Note: This blog post is written using the .NET framework 4.0 RC 1
Using Workflow Foundation 4 the NativeActivity is the powerhouse when it comes to building native activities. One of its many capabilities is around error handling. Every so often I run into one of these things where things don’t quite work the way I expect them to and this is one of these cases.
The basics of error handling when scheduling child activities.
Whenever a NativeActivity is executed it is passed an instance of the NativeActivityContext which it can use to schedule other activities using the ScheduleActivity() function. This ScheduleActivity() function has a few overloads, one of them using an FaultCallback. This FaultCallback is called when some kind of exception occurs while executing the child activity being scheduled. The fault handling function is called with a couple of parameters including a NativeActivityFaultContext and the exception that is unhandled. The NativeActivityFaultContext contains a HandleFault() function used to indicate that the fault was handled. Not quite as straightforward as a try/catch block but given the asynchronous nature of workflow that would not work.
So I expected the following activity to catch any exceptions and continue.
public sealed class MyActivity : NativeActivity
{
public Activity Body { get; set; }
protected override void Execute(NativeActivityContext context)
{
context.ScheduleActivity(Body, FaultHandler);
}
private void FaultHandler(NativeActivityFaultContext faultContext, Exception propagatedException, ActivityInstance propagatedFrom)
{
Console.WriteLine(propagatedException.Message);
faultContext.HandleFault();
}
}
Do not use, this code has a serious error!
Lets test this code by executing the following workflow:
private static Activity CreateWorkflow()
{
return new Sequence
{
Activities =
{
new WriteLine { Text = "Start outer sequence." },
new MyActivity
{
Body = new Sequence
{
Activities =
{
new WriteLine { Text = "Start inner sequence." },
new Throw { Exception = new InArgument<Exception>(ctx => new DivideByZeroException()) },
new WriteLine { Text = "End inner sequence." }
}
}
},
new WriteLine { Text = "End outer sequence." }
}
};
}
Given this workflow I would expect the following output:
However what really happens is something else as I receive the following output:
As we can see the second inner WriteLine still executes even though the exception is caught at a higher level!
This behavior reminds me of the infamous VB6 On Error Resume Next where an error would just be ignored and the next statement executed. Not really what I was expecting or want.
So the fix is easy. All that is needed is to explicitly cancel the child activity being executed using the CancelChild() function. Below the correct version of my NativeActivity.
public sealed class MyActivity : NativeActivity
{
public Activity Body { get; set; }
protected override void Execute(NativeActivityContext context)
{
context.ScheduleActivity(Body, FaultHandler);
}
private void FaultHandler(NativeActivityFaultContext faultContext, Exception propagatedException, ActivityInstance propagatedFrom)
{
Console.WriteLine(propagatedException.Message);
faultContext.HandleFault();
faultContext.CancelChild(propagatedFrom);
}
}
The correct fault handler
Enjoy!
www.TheProblemSolver.nl
Wiki.WindowsWorkflowFoundation.eu
Windows 7 RC users will get notification around Feb 15th that usage of the RC will come to an end.. Details here..
http://windowsteamblog.com/blogs/windows7/archive/2010/02/01/important-reminder-regarding-expiration-of-the-windows-7-rc.aspx
Users of Windows 2000 should also be aware that support is coming to a very definite end. Without security updates of any kind, it will be increasingly difficult to maintain any level of safety if the computer is connected to the Internet for any length of time.
 |
9 de febrero 2010
16 de febrero 2010
23 de febrero 2010
2 de marzo 2010 |
Durante los martes del mes de febrero (o sea desde hoy) vamos a dictar un ciclo de talleres orientados a desarrollar aplicaciones cliente que sean compatibles y exploten todas las ventajas de la plataforma Microsoft Windows 7®.
Para este fin vamos a basarnos en el "Windows 7 Training Kit For Developers" el cual pueden descargar aquí.
