This post isn’t going to deal with security directly, but rather with two command line tools that come with the .NET framework. The tools, WSDL.exe and XSD.exe, are used to easily create .NET wrapper classes to deal with web services and XML files, respectively. Both of these command line tools are installed alongside the .NET framework (on my machine, they’re located in C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin, although if you start the Visual Studio command prompt, they should be accessible via PATH entries anyway). The WSDL tool can quickly create a .NET class that can invoke remote web services given a WSDL service definition. A quick example of how to use the tool would be to open a command prompt and type:[…]
Author: Walt Turnes
The recent release of Acrobat 9.1 included a new feature that helps enable an organization to preserve records of validation information on signed documents. This new feature is called “Document Validation Information”, and using it is quite simple. (Note: this can only be performed in Acrobat 9.1 full, or Reader 9.1 using a Reader-Enabled document.) The digital signature must be validated in the currently open document, as this feature is only available for valid signatures. In an open PDF document, right-click the digital signature (either in the document, or from the signature panel), and the following context menu is shown: Click the Add Verification Information shortcut to embed the certificates and revocation objects used to validate the signature, and save[…]
I’ve downloaded (but not yet installed) the Windows 7 release candidate, and I’ve been perusing the security features they’ve added to the OS. Two things that have caught my eye are the new BitLocker to Go feature and AppLocker. BitLocker to Go adds the capability to encrypt a USB disk drive through the BitLocker interface, which will protect any sensitive data stored on the drive from falling into the wrong hands. (Of course, the data protection is only as strong as the password you use, so remember not to make it something easily figured out by someone who nabs your device.) Data loss via portable devices has always been problematic – this is a pretty common sense way to at[…]
Have you ever tried to open a digitally signed e-mail and been greeted with a message like this one: It doesn’t really tell you much about why Outlook doesn’t like the signature. In almost all cases, this type of error is shown because of a problem with the signer’s digital certificate. It can also occur if the message was tampered with, although this is a rare case. But, it would be nice to know for sure why the signature isn’t valid. Enter Simple CAPI, a free tool available from us nice folks at Gemini Security Solutions. This tool can help you figure out just what is going wrong with that certificate. Step 1: Locate the certificate in the CAPI stores[…]
The bug was disclosed on February 19th, and a patch was released on March 10th. That’s not really an impressive turnaround time, especially for a remote code execution vulnerability. Where Adobe’s patch release gets interesting, though, is the fact that the update is, as of today, still only available for version 9 of both Reader and Acrobat, and then only on Windows. A patch is forthcoming for versions 7 and 8, which are also affected by the same vulnerability, with Adobe claiming March 18th as a release date, as well as a stunningly far off release date of Marth 25th for Acrobat 9 on Unix.
Ok, so the actual article headline is “Obama pledges better cybersecurity, top advisor”. The article goes on to detail the plan as such: In the homeland security document, published on Thursday, the administration pledged to create a top cybersecurity position, harden the nation’s infrastructure, fund research and development of secure computing technologies, and work with the private sector to set standards from cybersecurity. The document also promised that the administration will work with industry to develop better defenses against cyber espionage, shut down the mechanisms through which online criminals profit from their crimes, and mandate better privacy and breach disclosures. (Emphasis Added) I’m not opposed to the government taking a more active role in securing the communications infrastructure, and I’m[…]