As promised, but fashionably late as always, here are the slides from this Saturday’s Mini Code Camp Security Edition.
I want to thank everyone that attended and the feedback has been great (no death treats so far)!
Membership.ppt (752 KB)
Security Best Practices.ppt (579 KB)
Check Duane’s blog at www.cyberspacesamurai.com for his slides.
See you at the next Code Camp!
In dealing with our teams of developers and engineers I find myself preaching some basic rules that make life easier for me when I try to deal with the legion of emails I get every day. I thought to document them and in doing so realized that they have a decidedly security slant to them (big surprise).
Here are some rules of etiquette that will allow you to survive my spam filter (outlook junk mail) and not get deleted for cause:
- Always put a subject on the message (the more specific the better). I am noticing a ton of no subject emails in my junk mail folder and I don’t scan the addresses before I delete them. Not putting in a subject is a technique used by spammers to make you view the message. For me and a growing number of people it backfires. Call it a pet peeve, but if you can’t be bothered to put a subject on a message then I can’t be bothered to read it.
- Never send an attachment unless I expect it (you told me in a previous message that you are sending it) or you explain what and why you are sending it in a way that lets me know that you had to have written it. Remember that anyone can send a message as you if they really want to do it.
- If you send me a link then tell me what is at the other end. There are many sites that lure you in and do something amusing. Why would you assume that they aren’t being used to infect or subvert your computer. There are many “drive-by” exploits that only need the page to be viewed from a vulnerable machine to do their work.
- If I know a password or other secret then you can refer to the password or secret, but avoid sending it in an email. It just isn’t a secure medium.
I could go on and on about all caps being like yelling, but that isn’t my intention. I had figured that everyone already knew about these and yet I still get these things sent to me times per day and often by very technical people.
Ted Neward just launched his new site at http://www.tedneward.com. Check it out, Ted is one of the most interesting and intelligent people I know. If you ever need to cross the .Net platform with Java then he is the guy to take a lesson from.
Microsoft has chimed in on the questions about ClickOnce security raised by Dominick Baier and basically is asserting that this is a non-issue.
I am not buying. I think that using the excuse that older technologies do something a certain way undermines the principle of secure by default.
What do you think?