Pueden asistir de forma presencial en las instalaciones de Microsoft Bogotá, o pueden asistir de forma virtual. Para inscribirse y conocer los demás temas de logística, lo pueden hacer a través del portal de {Activa} Colombia, aquí.
Los espero!!!.
Ya esta disponible el RC1 de las diferentes ediciones de Visual Studio 2010, del .Net Framework 4.0 y TFS 2010.
Aunque inicialmente esta disponible para los suscriptores de MSDN, seguramente al finalizar la semana estará disponible para todos los usuarios. Más información la pueden conseguir en http://msdn.microsoft.com/en-us/vstudio/dd582936.aspx
Para los que ya tienen sus máquinas virtuales o infraestructura funcionando con el Beta 2, la ruta de actuallización a RC es posible. Les recomiendo que revisen el borrador de la guía: Team Foundation Server 2010 Beta 2 to RC Upgrade Guide. Una guía similar va a estar disponible para actualizar de Beta 2 a RTM y de RC a RTM.
Esta versión incluye mejorar muy amplías en temas de desempeño, especialmente de los editores de formularios de aplicaciones y uso de memoría entre otras. si quieren dar feedback sobre su experiencia con esta versión pueden contestar la encuesta disponible en https://mscuillume.smdisp.net/Collector/Survey.ashx?Name=VS2010-RC
Windows 2008 R2 proporciona un conjunto de funciones añadidas para el servidor llamadas características. Estas formaban parte de Windows 2008 con algunas nuevas en R2. De estas características se extraen las que son obligatorias para que ciertos roles funcionen, de las que añaden fiabilidad al servidor, como el clustering por ejemplo. Algunos sólo añaden estética, como Experiencia de Escritorio. Cuando planeamos nuestro servidor puede que necesitemos instalar algunas de ellas para lograr la configuración querida. En muchos casos no necesitaremos instalar características necesarias a un role. Las que son obligatorias normalmente se instalarán al instalar el propio role.
Para instalar una característica abrimos el Administrador del Servidor, y elegimos Características.
Pulsando en el enlace Agregar características obtendremos acceso al asistente:
Tabla de características:
| Característica | Descripción |
Administración de directivas de grupo
(Group Policy Management) | Instala el complemento MMC para administrar los objetos GP(GPO). |
Administrador de almacenamiento para redes SAN
(Storage Manager for Storage Area Networks) | Juego de herramientas para administración central de SANS sobre fibra o iSCSI. |
Administrador de recursos del sistema de Windows
(Windows System Resource Manager) | Proporciona control de administrador sobre cómo se asignan los recursos de CPU y memoria y ayuda a proporcionar fiabilidad a las aplicaciones. |
Asistencia Remota
(Remote Assitance) | Nos permite ver y compartir el control del escritorio de un usuario que necesita ayuda. |
| BranchCache | Ayuda a reducir el consumo de banda ancha de clientes ubicados en escenarios de sucursales de oficinas. Los clientes han de ser 2008 R2 o Windows 7. |
| .Net Framework 3.5.1 | Proporciona las API necesarias para que trabajen las aplicaciones. |
Copias de seguridad de Windows Server
(Windows Server Backup Features) | Herramientas de copia de seguridad y restauración de R2, para el sistema, aplicaciones y datos. |
Cifrado de unidad bitlocker
(Bitlocker Drive Encryption) | Cifrado de unidad en cado de perdida o robo. |
Cliente de impresión en Internet
(Internet Printing Client) | Protocolos necesarios para impresión en la red o internet. |
Cliente Telnet
(Telnet Client) | Conexiones Telnet a Servidores. |
Cliente TFTP
(TFTP Client) | Escritura/Lectura hacia un servidor TFTP remoto. |
Compresion diferencial remota
(Remote Differential Compression) | Permite el cálculo para reducir el ancho de banda necesario a utilizar para transferencia entre dos recursos de red. |
Consola de administración de Direct Access
(Direct Access Management Console) | Consola MMC usada para administrar y configurar acceso directo a clientes Windows 7 y 2008 R2. |
E/S de múltiples rutas
(Multipath I/O) | Junto con DSM(Módulo específico de dispositivo) proporciona compatibilidad con el uso de varias rutas de acceso a datos a dispositivos de almacenamiento. |
