Computer Internet network security News

Transactions Requiring Social Security Numbers.

Read important shopping online safety tips before your next online purchase. These online safety tips will help make your shopping experience safe, secure, and pleasurable. More and more people are using the internet to make purchases and though most transactions are without complications, safeguards for online safety is crucial.

Get to know the merchant when shopping online

When shopping, be sure to gather as much information as you can about the merchant you will be dealing with. Check their reputation to see if they are a reliable source to purchase from. Look for internet rating services and directories that provide helpful information about merchants.

Is the site secure?

Most sites that are visited are very secure but yet there are those that you need to be aware of. Taking the right precautions and tips will ensure a complete and safe purchase. Let us start to see what protection there is when you are about to make that purchase. Is there a closed lock or unbroken key in your browser window? The site is not secure if the key is broken or the lock is open. Is there “https:” not “http” on the web address that ask for your password, credit card, or other personal information? Look for a pop-up box that says you are entering a secure area. Also, SSL (Secure Sockets Layer) are used on some sites.

Use different passwords

Prevent someone committing fraud by changing your passwords. A suggestion would be to change them every 2-3 months. For sites requiring sensitive information, create unique passwords different from what is used for other entries.

When you create your passwords, do not use personal words and numbers such as your phone number, your name, social security number, or address. Use a combination of letters and numbers. Be sure to remember the passwords and if you need to, write it down and keep them in a safe place where they cannot be found.

Beware of bogus emails

You may receive many clever emails imitating merchants, banks, or other companies that will ask for your personal information. You will be asked to verify your password, reestablish your accounts, or anything in order to get access to sensitive information. Do not click on their links nor answer the emails. If you have a question and have some concern, contact your trusted source to see the email is legitimate.

Bona fide businesses do not ask for sensitive information such as your SSN or bank account numbers on the web. Stay updated with anti-virus and spam software for added protection.

Safeguard and protect

Take the time to investigate other ways that you can safeguard and secure protection when you are shopping online. Following these steps and more will greatly decrease the chances of being a victim of fraud and give you peace of mind when shopping.
Find more information about Factual Significance of Social Security Numbers here.

Find important info in the sphere of Mens Rings – go through this site. The times have come when proper info is truly at your fingertips, use this possibility.

.NET Framework security Transactions Requiring Social Security Numbers

One of the things my team has been working to enable has been the ability for .NET developers to download and browse the source code of the .NET Framework libraries, and to easily enable debugging support in them.Today I’m excited to announce that we’ll be providing this with the .NET 3.5 and VS 2008 release later this year.

We’ll begin by offering the source code (with source file comments included) for the .NET Base Class Libraries (System, System.IO, System.Collections, System.Configuration, System.Threading, System.Net, System.Security, System.Runtime, System.Text, etc), ASP.NET (System.Web), Windows Forms (System.Windows.Forms), ADO.NET (System.Data), XML (System.Xml), and WPF (System.Windows).  We’ll then be adding more libraries in the months ahead (including WCF, Workflow, and LINQ).  The source code will be released under the Microsoft Reference License (MS-RL).

You’ll be able to download the .NET Framework source libraries via a standalone install (allowing you to use any text editor to browse it locally).  We will also provide integrated debugging support of it within VS 2008.

More at http://weblogs.asp.net/

.NET Framework security .NET Framework security, .NET-Framework-security, MCL, Microsoft security

s stated above, ASP.NET and IIS securities go hand in hand. Therefore ASP.NET authentication also relies on the settings that we make in IIS. ASP.NET offers following types of authentications:

• Authentication: the process of validating the identity of a user to allow or deny a request ^[4,9,10]. This involves accepting credentials (e.g. username and password) from the users and validating it against a designated authority. After the identity is verified and validated, the user is considered to be legal and the resource request is fulfilled. Future request from the same user ideally are not subject to the authentication process until the user logs out of the web application.
• Authorization: the process of ensuring that users with valid identity are allowed to access specific resources.
• Impersonation: this process enables an application to ensure the identity of the user, and in turn make request to the other resources. Access to resources will be granted or denied based on the identity that is being impersonated. In other words, impersonation enables a server process to run using the security credentials of the client ^[6,9]. Thus, the ASP.NET applications are capable to execute the identity of client on whose behalf they are operating.

The authentication option for the ASP.NET application is specified by using the <authentication> tag in the Web.config file, as shown below:

<authentication mode="Windows | Forms | Passport | None">
	other authentication options
</authentication>

Authentication in ASP.NET is one of the best features of the web
application's security, which it is divided into 3 different built-in
providers: Forms-based, Passport and Windows Authentication. The
Forms-based and passport authentication do not require the users to be
as Windows users. Meanwhile, the windows authentication is designed for
users that are part of Windows domain.

