Security: Google retracts its privacy clauses

by Stephen Horsfield 4. September 2008 09:26
Since yesterday, and my post about Google Chrome, Google has updated its terms and conditions and removed the clauses.  See my previous post here: Security: How much do you trust Google?. Privacy clauses Section 11 has been completed rewritten.  Note that this is the only change in the terms of service, even the date has not been changed: 11. Content license from you 11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. Looks a bit different to the previous clause.  Specifically, the following has be... [More]

Tags:

Business | IT Management | Security

Security: How much do you trust Google?

by Stephen Horsfield 3. September 2008 08:14
Google has just released a beta of its Google Chrome web browser.  Make sure you read the terms and conditions.  Have a look at the privacy clauses... [Note: Google has updated its terms and conditions.  Read my blog post here: Security: Google retracts its privacy clauses] Privacy clauses 11. Content license from you 11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive li... [More]

Tags:

Business | IT Management | Security

Security: Conducting a Security Review and why your designs should incorporate Defence-In-Depth?

by Stephen Horsfield 4. July 2008 11:55
I'm currently conducting a due-diligence review of a technical system.  The system is a classic distributed, two-tier system with data held centrally and business-logic delegated to an application tier.  I've been asked to perform a security analysis as part of my review.  I can't tell you anything about the project itself, for confidentiality (and security) reasons, but I thought I'd share some of the thought processes behind what I've been doing. Reviewing security The foremost rule of security assessment is to include the entire system.  Don't just look at technical aspects of security bu... [More]

Tags:

Business | Security | Software Development

EPiServer: Getting a PageData Object When You Do Not Have Access to the Page

by Stephen Horsfield 31. January 2008 08:53
UPDATED: 16-MAY-2008 Overview How can you get the PageData object for a page when the current user doesn't have access.  It took me a while to find out, but you can just read on... Context I have been implementing a redirect facility.  Only editors and administrators are allowed access to the page and everyone else is redirected according to a property on the page.  The ACL on the page does not give Read access to the Everyone group.  How can I get the property? Solution The easy solution is to use EPiServer 5.  Then you can use the GetPage method of the DataFactory class to get a page, ... [More]

Tags:

EPiServer | Security | Software Development

SQL Server: Viewing Database Permissions Using a Query

by Stephen Horsfield 17. January 2008 09:02
Overview Have you ever wondered how to view object permissions using a query? Simple example Try this on a database: select o.name, u.name, p.permission_name, p.state, p.state_desc   from sys.database_permissions p        inner join sys.all_objects o          on p.major_id = o.object_id        inner join sys.database_principals u          on p.grantee_principal_id = u.principal_id References sys.database_permissions (Microsoft TechNet) sys.database_principals (Microsoft TechNet) sys.all_objects (Microsoft TechNet) Versions Microsoft SQL Server 2005... [More]

Tags:

IT Management | Security | Software Development | SQL Server

Windows: Disabling Data Execution Prevention

by Stephen Horsfield 8. January 2008 15:10
Overview Sometimes, old code doesn't seem to work with the new Data Execution Prevention feature in Microsoft Windows.  It's easy to turn it off for non-system applications and services, but how do you do it for system components, and why would you? Warning: Data Execution Prevention is a security feature.  Disabling DEP reduces the security of your system. Context On our Microsoft Commerce Server 2002 system, running on Windows Server 2003, we were getting "COM Surrogate" errors, which relate to DEP errors with the dllhost.exe system program.  Adding it to the exception list didn't solve ... [More]

Tags:

Commerce Server | IT Management | Security | Windows Server

SQL Server: Malicious triggers

by Stephen Horsfield 4. January 2008 11:25
Overview What is a malicious trigger?  What can it do?  How can you protect yourself and your database server? Background I've been reading the Microsoft Press MCITP training book for the Microsoft 70-441 exam: Designing Database Solutions by Using Microsoft SQL Server 2005 and I came across an interesting comment about trigger security.  I'm describing it here, because it is quite easy for a malicious database developer to use against an unsuspecting DBA. You can find the book here: http://www.amazon.com/MCITP-Self-Paced-Training-Exam-70-441/dp/0735623422/ref=sr_1_1?ie=UTF8&s=books&... [More]

Tags:

SQL Server | IT Management | Security

Powered by BlogEngine.NET 1.5.0.7
Theme by Interakting

Interakting

A full service digital agency offering online strategy, design and usability, systems integration and online marketing services that deliver real business benefits and ensure your online objectives are met.

Calendar

<<  March 2010  >>
MoTuWeThFrSaSu
22232425262728
1234567
891011121314
15161718192021
22232425262728
2930311234

View posts in large calendar