MVP Jubo Security Blog

CastleCops and Sunbelt Software are announcing a new anti-phishing community, the Phishing Incident Reporting and Termination (PIRT) Squad. This will be a community at CastleCops solely dedicated to taking down phishing sites. It’s the first public takedown community we know of, and we hope to start nailing these sites as quickly as possible.

More information at: Wiki CastleCops. See also: Phishing, Fraud and Dastardly Deeds and the Sunbelt Blog.

Do you think that when you switch from IE to another browser that you're more safe? That you need to turn off your firewall because a program will not work? That, if there's an antivirus program installed, when you buy a computer, that you're safe? Then you need to read Sandi Hardmeier's article I'm not pulling your leg, honest.

Sandi is a Microsoft MVP. She, and other MVPs, wrote more articles about Internet Explorer, which you can find at: Internet Explorer Community Columns.

Related Links:

• Internet Explorer Community
• Sandi's Site
• IE-Vista

A new Beta version of IE has been released. This build is for Windows XP Service Pack 2 and shows the current state of IE7. The new build is available at: http://www.microsoft.com/windows/ie/ie7/

You have to uninstall any previous versions of IE7. For instructions and more information see the IEBlog.

Two new features has been added to the Windows Live Safety Center: registry cleaner and spyware detection!

Not all programs removes all traces on your computer and leaves something behind in the Windows Registry when you uninstall. This could make your computer run slow. Another reason is that is has spyware, unwanted software files that can do things like collect personal information or change the configuration of your computer without your consent.

Two very good reasons to check your computer at the Windows Live Safety Center, which is a free service!

More information about this at Windows Live Safety Center Blog.
Please, have a look at this article first: Speed up your PC by cleaning your registry.
Go here for a Full Service Scan.

Microsoft has streamlined their process for receiving samples of malicious software or spyware.

Samples sent to the following addresses will be automatically processed into the Microsoft Antimalware Team queue:

• avsubmit@submit.microsoft.com (virus/worm/trojan/etc samples)
• windefend@submit.microsoft.com (spyware samples)

Note that these use @submit.microsoft.com now, rather than @microsoft.com.

One reason for the change is to move the mail server they use for sample submissions outside the corporate SPAM and virus filters. In the past they have had issues with sample submission e-mails getting filtered, particularly on the SPAM side.

These addresses replace the old submission addresses:

• avsubmit@microsoft.com (deprecated)
• malware@microsoft.com (deprecated)
• windefend@microsoft.com (deprecated)

As before, please use "False Positive" or "False Negative" in the mail subject line if possible to indicate the type of submission, and use password of 'infected' on the submitted .zip or .rar file.

Didn't you wish you could send Microsoft a virus? Then here's your chance... ;-)

On March 14th, Microsoft released a few security updates. The affected software is Windows and Office.

To update your computer, go to the Microsoft Update website and for Office at the Office Update site.

• MS06-011 Important Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)
• MS06-012 Critical Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)

More (technical) information: Microsoft Security Bulletin Summary for March, 2006.
An end-user version can be found at: Windows Security Home.

See TechNet Security Center provides links to technical bulletins, advisories, updates, tools.


Other steps you can take to help protect your computer

• Make sure you have a firewall, and antivirus and antispyware programs
• Scan and clean your computer to remove malicious software

Day Two started with a visit to the Microsoft booth to meet some of the other MVPs and Community members. Time was short because the first session started at 9:00AM. I met the speaker for the first time at the Opening Keynote: Rafal Lukawiecki. He not only speaks with his mouth but with his entire body! He keeps your attention and never has a dull moment. If you haven't seen and/or heard him before, watch a video at the Microsoft IT's Showtime! site. Wonderful speaker and great topics. The theme for this session was: "SQL 2005 Security for database developers" and topics like: the Authorization Model, Security through Encapsulation, User Scheme Separation, search input string for dangerous characters, Code Signing, Data Protection and Encryption.


Before you knew it, his time was over and it was time for a break. So we hot-footed over to the Microsoft booth to see how things were going there. The breaks between the sessions were only 15 minutes. You needed that time to get from one session to the other. But people always found time to walk to the Microsoft booth. After a cup of coffee and taking some pictures it was time to walk over to the next session.

Next session was the 2nd part of Gijs de Jong's "Windows Communication Foundation - part 2" and today it was about: "Building secure, reliable en and transacted services"
Topics included were: WCF Security, Security Requirements - Transfer Security, Access Control and Auditing. The X509 (Message) Security. More about Challenges of Implementing Reliable Distributed Systems, Queued Messaging. About Transaction - transactions ensures Consistency, Atomic vs. Compensating, WCF Transaction Scenarios and WCF Transaction Infrastructure.

Well, who said: "Time Flies When You're Having Fun"? Suddenly it was time for lunch! Of course, first we had to go back to the Microsoft booth.

Even though a lot of people went to the lunch sessions there were always some who found the time to visit the Microsoft booth.

