Community developer blogs

Barry Dorrans

Recent Posts

• Vista Squad: OWASP Top 10 Security Vulnerabilities Video

  Posted: 20 Jun 2009 at 08:02 by Barry Dorrans

  I gave my OSWAP presentation to Vista Squad last Wednesday, where Ian Smith kindly (?) videoed it. The other speaker for that evening dropped out, meaning the poor attendees had just me to listen to as I stretched it out to about 100 minutes. The length meant that the video is in two halves. Part 1 from Vista Squad on Vimeo. Part 2 from Vista Squad on Vimeo. The presentation is the same one I gave at WebDD so the slides and code are the same.

• Fancy a free 3 month trail of TechNet?

  Posted: 03 Jun 2009 at 07:20 by Barry Dorrans

  OK so it’s not MSDN, but TechNet gives you full versions of MS software, betas, bundled support incidents, a reference library, courses and other gubbins IT pros will love. It costs though. Well, it did. MS are now giving away a 3 month subscription for free to folks in the UK, Canada and the US. Yes, I’m as shocked that it’s a UK thing as you are. ArsTechnica has all the details. Technorati Tags: TechNet,Microsoft,Freebie

• Fun with Bing DNS

  Posted: 01 Jun 2009 at 07:47 by Barry Dorrans

  It appears bing is live. I’m not that impressed as a vanity search has my blog on the second page, twitter as the first hit, and a bunch of very old content on other sites taking up the rest of the first page. However it appears Microsoft are using a wildcard DNS entry for the site – what does this mean? Well anything.bing.com will resolve, including chandler.bing.com and monica.bing.com … could that be any more silly? (although interestingly subdomains revert to using Live Search.

• A week’s worth of Microsoft desserts.

  Posted: 11 May 2009 at 11:51 by Barry Dorrans

  I’m at Microsoft doing a Proof of Concept with Geneva, building a custom STS for a Microsoft customer. I can’t talk about the POC but I can present you with yet another week’s worth of desserts… Eton Mess Brandy snap basket with summer fruits Banoffee cheesecake Fruit kebabs with coconut rice pudding Fresh fruit vacharins   That’s far more important than discussing CardSpace. Now excuse me while I take my afternoon snooze … Technorati Tags: Microsoft

• The ID Element – a new C9 show on identity

  Posted: 20 Apr 2009 at 11:43 by Barry Dorrans

  Vittorio has a new starring role in a shampoo and conditioner commercial Channel9 show, The ID Element. The first episode has Stuart Kwan, the Federated Identity PM talking about Geneva in all its glory, server, framework and client. I know, none of you aside from Dominick and Travis will care, but you should. Honestly. (because it’ll give me another presentation to do at DDDs if nothing else!) Technorati Tags: Geneva,Federated Identity,Big Hair

• LINQ and SQL Injection

  Posted: 20 Apr 2009 at 08:58 by Barry Dorrans

  In my WebDD09 talk on Saturday I mentioned SQL injection and LINQ. I’ve had a query about what exactly is the problem with LINQ as I was constrained by time and only mentioned it in passing. Microsoft asserts that LINQ stops SQL injection attacks: LINQ to SQL avoids such injection by using SqlParameter in queries. User input is turned into parameter values. This approach prevents malicious commands from being used from customer input. This is generally true, however LINQ has a problem method –

• Don’t Get Stung – An introduction to the OWASP Top Ten

  Posted: 18 Apr 2009 at 17:45 by Barry Dorrans

  After DDD Belfast came WebDD09 where I was presenting on the OWASP Top Ten Project (well I could hardly present at DDD Belfast, I was organising, that seems just a little too egotistical *grin*). You can download the PowerPoint [905kb] and the sample code [432k]. For the person who asked you can download Fritz Onion’s ViewState Decoder. For further reading on XSS Russ McRee republishes his Anatomy of an XSS attack article from the ISSA journal and NG Software have two PDFs, Advanced SQL Injectio

• Beginning ASP.NET Security is available for pre-order

  Posted: 14 Apr 2009 at 11:09 by Barry Dorrans

  Alex Mackey tweeted yesterday that his book was available for pre-order on Amazon so vanity got the best of me – so I checked and mine is available too. It grows ever more real and scary, although not as scary as the cover (which is now on its third iteration but I still can't convince them to use Oliver's alternative version) … Pre-order from Amazon UK Pre-order from Amazon US Technorati Tags: ASP.NET,Wrox,Vanity

• I know! Lets use a proven flawed network for a national identity card system

  Posted: 07 Apr 2009 at 07:26 by Barry Dorrans

  It’s been reported that Labour would like the proposed UK ID cards to plug into the Chip and Pin network. This is a commercial network that has security that has never been verified, and a bunch of folks at Cambridge reverse engineered and showed massive cryptographic flaws in it, such as reusing authentication tokens, overloading data semantics, and failing to ensure freshness of responses. This is the same network that a leaked report showed had higher instances of fraud associated with it tha