.NET Framework security .NET-Framework-security, ASP.NET security, asp.net-authentication, Authentication, Data Security, impersonation, security_credentials, validated, valid_identity

The .NET Framework introduces a wholly new concept of security (at least for those steeped in the Windows tradition). Instead of basing security on objects, it’s based on tasks. That’s a gross, somewhat inaccurate generalization, so don’t take our word for it. Instead, read Don Box’s article on .NET security.

Several attacks in the past year have targeted servers running Microsoft Internet Information Services (IIS). No matter how safe a system is, the more ports you leave open, the more chances a hacker has to find a hole. Windows .NET Server will ship with IIS 6.0, which showcases several key security advances. Use some of these new features and compare them to the way you did things in IIS 5.0. surely you will learn a lot.

Today, there are many different flavors of Windows: Windows 95, Windows 98, Windows 98 SE, Windows Me, Windows NT® 4.0, Windows 2000 (with various service packs), Windows CE, and soon a 64-bit version of Windows 2000. Most of these systems run on x86 CPUs, but Windows CE and 64-bit Windows run on non-x86 CPUs. Once written and built, a managed .NET application (that consists entirely of managed code, as I’ll explain shortly) can execute on any platform that supports the .NET common language runtime. It is even possible that a version of the common language runtime could be built for platforms other than Windows in the future. Users will immediately appreciate the value of this broad execution model when they need to support multiple computing hardware configurations or operating systems.

For complete guide refer http://msdn.microsoft.com/msdnmag/issues/0900/Framework/ 

.NET Framework security .NET Framework security, .NET-Framework-security, don_box, Microsoft security, security_advances, servers, Windows security

.net Framework have lot to learn this year. You may learn the following and apply practiclly in real time environment.

1) WCF (Windows Communication Foundation)

While WCF is certainly less “sexy” than say WPF / Silverlight, it is going to represent the backbone of solving business problems with .NET going forward from here. Big organizations are starting to embrace it, and it provides a cohesive framework for solving business problems in a distributed, integrated way. WCF integrates Remoting, WebServices, EnterpriseServices and Transactions, WSE, MSMQ, and much more into a cohesive programming framework. If you intend to make it your business to study just one new .NET technology this year, make it WCF.
2) ADO.NET (and LINQ):

ADO.NET is how you talk to a data store, and databases are such a ubiquitous part of what you will do as a developer that you have NO CHOICE but to become extremely competent in this area. The next big thing in how to talk to data is LINQ with language extensions and entity objects that “represent” mappings of data and its relationships. If you don’t become at least familiar with all this stuff, somebody else is going to eat your lunch.

3) WPF (Windows Presentation Foundation)

Everything you learned about Windows Forms, pages in a browser, and UI elements is going to go out the window, because Microsoft has already declared that WPF is the new way we’re gonna do this stuff.

You also may refer microsft website to learn more.

.NET Framework security .NET Framework security, .NET-Framework-security, cohesive_framework, entity_objects, language_extensions, net_framework, wcf, webservices, wse

No any feature introduced in ASP.NET 2.0 is the use of the “provider model” to provide maximum flexibility and extensibility to your Web applications. Using the provider model, developers can easily extend the capabilities provided by the ASP.NET 2.0 runtime, in many different ways. For example, you can extend the provider model to store the membership information for your Web site users in a custom data store, rather than the default SQL Server Express 2005 database.

I have come across to an article in which the author shows his experience in customizing the membership in asp.net. Please look at the following how he experienced the application.

Recent, I start playing the Membership class but not touching the Profile class yet. I search a lot and a question comes up to my mind. The standard Membership and its related table does not fits my DB and application design( as this is usual case I think), so I search around and thinking that i should implement the Profile or extend the Membership. Well, I got an answer after searching, I should implement Profile as itis the easier step.
The following is copying from Kirk Allen Evans’ Blog in MSDN blog
I have been working with two separate customers over the past few days on the same problem. Both have an existing web application that they are migrating to ASP.NET 2.0. They both wrote their own authentication functionality, and are now considering how to leverage the existing store with ASP.NET 2.0 Membership.
Consider a table that looks something like this:

UserID
int

UserName
nvarchar(50)

PasswordHash
nvarchar(50)

OfficePhone
nchar(10)

CellPhone
nchar(10)

Pager
nchar(10)

Obviously, this looks a lot different than the schema for Membership that is created when you run aspnet_regsql. If you want to retrofit your existing table into the Membership system, do you create a custom MembershipUser type and expose the OfficePhone, CellPhone, and Pager values as public properties, or do you leverage the Profile system instead?
You could extend the MembershipUser class and expose a few properties, but that ties your application to that specific provider. For instance, any time you want to access the Pager value, you would need to do something like:
CustomMembershipUser u = Membership.GetUser(”bob”,true) As CustomMembershipUser;
if(null != u)
{
TextBox1.Text = u.Pager;
}
You would not only have to cast to your custom MembershipUser type, but you also need to check to see if the correct type is returned, lest someone switch to a different provider. This is the real aversion I have to extending MembershipUser, since your application cannot easily take [...]