Just when you think you get withdrawal symptoms, there's another session! The lunch session was fun. I chose the "Microsoft Office '12' Preview" by Hans Verbeeck, Technical Advisor within the Microsoft EMEA Developer Platform Group. The first slide he showed the audience was the interface of Word version 1. It seems years and years ago when you used Word 1. It didn't have as many buttons as in the current version or even in the Office 12 Preview. Just imagine, it was easy to save this program onto a floppy. Nowadays you need a DVD!
Hans gave us a preview of the next Office 12. He used the internal technical Beta version, which I hope to install on my test machine pretty soon too. I really do like the current Beta. How it feels and how it looks. Lots of new things. Especially the file format too. It will be XML from now on! For our Dutch speaking viewers, see this web site for more information: Welkom bij de Beta Experience.

No time get coffee so we had to walk over to the next session, which was "BizTalk Server 2006: Getting better all the time" by Mat Joe (Microsoft Solutions Architect MVP) and Sander Schutten (Solution Developer) both working for Avanade. Mat from Seattle, USA and Sander from Holland.

A Snickers bar and a glass of orange juice boosted my energy level for the final session of these DevDays 2006. It was time for: "Windows SharePoint Services v3", by Jan Tielens and works for U2U. I forgot to take notes... how can one forget?!? But a good thing Jan put it on the 'Net so we reinforce the material we learned in this session:

WSS Architecture:

• Foundation of WSS v3
• ASP.NET 2.0 and .NET 2.0 integration
• Differences between WSS v2 en v3

WSS Storage:

• New features in SharePoint Lists and Document Libraries (recycle bin, versioning, security, content types, folders etc)
• Integration with Microsoft Office ‘12'
• RSS feeds
• Integration with Windows Workflow Foundation

WSS Customization:

• Master Pages in WSS
• Features framework

WSS Development:

• ASP.NET 2.0 web parts
• Event handling framework
• New features in the object model

This was really a very interesting session. I'll probably going to install it on my test machine and play with it.


Credits:
Thanks to Gerard Verbrugge, International MVP Lead, and Microsoft who made it possible for me to attend this conference. And for both shirts or course...;-)
Special thanks to Devra R. Jacobson for her most valuable comments on these DevDays 2006 articles.

Last but not least a big "Thank You" to the ladies who showed up at the end of both days with the Bitterballen! Yes, you've got to be Dutch to understand that...;-)

The Dutch DevDays 2006 were held at RAI Convention Center in Amsterdam. The location was only a thirty minute train ride for me.

I would like to thank Gerard Verbrugge, the Dutch MVP Lead, who made sure we were dressed proparly: long sleeved blue t-shirt and short sleeved white polo shirt...;-)

Two very interesting days; heard and saw many new things. I chose sessions that would interest me and that I could use in my job.

The Opening Keynote was by Rafal Lukawiecki, Consultant and Director of Project Botticelli Ltd, Tony Krijnen who works as Technology Advisor at Microsoft gave us a peek Windows version: Vista. And last but not least Scott Guthrie, General Manager of the Client & Web Platform and Tools Team.

My first session, after the keynote, was "Building Office applications with Visual Studio 2005 and Visual Studio Tools for Office" by Ernst Peter Tamminga, Managing consultant bij XCESS.
This session was about VS Tools for Office. What VSTO is and does, what the new features are and the possiblities of VSTO2005. What you can do with Word in VSTO, "Controls" directly in a document and that you don't need VBA code anymore.
More about "Smart Documents" and "Smart Tags", XML documents and XML templates for Word documents.

Then it was time to get something to eat for lunch. One didn't have much time actually because the lunch session started at 12:30PM. I chose to attend the "Building applications with Infragistics NetAdvantage 2005" by Jason Beres, Chief Technical Evangelist for Infragistics and Visual Basic .NET MVP.
Jason talked about:

• NetAdvantage
• JSuite
• TestAdvantage
• Training/Monitoring

About the future:

• Avalon - Rich Interactive User Interfaces
• CSOM = AJAX

If you think you could catch a breath, then think twice. There were three more sessions on my agenda. The afternoon started with: "Windows Presentation Foundation - part 1", by Erno de Weerd, Trainer/Consultant at Info Support. Check his blog.
Windows Presentation Foundation aka "Avalon" and Erno told us how it was: WinForms, GDI, GDI+, DirectShow, DirectX etc. and how it will be in the future: Direct3D, Windows Media Foundation and Windows Presentation Foundation.

This was followed by "Windows Communication Foundation - part 1", by Gijs de Jong who is Principal Consultant at Microsoft Services. Part II will be on the 2nd day.

The last session for me was: "SQL Server 2005 Business Inteligence" by Marcel Westra, a Product Specialist Database at Microsoft. He's also one of the founders of SQL User Group SQLpass Nederland.
Marcel gave us a presentation about the Extraction, Transformation and Loading tool, the SQL Server Integration Services, Reporting Service 2005 and the Report Builder Client.


The DotNetNuke MVPs talking to visitors.
Oops... if I look closely then I see that they are talking to two of my favorite co-workers: Ernst Wolf and Jan Hoek van Dijke on the right.