Equilibrio de carga de red
(Network Load Balancing) | Compatibilidad para TCP/IP para distribuir el tráfico de red mediante varios servidores. |
Experiencia de escritorio
(Desktop Experience) | Incluye componentes comunes de escritorio, media player, windows aero, etc… Aún si las características han sido instaladas deben habilitarse manualmente. |
Extensión IIS de WinRM
(Windows Remote Management IIS Extension) | Comunicación segura con sistemas remotos y locales mediante servicios web. |
Herramientas administración remota del servidor
(Remote Server Administration Tools) | Administración remota de roles y características desde nuestro servidor R2. |
Herramientas de migración de Windows Server
(Windows Server Migration Tools) | Instala los cmdlets de PowerShell para migración. |
Kit de administración Connection Manager
(Connection Manager Administration Kit) | Herramienta para creación de perfiles de Connection Manager para escenarios de VPN. |
Marco biométrico de Windows
(Windows Biometric Framework) | Servicios compatibles necesarios para dispositivos lectores de huellas dactilares usados en el inicio de sesión. |
| Message Queue Server | Entrega de mensajes garantizada entre aplicaciones. |
Monitor de puerto LPR
(LPR Port Monitor) | Permite la impresión en impresoras compartidas LPD, comúnmente usado por servicios UNIX. |
Protocolo de resolución de nombres de mismo nivel
(Peer Name Resolution Protocol) | Permite a las aplicaciones registrar y resolver nombres en el equipo para que otros equipos puedan comunicarse con éstas. |
Proxy RPC sobre HTTP
(RPC over HTTP Proxy) | Utilizado por aplicaciones con capacidad de reenvío de tráfico RPC sobre HTTP. El más común es Outlook sobre RPC. |
Servicio de transferencia inteligente en segundo plano
(Background Intelligence Transfer Service BITS) | Servicio de transferencia asíncrono de archivos. |
Servicio WAS
(Windows Process Activation Service) | Elimina la dependencia sobre Http para IIS, permitiendo a otras aplicaciones usar protocolos no-http. |
Servicio WLAN
(Wireless LAN Service) | Servicios y configuraciones necesarios, para trabajar adecuadamente en R2, de los adaptadores Wireless. |
Servicios de escritura con lápiz y a mano.
(Ink and Hardwritting Services) | Compatibilidad para servicios típicos de Tablets. |
Servicios simples TCP/IP
(Simple TCP/IP Services) | Proporciona compatibilidad con versiones anteriores y sólo ha de instalarse en caso necesario. |
Servicios SNMP
(SNMP Services) | Instala agentes para control de la actividad de red. |
Servicio de nombres de almacenamiento de Internet
(Internet Storage Name Server) | Servicios necesarios para detección y compatibilidad para redes de área de almacenamiento iSCSI. |
Servidor SMTP
(SMTP Server) | Compatibilidad básica con servicios de transferencia de correo electrónico para mensajes y sistemas de correo electrónico. |
Servidor Telnet
(Telnet Server) | Proporciona capacidades remotas administrativas de línea de comando para aplicaciones de cliente Telnet. |
Servidor WINS
(WINS Server) | Resolución de nombres NetBIOS para equipos y grupos de la red, usado como compatibilidad de versiones anteriores. |
Subsistema de aplicaciones UNIX
(Subsystem for UNIX-based applications) | Permite a R2 ejecutar programas basados en UNIX. |
Visor de XPS
(XPS Viewer) | Compatibilidad con documentos XPS: |
| Windows Audio Video Experiencie | Plataforma de red para aplicaciones de transmisión de audio y vídeo por secuencias en redes domésticas. |
| Windows Internal Database | Almacenamiento de datos sólo para roles y características de Windows como AD RMS y WSUS. |
| Windows PowerShell Integrated Scripting Environment | GUI que nos permite ejecutar comandos de PowerShell. También crear y probar scripts de PowerSHell. |
| Windows TIFF IFilter | Proporciona capacidad de reconocimiento òptico de caracteres. Específicamente para archivos TIFF 6.0, permitiendo además la indización y búsqueda de texto en dichos archivos. |
Hi folks,
Dave Goldman blogged how to change the OAB Generation process temp folder. However it only applies for Exchange Server 2007 SP2 and Exchange Server 2010.
