Blog: General

In a News Press Release yesterday, Microsoft Corp. announced the release to manufacturing (RTM) of Windows 7 and Windows Server 2008 R2.  Windows 7 should be generally available to customers around the world in mid to late October, and Windows Server 2008 R2 should be generally available on or before October.  To learn more, visit http://www.microsoft.com/Presspass/press/2009/jul09/07-22Windows7RTMPR.mspx

We frequently use comments in Word documents as part of our information security audit process and I finally looked for a keyboard shortcut to insert a comment.  The shortcut is Ctrl+Alt+M.  However, the most useful thing I found when looking for this was a comprehensive Word 2007 keyboard shortcut list at http://www.keyxl.com/aaa367b/5/Microsoft-Word-keyboard-shortcuts.htm.  KeyXL.com has keyboard shortcuts for all types of Microsoft, Adobe, Google, and other applications.  It's definitely worth adding a bookmark for if you're a fan of using shortcuts.

CoNetrix is now on Twitter.  To follow us, visit http://twitter.com/CoNetrix

Twitter is a free social messaging utility for staying connected with others in "real-time".

Many years ago, PC makers came out with the “enhanced keyboard” and the control key got moved.  It used to be located to the left of the caps lock key, but for some reason that is still unknown, it got moved to way down below the left shift key, where you really have to cramp up your hand to reach it. The most popular solution to this is to switch the caps lock and the control keys.  I use a nice GUI program, KeyTweak http://webpages.charter.net/krumsick.  Since NT, Microsoft Windows has had a registry key that lets you remap your keyboard. This lets you remap just about every key by setting this registry key.  It is the most complete utility I could find.  It works with Windows NT/2000/XP/Vista/Win 7. Since this is a feature built into Windows, no kernel mode driver, service, or anything else needs to be running. You can edit the registry yourself, but this tool makes it really easy.  It has an option to show the registry entry and what all the bytes mean.

A blog entry on Wired published a good animated overview of how a "Buffer Overflow" attack works.  In light of the new "Conflicker worm" that is gaining attention, this blog does a good job of explaining in a short, simple, interactive way, how buffer overflow attacks work.

http://blog.wired.com/27bstroke6/2009/03/conficker-how-a.html

Computer Security Day (CSD) is a worldwide, annual security awareness event.  It started in 1988 to help raise awareness of security concerns and remind people to protect their computers.  CSD is officially November 30th; however, when November 30th falls on a weekend or Holiday, it is usually observed the next business day.  The theme of CSD for 2008 is "A Good Defense"

To learn more, visit the official CSD website at http://www.computersecurityday.org

 

I recently ran into a problem on one of our websites where users’ authentication was timing out before the amount of time I had set in the configuration.  I was using ASP.NET forms authentication with the timeout set to 30 minutes and sliding expiration set to true.  After some investigation this turned out to be a two part problem.

This first cause I found was that the sliding expiration functionality for forms authentication isn’t exactly intuitive.  When sliding expiration is turned on, each time a web page is requested, the user’s authentication cookie timeout is supposed to be updated to the expire in X minutes from the time of the page request.  However, even though you set a timeout of X minutes it is perfectly normal for a users authentication ticket to expire before that time limit due to the sliding expiration is implemented in the .NET framework.  From the MSDN .NET Framework Reference:

“If the SlidingExpiration attribute is true, the timeout attribute is a sliding value, expiring at the specified number of minutes after the time the last request was received. To prevent compromised performance, and to avoid multiple browser warnings for users that have cookie warnings turned on, the cookie is updated when more than half the specified time has elapsed. This might result in a loss of precision.”

Basically, if the timeout is set to 30 minutes then the expiration time of the authentication cookie is only updated if 15 minutes have passed when a request is made. [more] If a user signed in at 8:00 and requested a page at 8:14 you would think that their authentication would timeout 30 minutes after their last request at 8:44, but instead it would actually timeout at 8:30.  So if you want the timeout to for sure be at least a certain number of minutes you can increase the timeout to twice the desired time, or write your own code to refresh the cookie after each page request.

The second cause of the problem that I found was that the settings on the Application Pool in IIS was causing the ASP.NET worker process to be recycled after a number of minutes and shutdown after 20 of being idle.  I changed the worker process to recycle at a set time during off peak hours instead of after a number of minutes had passed. I also increased the number of idle minutes before the worker process would shutdown.  I included screen shots of the settings below.

 

Using a clipboard manager can really save time and make working on a computer easier.  I have been using a free open source application named Ditto.

Here are some of the key features:

• Easy to use interface
• Search and paste previous copy entries
• Keep multiple computer's clipboards in sync [more]
• Data is encrypted when sent over the network
• Accessed from tray icon or global hot key
• Select entry by double click, enter key or drag drop
• Paste into any window that excepts standard copy/paste entries
• Display thumbnail of copied images in list
• Full Unicode support (display foreign characters)
• UTF-8 support for language files (create language files in any language)
• Uses sqlite database (www.sqlite.org)

CoNetrix is pleased to announce the CoNetrix Identity Theft Prevention Program online solution is a candidate for the BankNews 2008 Innovative Solutions Award.

The Innovative Solutions Award, sponsored by BankNews, recognizes companies that have introduced or enhanced a product or service designed to help banks better serve their customers.  Entries are divided into four categories:

1. Architectural/Equipment Solutions
2. Consulting/Outsourcing/Training Solutions
3. Management Software Solutions
4. Online/Remote/Mobile Solutions

CoNetrix solution "Identity Theft Prevention Program" is listed under category 4 "Online/Remote/Mobile Solutions".

To vote now, go to  http://surveys.verticalresponse.com/a/show/180223/f7c379558a/0

To learn more about the Innovative Solutions Award, visit  http://www.banknews.com/