Read more at kenlin@HK [MVP]

.NET Framework security, Security software .NET Framework security, .NET-Framework-security, application_design, ASP.NET security, membership_system, Security-software, web_application

kenlin write about fire ordering in master page. Lets see how he described it and then we comment about it.

Recent I work a lot on the Web Application in .NET 2.0. I tried to use the MasterPage with ContentPage. However, I found out that the even fire is…..not in general ordering. ie, I have one MasterPage and one ContentPage, A button in that ContentPage, When you click the button in debug mode, you will found out that the
1) ContentPage.Load fire;
2) then MasterPage.Load;
3) ContentPage.Button.Click.
When you work with master pages and content pages, both can use the same events (such as Page_Load).Be sure you know which events come before others. You are bringing two classes together to create a singlepage class, and a specific order is required. When an end user requests a content page in the browser, the event ordering is as follows:Master page child controls initialization: All server controls contained within the master page are first initialized.
Content page child controls initialization: All server controls contained in the content page are initialized.
Master page initialization: The master page itself is initialized.
Content page initialization: The content page is initialized.
Content page load: The content page is loaded (this is the Page_Load event followed by the Page_LoadComplete event).
Master page load: The master page is loaded (this is also the Page_Load event).
Master page child controls load: The server controls on the master page are loaded onto the page.
Content page child controls load: The server controls on the content page are loaded onto the page.
Anyway, I have some problem now, cause I have to set the value when button.click and get the value when another/same contentPage load. But….Ordering is…..Button.Click is fire the last. I have to search more in order to solve it.
msblog fingerprint tag.

As for the events in ASP.NET , they’re all serverside events which is part
of the ASP.NET serverside Page object Model. Generally when we hit a
control on the page at clientside, browser will first post back page , then
at serverside the request will go through a processing flow. So this is
very different from the concepts we got in winform application. Here are
some other tech articles which may help us get a clear view on these
concepts:

#The ASP.NET HTTP Runtime
http://msdn.microsoft.com/library/en…PNETHTTPRuntim
e.asp?frame=true

#The ASP.NET Page Object Model
http://msdn.microsoft.com/library/en…eobjectmodel.a
sp?frame=true

#Understanding ASP.NET View State
http://msdn.microsoft.com/library/de…us/dnaspp/html
/viewstate.asp

.NET Framework security .NET Framework security, .NET-Framework-security, content_page, events-asp.net, server_controls

 Well, I am one of the VB insiders, we are talking about a video. This video is a chatting video between 5 guys from difference team(VB, C#, C++, Channel 9 interviewer). They are going to answer you few question about the language future from their view when developing CLR/LINQ/VB/C#/C++. But the point we VB Insider discussing is, one of them, Brian Beckman has spoken that he likes C# because of the “Operator Overloading” support. That means he does not know that VB.NET(Or shorten called VB9 now) also has operator overloading support.
Another interesting issue I found afterward, I open up .NET Documentation, type the “operator overloading” keyword in Index Tab, I found a C# article(“Help me, I am overloaded”) on Operator Overloading and explain to you how to do so, why to do so(ms-help://MS.VSCC.v80/MS.MSDN.v80/MS.VSADD.v10.en/dncscol/html/csharp06212001.htm). But when I click in VB, it only shows you the “SAMPLE”(ms-help://MS.VSCC.v80/MS.MSDN.v80/MS.VisualStudio.v80.en/dv_vbcode/html/30202e10-8bdc-47dc-8fd1-f0ff9ffa0641.htm). Oh…god…no article in VB? How the VB beginner learn and understand it then? No wonder why he said the above comment.

http://channel9.msdn.com/ShowPost.aspx?PostID=273697#273697
Anders Hejlsberg, Herb Sutter, Erik Meijer, Brian Beckman: Software Composability and the Future of Languages
Posted by Charles // Mon, Jan 22, 2007 1:09 PM
.
How will imperative programming languages evolve to suit the needs of developers in the age of Concurrency and Composability? What role can programming languages play in enabling true composability? What are the implications of LINQ on the furture of managed (CLS-based) and unmanaged(C++) languages? How will our imperative languages (static) become more functional (dynamic) in nature while preserving their static “experience” for developers? Answers to these questions and much more are to be found in this interview with some of Microsoft’s leading language designers and programming thought leaders: Anders Hejlsberg, Technical Fellow and Chief Architect of C#, Herb Sutter, Architect in the C++ language design group, Erik Meijer, Architect in both VB.Net and C# language design. The above material is taken from the  kenlin .