By the way, if you are going to change that make sure that you specify the new location in your exclusion list of your AV.
Read more at source: http://blogs.msdn.com/dgoldman/archive/2010/02/06/how-to-change-the-temp-location-for-the-oab-generation-process-on-exchange-2007-sp2-and-exchange-2010.aspx
Cheers,
Anderson Patricio
http://msmvps.org/Blog/AndersonPatricio
http://www.andersonpatricio.org
Twitter: @apatricio
Technorati : OAB, change path, geration process
Del.icio.us : OAB, change path, geration process
Zooomr : OAB, change path, geration process
Flickr : OAB, change path, geration process
Hi folks,
The OCS Communicator team blogged about two free training for Live Meeting and OCS Communicator (Introduction). It's a high level training to introduce the basic features of both products.
Check them out:
Cheers,
Anderson Patricio
http://msmvps.org/Blog/AndersonPatricio
http://www.andersonpatricio.org
Twitter: @apatricio
The MVPS HOSTS file was recently updated [Feb-09-2010]
http://www.mvps.org/winhelp2002/hosts.htm
Download: hosts.zip (148 kb)
http://www.mvps.org/winhelp2002/hosts.zip
How To: Download and Extract the HOSTS file
http://www.mvps.org/winhelp2002/hosts2.htm
HOSTS File - Frequently Asked Questions
http://www.mvps.org/winhelp2002/hostsfaq.htm
Note: the "text" version makes a great resource for determining possible unwanted connections ...
http://www.mvps.org/winhelp2002/hosts.txt (599 kb)
La nouvelle version de Microsoft Office est désormais annoncée disponible pour le public en Juin 2010. Le développement touche à sa fin puisque la RC (Release Candidate) vient d’être finalisée.
Premier point, presque rassurant, l’interface n’est presque pas remaniée.
Le menu Office (que tous les débutants ne trouvaient pas) est remplacé par…un menu Fichier !!! Celui-ci, lance une nouvelle fenêtre, un menu plein écran, en quelque sorte… beaucoup plus intuitif !!
La grande nouveautés est le fait que Office existera pour PC mais aussi en version Web : si vous placez un document Office dans un dossier spécial sur Internet (SkyDrive),vous pouvez éditer celui ci directement via une version web de Excel, Word, PowerPoint, ou One Note. Ceci est aussi possible sur Firefox, Opera, et sur d’autres plateformes que Windows Mobile…
Le travail collaboratif est aussi mis en avant avec la possibilité de travailler à plusieurs sur un même document.
La fonction PowerPivot d’Excel va sublimer les possibilités d’analyse d’Excel, depuis des bases SQL, mais aussi des bases hétéroclites.
Outlook est remanié : le ruban y est présent, de nouvelles fonctions de réseau social, de travail collaboratif ainsi que de gestion des mails plus “intelligente et automatisée”.
PowerPoint est l’application mise en valeur, avec de nouvelles fonctionnalités de gestion multimédia (retouche et montage de vidéo) .
Les Microsoft TechDays sont une très bonne opportunité pour découvrir toutes ces nouveautés.
Laurent Gébeau – http://www.twitter.com/mtoo
Banning web users suspected of illegally downloading content from the internet could breach human rights legislation, says the Joint Select Committee on Human Rights.
