I'll be giving a lightning talk at the Roots Conference Bergen 2011 tomorrow. I'm excited, I've given quite a few talks but never a lightning talk. It's always fun to take on new challenges!
It'll be interesting to attend the rest of the program as well. If you haven't registered already, you're out of luck. The conference is sold out. Better luck next year! :)
Software security blog by André N. Klingsheim, who's learning to love .NET and Microsoft servers.
Disclaimer
Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).
May 22, 2011
May 17, 2011
Serving pac files from IIS
IIS refuses to serve static files that cannot be mapped to a particular MIME type. Since I'm a Windows n00b I spent some time figuring this out for myself. Here's what happened, and how to deal with it.
I tried to serve a proxy.pac file from the IIS on my localhost (IIS 7.5/Windows 7), to test some changes to a proxy auto-configuration script. IIS gave me a 404 error instead of serving the file. After fiddling about with various security settings for quite some time, I was eventually able to figure out the problem. If IIS lacks a configured MIME type for a file then it will refuse to serve it — returning a 404 error instead. I suspected MIME types could have something to do with it after I found out that IIS happily served the file as a regular text file if the file was named proxy.txt. As always with Microsoft, when you've successfully pinpointed the problem yourself, you're finally able to launch a Google search that reveals something useful...
I tried to serve a proxy.pac file from the IIS on my localhost (IIS 7.5/Windows 7), to test some changes to a proxy auto-configuration script. IIS gave me a 404 error instead of serving the file. After fiddling about with various security settings for quite some time, I was eventually able to figure out the problem. If IIS lacks a configured MIME type for a file then it will refuse to serve it — returning a 404 error instead. I suspected MIME types could have something to do with it after I found out that IIS happily served the file as a regular text file if the file was named proxy.txt. As always with Microsoft, when you've successfully pinpointed the problem yourself, you're finally able to launch a Google search that reveals something useful...
May 16, 2011
Enabling IIS log files on Windows 7
I'm baffled. IIS 7.5 does not log to files by default, you have to enable the feature manually. In the settings it's called "HTTP logging", here's how to enable it:
If you can't find IIS log files in C:\inetpub\logs you should open your IIS Manager and check if the logging option is present in the IIS menu section (top right in the screenshot).
If you can't find the Logging option, go to: Control Panel\Programs -> Turn Windows Features on or off to enable IIS logging.
If you can't find IIS log files in C:\inetpub\logs you should open your IIS Manager and check if the logging option is present in the IIS menu section (top right in the screenshot).
If you can't find the Logging option, go to: Control Panel\Programs -> Turn Windows Features on or off to enable IIS logging.
May 2, 2011
Talk on online banking trojans today!
I'll be giving a talk today at a member meeting for The Norwegian computer society, The Norwegian information security forum, and the ISACA Norway chapter in Bergen, Norway. The talk will be given in Norwegian. Hope to see you there!
The talk is titled: Online banking Trojans — Recent developments and countermeasures
The talk is titled: Online banking Trojans — Recent developments and countermeasures
Labels:
Talks
Subscribe to:
Posts (Atom)
Copyright notice
© André N. Klingsheim and www.dotnetnoob.com, 2009-2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.
Read other popular posts
-
Visual Studio Online looks pretty cool so I’ve decided that I'll use it for the next NWebsec release. The project setup was relatively...
-
I just ran into a weird problem while creating a bootable USB-stick, it was impossible to do a full copy of the files from an .iso. I tried...
-
Security headers in an HTTP response There are many things to consider when securing a web application but a definite "quick win...
-
Microsoft's widely used e-mail service Hotmail was recently overhauled and rebranded Outlook.com. One of the less known services they pr...
-
I guess it was long overdue for me to follow up on my Hardening Windows Server 2003 SSL/TLS configuration and Windows server 2003 vs 20...
-
The release of Firesheep a week ago brought a lot of attention to a problem that has been known for many, many years: cookies sent over both...
-
Though Windows Server 2003 has been around for a while, we'll still see them around the Internet for many years to come. Despite their u...
-
Just a quick note on an error I often run into when I'm working on my Azure applications. I usually create Azure packages and upload the...
-
I just discovered that Facebook reveal to search engines the users who "Like" a page , regardless of their privacy settings. Try a...
-
OWASP recently released their Top Ten 2013 list of web application vulnerabilities. If you compare the list to the 2010 version you’ll see t...