Now according to my knowledge if you follow the following rules then i think you can solve your problem.

• Define operators on value types that are logical built-in language types.
• Provide operator-overloading methods only in the class in which the methods are defined. The C# compiler enforces this guideline.
• Use the names and signature conventions described in the CLS common language structure.
• . The C# compiler does this for you automatically.
• Use operator overloading in cases where it is immediately obvious what the result of the operation will be. For example, it makes sense to be able to subtract one Time value from another Time value and get a TimeSpan. However, it is not appropriate to use the or operator to create the union of two database queries, or to use shift to write to a stream.
• Overload operators in a symmetric manner. For example, if you overload the equality operator (==), you should also overload the not equal operator(!=).
• Provide alternate signatures. Most languages do not support operator overloading. For this reason, it is a CLS requirement for all types that overload operators to include a secondary method with an appropriate domain-specific name that provides the equivalent functionality. It is a Common Language Specification (CLS) requirement to provide this secondary method. The following example is CLS-compliant.

.NET Framework security, Computer security education, Microsoft security .NET Framework security, .NET-Framework-security, Computer-security-education, Learning, Microsoft security, Microsoft-security, Visual-Studio

Microsoft Expression Blend is Microsoft’s user interface design tool for creating rich graphical interfaces for web and desktop applications that blend the features of these two types of applications. Expression Blend is itself written using the .NET Framework 3.0 and Windows Presentation Foundation (WPF) [1]. Expression Blend is effectively an interactive, WYSIWYG front-end for designing XAML-based interfaces for WPF and Silverlight (Blend version 2.0 onwards).

Expression Blend was code-named Sparkle, and originally the product was announced as Microsoft Expression Interactive Designer, before it was renamed Expression Blend in December 2006.

kenlin comment  on microsoft expression blend as follow

Because of the Silverlight(new naming for WPF/E), you may need to create a lot of XML based graphic and its action/movement. Microsoft® Expression Blend™ is the professional design tool to create engaging web-connected experiences for Windows. So Microsoft is also announce that Free trial version of Expression Blend is ready to be download since 3rd May 2007. Please read the following,

Microsoft is pleased to present a trial version of Expression Blend. This fully functioning version will expire 60 days after installation.
Help us improve Expression Blend by reporting any technical issues. For more insight into Expression Blend, please see the Expression team blog.
For more information about the .NET Framework 3.0, see the .NET Framework 3.0 Development section of the Windows Software Development Kit. Please also refer to 3rd-party books that are good resources for learning WPF.
In order to edit code, if you do not have Microsoft® Visual Studio® 2005 installed, you will also need a free copy of a Visual Studio 2005 Express edition from the Visual Studio Express Web site (choose either the Visual Basic or C# edition).
Installation Instructions
Windows Vista:

Download and install Expression Blend.
Download and install Visual Studio 2005 Express (Visual Basic or C#).

Windows XP SP2:

Install .NET Framework 3.0 first before attempting to install Expression Blend.
Download and install Expression Blend.
Download and install Visual Studio 2005 Express (Visual Basic or C#).

msblog fingerprint tag

If you have been working in Silverlight, I’m sure you had to installed Microsoft Expression Blend to edit the XAML files. If you haven’t good luck and doing that by hand. Microsoft Expression Blend is the editor for the files that you were expected to find on Visual Studio 2008, you did not expect to run another program to do that task. In any case, after you installed Expression Blend, you’ll find a plug in into VS2008 to launch it by right clicking in any of your XAML files.

.NET Framework security, Microsoft security .NET Framework security, .NET-Framework-security, Microsoft-security, microsoft_expression_blend, microsoft_visual_studio, net_framework, silverlight, windows_software_development_kit

VB Team is trying to get the word out about a Live From Redmond webcast series the VB team has put together aimed at Orcas and VB 9. The series will start April 18th and will continue into June.

This series of Live Meeting presentations are designed specifically for the community by members of the Microsoft product teams. The presentations are all done by actual team members working on the specific technology, and are a great way to hear from and ask your questions directly to the product team.

Please consult the following to read more

http://blogs.msdn.com/vbteam/archive/2007/04/09/live-from-redmond-webcast-series-beth-massi.aspx
msblog fingerprint tag

.NET Framework security .NET Framework security, .NET-Framework-security, Microsoft security, msdn, vb_team, Visual-Studio, webcast_series