According to the group of MPs and members of the House of Lords, the proposals set out in the Digital Economy Bill reference 'technical measures' which could be employed to block internet pirates' web connections.
However the committee said the technical measures had not been "sufficiently specified".
"The concern we have with this Bill is that it lacks detail," said Andrew Dismore MP and chair of the Committee.
http://www.networkworld.com/news/2010/020810-banning-illegal-file-sharers-could-breach.html
Even users running up-to-date anti-virus software still get infected with malware, according to stats from an online malware scanning service.
Nearly a third (25,000 out of 78,800) of computers with up-to-date anti-virus software were discovered to be infected with malicious code when users scanned their PC using SurfRight's HitmanPro 3 behavioural scan.
SurfRight's analysis is based on 107,435 users who put their PC through its scanner between 10 October and 4 December 2009. Around a quarter of these users (28,608) either had no scanner installed or were running security software that was out of date.
Surfers are much more likely to turn to SurfRight's software if they suspected their Windows PC was running slowly or might be infected with malware, so the figures from SurfRight's audit are bound to come out worse than those from the general web population.
http://www.theregister.co.uk/2010/02/08/security_scanner_shortcomings/
China officials have shut down Black Hawk Safety Net, the country's biggest hacker training Website, and arrested three people for making hacker tools available online.
China announced it has arrested three people in connection with operating a hacker training school that distributed malware and hacking tools to its members in online forums.
According to Xinhua, China ’s state-run newspaper, three people were arrested in connection with making the tools available online through a business known as Black Hawk Safety Net. Established in 2005, Black Hawk Safety Net is reportedly headquartered in Xuchang of the central Henan Province and has more than 180,000 members. Police reportedly uncovered the operation as part of an investigation into a cyber-attack in Macheng City in 2007.
The three suspects arrested in the case are charged with offering online hacker tools, a crime newly listed in the country's criminal law last year, the paper reported.
http://www.eweek.com/c/a/Security/China-Closes-Hacker-Training-School-Arrest-3-827095
N.Y. man claims Symantec didn't tell him before charging his card, as 2009 settlement required
A New York man has sued security software maker Symantec for automatically renewing his subscription to Norton Antivirus, alleging that the company did not notify him before charging $76 to his credit card.
The lawsuit comes seven months after the New York Attorney General's office fined Symantec $375,000 for the practice and ordered it to give notice before renewing any subscription.
According to the lawsuit filed Jan. 19 in a New York County court, Kenneth Elan of Port Washington, N.Y., purchased a copy of Norton Antivirus in 2007. Early in November 2009, Symantec told him that it had automatically renewed his license to the software for one year, and charged his credit card $76.03. Elan said he had not been notified prior to the charge hitting his card.
http://www.computerworld.com/s/article/9153118/Symantec_hit_with_class_action_lawsuit_over_auto_renewals
Same incident as last year: http://www.calendarofupdates.com/updates/index.php?showtopic=20325
Google will today announce some big changes to its social media strategy. It is believed these will include changes to Gmail that will allow users to post messages in a similar way to Twitter or Facebook.
That social media sites Facebook and Twitter have a huge potential for advertising in the future will not have gone unnoticed at Mountain View, CA.
Google recently announced that its only social success to date; YouTube, has started to make a profit. Google bought the already successful but loss making YouTube in 2006, and has steadily increased the amount of advertising on the site since.
Google has numerous products that have some form of social aspect to them. Reader, Calendar, Bookmarks and others all encourage sharing, there is a full social network site in Orkut, Google Profiles links in well with Wave the much maligned collaboration tool. Then let's not forget SideWiki which allows users to leave messages on any site via a browser add-on.
