Best Selling Author?

The minute I clicked “post” regarding my previous post, I knew it was a mistake – talking about the book I am co-authoring with a few other people (who most definitely are brighter than I am). Anyways, thanks to my dear friend Kumud for pointing me in the right direction and providing the inspiration by sending me the cartoon below. 🙂

I can just feel happy days ahead, if I can live up to all the pun… 😉

My Book

Well I suppose I can talk a little about it now – after all it seems like happening. For the last few months I and a few other colleagues of mine are writing a book on Indigo, now called WCF (Windows Communication Framework). I personally am quite fascinated by communication and all the challenges that brings to the table. The book is titled “Pro WCF: Practical Microsoft SOA Implementation” and will be released later this year. You can get more details on it here. As and when I get more time, look out for more details on Indigo from me here including details of the other authors – who I have nicknames as the Indigo Amigos. Feel free to drop me a note if you have any questions on Indigo and I’ll try my best to get back to you, however between fighting fires at work and trying to finish the chapters, I don’t have too much bandwidth left. 🙂

New Worm (BlackAngel.B) spreading via MSN Messenger

Interesting new worm based on the likes of the movies such as the ring or feardotcom spreading via MSN. It is quite dangerous as it disables many security and antivirus software running such as antivirus, firewalls and even Windows programs like the Task Manager and RegEdit. It is easy to recognize, as you will get the following instant message – which downloads a avi (only that is an exe), when you run that your system is infected and all your contacts on MSN will be send the same instant message.

– jaja look a that http://galeon.<blocked>verti2/fantasma.zip
– mira este video http://galeon.<blocked>verti2/fantasma.zip jaja

So, be on the lookout and please do not click on that link!

More information can be found here.

Vista's Address Space Layout Randomizer

Shipping with Vista Beta 2, there is a new security feature called Address Space Layout Randomization (a.k.a ASLR); other than being a mouthful, this helps defend against buffer overrun exploits. It does this by moving the entry points into the system dll’s around randomly in memory. Its all about odd, and there are 256 locations it can be loaded in, or in other words there is a 1/256 chance of getting the address correct. This will help make the attacks such as return-to-libc (which start with a buffer overflow) harder. This of course is not a replacement for writing poor code or fixing the actual overruns found, but it would certainly go a long way in reducing automated attacks that use this exploit.

There are some other new things that help make this more secure. VC++ features the new generation of /GS (which adds runtime buffer overflow detection) and /SafeSEH (which enables the OS to kill a process wherein a raised ex handler’s address does not match with a list in the PE’s header) switches. There is also function pointer obfuscation, especially handy for the long lived pointers, where the pointers are decoded just before it is needed.

While I think this certainly is a step in the right direction, it is of course not perfect and I said earlier it does not fix the problem of buggy code. It is important to point out the four areas this does not address – Information leaks, partial address overwrites, brute force and non-relocated executables (such as EXE’s). There are people working on these and there might be some solutions or workarounds that are implemented, but nevertheless this is all an interesting step. Not to mention, Windows finally also catches up on Linux features on this. 🙂

If you want more details check out the following:

Have I been ignoring your emails?

If you have send an email to my work email address within the last week and you have not heard from me, chances are I did not get that email. I am one of the lucky guinea pigs, whose mailbox has been moved to Exchange 12 (officially now called Exchange 2007) where we are using it in production. There seems to be an issue (which we are investigating), where Exchange is kicking back emails saying something along the lines of:

Returned mail: see transcript for details
The following recipient(s) could not be reached:
You do not have permission to send to this recipient.  For assistance, contact your system administrator.
< imbaspam-ss02.namdmz.dmzroot.net #5.7.1 SMTP; 550 5.7.1 spam access denied; ip xxx.xxx.xxx.xxx; see bl.spamcop.net>

If so, then you might want to resend that to me. On the other hand, if you send me an email to my personal account and have not heard, then I have just been ignoring you 😉

.NET 3.0 (and its new site)

You might have heard that Microsoft has “renamed” WinFX to .NET 3.0 and all the hoopla that created. So, effectively .NET 3.0 will be .NET 2.0 + WinFX. Hmm, given that WinFX is part of Vista (albeit some bits ported back for XP), what happens if I want to install it on Windows 2000, is that still supported? And so when the “real” new version of the CLR ships, would that be called .NET 4.0? Hmm…

This seems like déjà vu as its classic Microsoft screw-up with the naming convention (remember the COM+ and COM issue among many others). Do we ever learn?

In any case, there is a new website dedicated for this by Microsoft – check it out at http://www.netfx3.com/