Browse Site by Tags

Showing related tags and posts across the entire site.
  • Security Alert - Vulnerability in Internet Information Services Could Allow Elevation of Privilege

    Two days ago, a new vulnerability was found in WebDav for IIS, although few have make a big deal out of it, personally I think the impact is 'quite' minimum or at least zero in my environment coz I got no WebDav at all :) LOL... anyway - here is the security advisory from Microsoft. To know more...
    Posted to Server: Microsoft-IIS/7.0\r\n (Weblog) by qbernard on Wed, May 20 2009
    Filed under: IIS News, Community Info, IIS Links, IIS FAQs
  • Token Kidnapping - Fixed

    A year ago... Cesar Cerrudo presented a serious vulnerability via evalvation of privilege involving the NetworkService or LocalService account specific to IIS worker process. Although Microsoft addressed this in April last year, but it was more towards workaround to get rid of the actual issue, and today...
    Posted to Server: Microsoft-IIS/7.0\r\n (Weblog) by qbernard on Tue, Apr 14 2009
    Filed under: IIS News, IIS KBs, IIS
  • Top 8 - Web 2.0 Security Threats

    Got this from a mailing list - the top 8 security threats in Web 2.0 applications. 1. Insufficient Authentication Controls 2. Cross Site Scripting (XSS) 3. Cross Site Request Forgery (CSRF) 4. Phishing 5. Information Leakage 6. Injection Flaws 7. Information Integrity 8. Insufficient Anti-automation...
    Posted to Server: Microsoft-IIS/7.0\r\n (Weblog) by qbernard on Wed, Feb 18 2009
    Filed under: IIS News, Community Info
  • IIS Insider - Zzz...

    Errr.... 2 yrs ago I told you I wrote the last ever IIS Insider column for MS!!! Chris Adam back then even put up a notice to inform everyone. Believe me, the URL is valid back then.... after MS site reorg, yeah! happen every quarter you know :) so it got 'integrated' with 'technet',...
    Posted to Server: Microsoft-IIS/7.0\r\n (Weblog) by qbernard on Thu, Jan 22 2009
    Filed under: IIS News, IIS
  • IIS Insider - September 2006 Issue - Repost

    IIS Insider: September 2006 By Bernard Cheah, IIS Insider is a monthly column designed to answer your questions on how to troubleshoot and make the most of Microsoft Internet Information Services (IIS). The example companies, organizations, products, domain names, e-mail addresses, logos, people, places...
    Posted to Server: Microsoft-IIS/7.0\r\n (Weblog) by qbernard on Wed, Jan 21 2009
    Filed under: IIS News, IIS
  • Ping Ping Ping!!!

    Yo yo yo.. happy 2009. Oops! 2 weeks late.. wtf Good news - Alive and kicking!!! !@$!#@%#@% Bad news - Freaking busy with work and life It is getting tougher with the current economy climate... is it bottom yet ? or the market still sinking slowly ? No worries, I'm NOOB when it comes to investment...
    Posted to Server: Microsoft-IIS/7.0\r\n (Weblog) by qbernard on Tue, Jan 13 2009
    Filed under: IIS News, Personal
  • How to Detect, Identify and Defend against SQL Injection?

    SQL Injection has been around for many years :) and you probably get over 3 million results when you googled the term. so why is it so HOT now? Well, not so long ago some folks (don't ask me who!!, go read) were claiming that it was an IIS exploit, etc. Hence, all IIS web servers are subjected to...
    Posted to Server: Microsoft-IIS/7.0\r\n (Weblog) by qbernard on Wed, Jun 25 2008
    Filed under: IIS News, IIS Links, IIS
  • IIS KBs - May 2008

    Well, for last month we got zero new IIS KB articles, yet few are related to IIS in certain way. 941850 When you try to access files on a WebDAV site that uses only Digest authentication, the process may fail on a Windows Vista-based computer 942039 FIX: Visual Studio 2005 incorrectly creates a subfolder...
    Posted to Server: Microsoft-IIS/7.0\r\n (Weblog) by qbernard on Wed, Jun 11 2008
    Filed under: IIS News, IIS KBs
  • Improving Web Service Security: WCF

    The Microsoft Patterns & Practices team just published a beta copy of Improving Web Service Security for WCF or code name Indigo last week. This is another great playbook from the team that gives us many great guides and practices in using Microsoft technologies. If you are into Indigo, this is a...
    Posted to Server: Microsoft-IIS/7.0\r\n (Weblog) by qbernard on Wed, Jun 11 2008
    Filed under: IIS News, Community Info, IIS Links
  • IIS 7 Shared Hosting Summary

    Damn! I love this blog post from Thomas , and you can easily noticed that IIS team has put lot of effort in shared hosting environment, from shared to delegated configuration, and all the way to process model improvements. The dynamicIdleThreshold for example is a fantastic feature for shared hosting...
    Posted to Server: Microsoft-IIS/7.0\r\n (Weblog) by qbernard on Wed, May 14 2008
    Filed under: IIS News, Community Info, IIS Links
Page 1 of 22 (217 items) 1 2 3 4 5 Next > ... Last ยป