The problem that Google has had is that these products have been too disparate. There hasn't been a single combining element that has allowed all the best features to appear in one single interface in a way that could compete with Facebook. It sounds like Google is attempting to make up for lost time now.
http://www.bigmouthmedia.com/live/articles/google-to-use-gmail-to-challenge-facebook.asp/6751/
Google to add social-media tools to Gmail similar to facebook, Twitter
Proof-of-concept demonstrates ease at which mobile spyware can be created to pilfer text messages and email, eavesdrop, and track victim's physical location via smartphone's GPS
A researcher at the ShmooCon hacker conference yesterday demonstrated how BlackBerry applications can be used to expose sensitive information without the use of exploits.
Tyler Shields, senior researcher for Veracode's Research Lab, also released proof-of-concept source code for a spyware app he created and demonstrated at the hacker confab in Washington, D.C., that forces the victim's BlackBerry to hand over its contacts and messages. The app also can grab text messages, listen in on the victim, as well as track his physical location via the phone's GPS.
The spyware sits on the victim's smartphone, and an attacker can remotely use the app to dump the user's contact list, email inbox, and SMS message. It even keeps the attacker updated on new contacts the victim adds to his contact list. "This is a proof-of-concept to demonstrate how mobile spyware and applications for malicious behavior are trivial to write just by using the APIs of the mobile OS itself," Shields says.
http://www.darkreading.com/securityservices/security/app-security/showArticle.jhtml?articleID=222700260
An Adobe product manager has apologized for allowing a potentially serious bug in Flash Player to remain unfixed for more than 16 months.
The admission, by Emmy Huang, product manager for Flash, came a week after Apple CEO Steve Jobs lambasted Adobe engineers as "lazy" and said when Macs crash, "more often than not it’s because of Flash." Adobe CTO Kevin Lynch struck back, insisting that at Adobe, "we don't ship Flash with any known crash bugs."
The crash bug at issue in Huang's blog post published over the weekend was reported in September 2008, but it has yet to be excised from release versions of Flash. She said a beta version of Flash scheduled for official release later this year has fixed the problem.
Continued here: http://www.theregister.co.uk/2010/02/09/adobe_flash_crash_bug/
Flash Bug Report
As has been pointed out by the community, there is an existing crash bug that was reported by Matthew Dempsky in the Flash Player bugbase (JIRA FP-677) in September of 2008 that still exists in the release players. It is fixed in Flash Player 10.1 beta, and has been since we launched the beta in early November 2009.
I want to reiterate that it is our policy that crashes are serious "A" priority bugs, and it is a tenet of the Flash Player team that ActionScript developers should never be able to crash Flash Player. If a crash occurs, it is by definition a bug, and one that Adobe takes very seriously. When they happen, it can be the result of something going on purely within Flash Player, something in the browser, or even at the OS level. Depending on where an issue occurs we work to resolve the crash internally or with our partners.
So what happened here? We picked up the bug as a crasher when it was filed on September 22, 2008, and were able to reproduce it. Remember that Flash Player 10 shipped in October 2008, so when this bug was reported we were pretty much locked and loaded for launch. The mistake we made was marking this bug for "next" release, which is the soon to be released Flash Player 10.1, instead of marking it for the next Flash Player 10 security dot release. We should have kept in contact with the submitter and to let him know the progress, sorry we did not do that. Having that line of communication open would have allowed him to let us know directly that it was still an issue. I intend to follow up with the product manager (or Adobe rep) who worked on this issue to make sure it doesn't happen again. It slipped through the cracks, and it is not something we take lightly.
