Okay, I have to come clean. I have to admit to this as it's been twinkling in my feeble brain for some time now. Now with the shutdown of the CLI_DEV (formerly the altnetconf mailing list) I may as well spill it. I am not Steve Ballmer. I am not Richard M. Stallman. I am not Scott Bellware. I am altnet pursefight. There. I said it. It's out. Let the chips fall where they may. How did this sad tale of hidden identity come to pass? The heathens of the original altnetconf mailing list were just bickering and acting too much like children. So...

****Just a forewarning that this is an interim step I took to move large messages. In my next post I will talk about streaming data via WCF which works a lot better for the scenario described here***** For one of my projects we are moving a large file to our service via WCF. By default WCF only allows small messages and arrays to be processed but in my case I am moving a 50-70Mb byte array around. There are a few things you will need to do to get large messages to move around. The first thing you will probably notice...

In my research on services to disable on my new Windows 2008 box, I stumbled across a hidden security feature added to Windows 2008.... per-service security identifier (SID). In previous operating systems if two services were running as "Local Service" then they could each access each others files. With per-service SIDs the services can still both run as "Local Service" but restrict access to their files/resources so that one another can not access them. This is because the OS is essentially creating its own identity for the service. This eliminates the administrative headache of creating a separate domain...

Well I just got my new Windows 2008 server setup and going. One of the key components to security has always been the approach of doing things in a minimal fashion. To that end one of the things I do is disable unnecessary services. Now Windows 2008 ships with fewer services that set to automatically start up than previous operating systems but seems to still have a lot of services setup to start manually that I will never need. For a server OS I think a lot of these things should be off by default and turned on...

One of the first things I do when I setup a new server is create a new administrator account and disable the original administrator account. This makes it much harder for an attacker to gain entry to your systems as now they have to guess both the account name AND the password. Now many people/sites recommend to rename the administrator account. While this does increase the complexity to get in the Administrators ID in the security database is fixed (I think in the NT 4.0 days the administrator always had an ID of 500). If I gain access to...

Thanks everyone for coming out to my security talk at the user group. I had a lot of fun doing a full fledged talk to the home town. As always if you have any questions feel free to shoot me an email. Materials: Injection Attacks And Cryptography As we did finish up a bit early I touched on partial trust out of a different demo. Materials: Partial Trust