394591235.post-28510349147205655172007-10-24T08:45:00.001+05:302007-10-24T10:12:05.863+05:30* Security : Acrobat Reader flaw patched Adobe has released the patch for the flaw detected earlier this month. Acrobat Reader Security Flaw            Get Acrobat Reader patch Vikas Goyalnoreply@blogger.com0tag:blogger.com,1999:blog-6109902428394591235.post-46757618570340642372007-10-13T18:59:00.001+05:302007-10-13T18:59:13.066+05:30* Security Alert : Adobe, Windows XP, IE 7If you use Acrobat Reader on Windows XP machine with IE 7, you are at risk from malicious code and hacking attacks due to several security flaws in Acrobat products. This is I believe one of the most popular combination.                              Vikas Goyalnoreply@blogger.com0tag:blogger.com,1999:blog-6109902428394591235.post-49006159630404565102007-10-08T09:05:00.001+05:302007-10-08T09:05:02.790+05:30* Vulnerable Google ProductsRecently lot of reports have surfaced exposing various kinds of Cross-Site Scripting (XSS) vulnerabilities in Google products. The applications which have been found vulnerable are : Gmail Google Search Appliance Google (Blogspot) Polls Application Google's Picasa photo-sharing software Google's Urchin Analytics service Government of India's agency Indian Computer Emergency Response Vikas Goyalnoreply@blogger.com0tag:blogger.com,1999:blog-6109902428394591235.post-50357838462765626112007-09-19T13:22:00.001+05:302007-09-19T13:22:12.811+05:30* WCF : Hosting in Partial or Medium Trust ASP.NET environment Read about ASP.NET Partial Trust environment. Currently WCF provides very little support for partial trusted environment. When hosting in medium trust environment - only basicHttpBinding is supported by default. If you want to use wsHttpBinding, security mode needs to be set as 'None' or 'Transport'. Default security mode for wsHttpBinding is 'Message'. Partially trusted callers are Vikas Goyalnoreply@blogger.com0tag:blogger.com,1999:blog-6109902428394591235.post-71371531663160311062007-09-19T10:56:00.001+05:302007-09-19T10:56:55.470+05:30* ASP.NET : Partial Trust EnvironmentASP.NET runtime allows server administrators to configure runtime so that various asp.net applications can run in various levels of isolation and with various permissions. This is most relevant in shared hosting kind of scenarios. The various levels of trust available are : Full|High|Medium|Low|Minimal By 'Partial Trust' means, server admin trust the applications hosted in web server only Vikas Goyalnoreply@blogger.com0tag:blogger.com,1999:blog-6109902428394591235.post-25793618584210440532007-01-22T13:58:00.001+05:302007-09-18T10:37:49.469+05:30* How to build Authorization Module for TCP Remoting channelFrom .NET 2.0, framework includes the security infrastructure for TCP channel which can be enabled just by configuration. The below entry enables security for tcp channel <configuration> <system.runtime.remoting> <application> <service> &Vikas Goyalnoreply@blogger.com1