The team is actively reviewing all unresolved crash bugs in JIRA and will reach out to the submitter if we need their help. We have been updating JIRA bugs with status when we ship pre-release and release players with fixes, but will be focusing on scrubbing these more vigilantly so the community will be able to get status on their issues earlier. Again, FP-677 is fixed in Flash Player 10.1 beta on Adobe Labs and was made public in a regular bugbase scrub that happened yesterday.
http://blogs.adobe.com/emmy/archives/2010/02/flash_bug_repor.html
From Bruce at his "Schneier on Security":
At FSE 2010 this week, Dmitry Khovratovich and Ivica Nikolic presented a paper where they cryptanalyze ARX algorithms (algorithms that use only addition, rotation, and exclusive-OR operations): "Rotational Cryptanalysis of ARX." In the paper, they demonstrate their attack against Threefish. Their attack breaks 39 (out of 72) rounds of Threefish-256 with a complexity of 2252.4, 42 (out of 72) rounds of Threefish-512 with a complexity of 2507, and 43.5 (out of 80) rounds of Threefish-1024 with a complexity of 21014.5. (Yes, that's over 21000. Don't laugh; it really is a valid attack, even though it -- or any of these others -- will never be practical.)
This is excellent work, and represents the best attacks against Threefish to date. (I suspect that the attacks can be extended a few more rounds with some clever cryptanalytic tricks, but no further.) The security of full Threefish isn't at risk, of course; there's still plenty of security margin.
http://www.schneier.com/blog/archives/2010/02/new_attack_on_t.html
TD Bank's failure to detect fraudulent money transfers 'unacceptable,' official says
The theft of $378,000 from the town of Poughkeepsie, N.Y. is prompting questions about the responsibility of banks to protect customer accounts from online criminals.
In a statement last week , a town official revealed that thieves had broken into the town's TD Bank account and transferred $378,000 to accounts in the Ukraine.
The thefts took place over a two-day period in mid-January during which a total of nine attempts were made to steal money. In the end, four of the attempts were successful, resulting in the lost money.
The thefts were discovered by town officials one day after they occurred. So far, TD bank has managed to recover $95,000, with efforts still under way to try and recover the rest. The theft is being investigated by local police, the FBI and the U.S. Secret Service.
It was not clear how the thieves gained access to the town's bank account and there was no immediate response from Town Supervisor Patricia Meyers to a Computerworld request for comment.
http://www.networkworld.com/news/2010/020810-poughkeepsie-ny-slams-bank-for.html
If you're outside Moscone Center for this week's Macworld Expo, and someone hands you a "Lost iPhone" sticker, don't toss it away. It could help you track down your phone, should it ever go missing.
The stickers, from iHound Software, go on the back of the iPhone or the phone's case. They feature a unique ID number so that anyone who finds a misplaced phone can go to iHound's Website and punch in the nine-digit number along with a message to the phone's doubtlessly frantic owner.
"We believe most phones are lost, not stolen," Gary Moskoff, one of the founders of iHound Software told me Monday, as we talked about his company's mobile security offering.
Of course, to take advantage of that lost sticker, you've got to use the iHound app for the iPhone. But iHound has an Expo-timed special there too: for the month of February, the app--normally a $3 download--is available for free. (After the 10-day trial period, you'll still have to pay a recurring service charge, which Moskoff says costs less than $1 a month.)
http://www.networkworld.com/news/2010/020910-ihound-aims-to-help-you.html
A metals supply company in Michigan is suing its bank for poor security practices after a successful phishing attack against an employee allowed thieves to steal more than half a million dollars last year.
The lawsuit, filed by Experi-Metal Inc. (EMI), in Sterling Heights, Mich., charges that Dallas-based Comerica Bank effectively groomed its customers to become phishing victims by routinely sending them e-mail messages that asked recipients to click a link to update the bank's security technology. The company also alleges that Comerica's security protections for customers are not commercially reasonable, because the phishing scam routed around the bank's 2-factor authentication system.
According to a complaint EMI filed in December with a Michigan circuit court, for many years Comerica used "digital certificates" for authenticating online banking customers. Digital certificates are the browser-based counterparts to ATM cards, and many banks require customers to include the bank's cryptographically signed digital certificate in their browser before the bank's online system will allow users access. [...]
EMI's complaint is here (.pdf). Comerica's line-by-line response is available here (.pdf).
http://www.krebsonsecurity.com/2010/02/comerica-phish-foiled-2-factor-protection/
More Posts
Next page »