• DDD Belfast is over. And relax…

  Posted: 05 Apr 2009 at 20:13 by Barry Dorrans

  Well that was fun :) 150 people, 15 speakers, 3 organisers, 2 Microsoft folks and swag from Wrox, TechSmith, DevExpress, RedGate, Jetbrains and a special offer from Innerworkings for free ASP.NET MVC training. And then there was the Wrox lollipops… I have my pictures up on flickr; here is just a small sample. Obviously I’d like to thank all our speakers, our sponsors, the venue folks and of course Microsoft Ireland. And I’d like to thank our attendees, I hope you all got something out of it. Yo

• nxtgen comes to Manchester

  Posted: 01 Apr 2009 at 09:12 by Barry Dorrans

  Not content with the south we’re heading h’up north to Manchester, Cheadle to be exact (so your hubcaps may be safe). The group is being run by local developers Steve Robbins and Andy Wilkinson .  The group will have it's first meeting on 20th May 2009 between 7.00pm and 9.00pm in the  Pennine House, Carrs Road, Cheadle SK8 2BL. The headline speaker is to announced but the subject will be as topical and exciting as the other NxtGenUG events that are held monthly around the country.  There will

• WebDD '09 Registration is open

  Posted: 30 Mar 2009 at 09:41 by Barry Dorrans

  Couldn’t afford Mix? Didn’t like the idea of Vegas? Prefer the bright lights and stunning architecture of Reading, Berks, but want to see web content? Then WebDD on the 18th April is for you. Like all Developer Days it’s free, packed full of community speakers (including yours truly) Features include Get an independent view of Microsoft's new stuff Time with other web community types - it's run by the community for the community Choice of two tracks of technical content running throughout the

• I’m presenting at WebDD

  Posted: 26 Mar 2009 at 08:03 by Barry Dorrans

  The UK .NET Community’s favourite redheaded step child Phil Winstanley just emailed me to say I’ve been picked to talk at WebDD. I’ll be presenting “P0wn3d! (Or how to redirect your friend's website to katyperry.com)”. This takes the outings of my OWASP Top Ten Web Vulnerabilities talk to 4 outings over the next couple of months: WebDD09 18 April 2009 DDD Scotland 2 May 2009 VBug London 26 May 2009 Vista Squad London 17 June 2009 If you can’t make WebDD then you can always try to catch it some

• Workaround: Visual Studio contextual help brings up Silverlight help

  Posted: 16 Mar 2009 at 20:44 by Barry Dorrans

  Recent updates to Silverlight meant I had to install the latest Silverlight Tools for Visual Studio. This has had an annoying side affect – when you press F1 in Visual Studio on a keyword that exists in both Silverlight and the .NET framework and you are using local help the Silverlight topic is displayed. If your primary development target is not Silverlight this is a royal PITA and is acknowledged on the Silverlight SDK blog.. In order to fix this right click on the VS2008 icon and run as an a

• The BBC doesn’t understand the Computer Misuse Act

  Posted: 12 Mar 2009 at 12:48 by Barry Dorrans

  This morning Click, the BBC’s “magazine” programme about technology proudly announced it had created its own botnet. In a new twist on “allegedly” (an infamous phrase used to skirt libel laws on Have I Got News For You and other satirical programmes) Click believe they’re legal because If this exercise had been done with criminal intent it would be breaking the law. But our purpose was to demonstrate botnets' collective power when in the hands of criminals. Tosh. The Computer Misuse Act (199

• The book cover, second draft

  Posted: 10 Mar 2009 at 18:47 by Barry Dorrans

  I was emailed the second draft of the book cover today, which makes it scarily real. But not half as scary as what Oliver did with it. Ah the MVP community – we’re a tight bunch of nits … Technorati Tags: Wrox,Book Cover,Books,ASP.NET,Security,MVP

• Strong passwords and lastpass.com

  Posted: 08 Mar 2009 at 14:45 by Barry Dorrans

  How may of you practice what you preach? Run as a non-administrative user? Use separate, strong passwords for all your internet accounts? I’ve been guilty of doing neither – I blame Visual Studio for not being able to run as a limited account, but not using strong passwords and individual usernames has been done to laziness and a bad memory. lastpass.com to the rescue. lastpass is a browser plugin and web site that replaces the “Remember username and password” functionality of Firefox and IE, on

• Wow, that’s honest Dell … too honest

  Posted: 05 Mar 2009 at 12:12 by Barry Dorrans

  I have email alerts configured so when Dell add or update new drivers for my laptop it emails me. Not that I ever get the updates I want (video drivers please Dell). Instead I got this recommended update just now: So tell me, why would I install an update that adds “passive marketing” as it’s number 1 feature? Technorati Tags: Dell,Marketing,Too Much Honesty

• DDD Belfast registration is open

  Posted: 04 Mar 2009 at 09:07 by Barry Dorrans

  Ok so Scotland beat us to it by about 12 hours but we’ve pushed the agenda and DDD Belfast registration is now open! Remember it’s free – go sign up and prepare for a geek out Saturday … Technorati Tags: DDD Belfast,DDD,Techprechaun

• DDD Scotland registration is open

  Posted: 02 Mar 2009 at 20:23 by Barry Dorrans

  MacDDD registration is open and you can register for a place right now. Oh and yes, I will be presenting … Technorati Tags: DDD Scotland,MacDDD