Chris Blankenship's Ramblings

BecPoster Automated Spam Tool

chris — Fri, 10 Jul 2009 08:33:13 -1000

Recently I have noticed an increase in spam towards my blog. Looking at the BlogEngine discussion forums I found an entry that talked about an automated tool from BecPoster that automates the process of leaving comments on BlogEngine servers. I just had to see this for myself… So after looking over the details on the website it does indeed appear that a successful attack is being waged against our BlogEngine servers…

Looking at the website you can see there is little effort to conceal the intentions of the site owner. He has written a spamming tool and wants you to use it:

Looking inside the code with Reflector the attack steps are not too complicated:

this.WebBrowser1.Navigate(blogPart);
...
if (Strings.InStr(this.WebBrowser1.Document.Body.InnerHtml.ToString(), "ctl00_cphBody_CommentView1_txtName", 0) > 0)
{
  this.WebBrowser1.Document.GetElementById("ctl00_cphBody_CommentView1_txtName").SetAttribute("value", str4);
  this.WebBrowser1.Document.GetElementById("ctl00_cphBody_CommentView1_txtEmail").SetAttribute("value", str3);
  this.WebBrowser1.Document.GetElementById("ctl00_cphBody_CommentView1_txtWebsite").SetAttribute("value", text);
  this.WebBrowser1.Document.GetElementById("ctl00_cphBody_CommentView1_txtContent").SetAttribute("value", str2);
  this.WebBrowser1.Document.GetElementById("btnSaveAjax").InvokeMember("CLICK");
  ...
  if (this.chkVerifyLink.Checked)
  { ... }
...
}

It’s easy to see that this tool depends on locating the default elementID ctl00_cphBody_CommentView1_txtName. If it finds this element then the application populates the comment fields and submits the comment. Pretty clean and nifty.

It’s interesting to note that judging from the validation process the author of this application intends to sell this product to the world. In order to ensure his payment he has configured the application to phone home and validate that the application is registered correctly. This requires you to register for an account:

The key here is the Client ID value, which is actually information from your own computer. In the code you can see where the Client ID is generated from your MACAddress, VolumeSerial, and ProcessorID:

string str2 = this.GetMACAddress() + "-" + this.GetVolumeSerial("C") + "-" + this.GetProcessorId();
this.txtClientID.Text = str2;
string strText = client.DownloadString("http://www.becposter.com/query.asp?action=login&client_id=" + str2).ToString();
if (strText == "OK")
{
  ...
  this.updateLabel(ref lblLoginStatus, "Valid Client ID");
  ...
}
else
{
  this._isValidated = false;
  ...
}

Each function (GetMACAddress, GetVolumeSerial, and GetProcessorID) use WMI calls to get the necessary information:

ManagementObjectCollection instances = new ManagementClass("Win32_NetworkAdapterConfiguration").GetInstances();
string str2 = string.Empty;
foreach (ManagementObject obj2 in instances)
{
  if (str2.Equals(string.Empty))
  {
      if (Conversions.ToBoolean(obj2.get_Item("IPEnabled")))
      {
          str2 = obj2.get_Item("MacAddress").ToString();
      }
      obj2.Dispose();
  }
  str2 = str2.Replace(":", string.Empty);
}
return str2;

All of this is a crude way to ensure that you can only run this tool on the same computer and not share it across multiple computers… But overcoming this kind of verification would be trivial by simply hijacking the http call and returning an OK status to the application.

So how can BlogEngine owners defeat this crafty tool? The short answer is, we can’t. This particular attack can only be stopped by changing the way BlogEngine verifies the commentor is an actual person. In the mean time one way to prevent spam from appearing is to moderate comments on your blog.

Links for 2009-07-03 [del.icio.us]

Sat, 04 Jul 2009 00:00:00 PDT

http://www.sundaymorningrides.com/

Links for 2009-07-01 [del.icio.us]

Thu, 02 Jul 2009 00:00:00 PDT

Speedzilla RC51 Forum

Show us your balls

chris — Mon, 29 Jun 2009 18:03:31 -1000

Last week while driving home I had the pleasure of sitting behind a rather interesting truck. What was interesting about this truck were the wonderful balls that were hanging from the bumper:

I have seen this several times but this time I was able to snap a nice photo. On another occasion I noticed a car with the same wonderful setup, albeit a smaller pair of balls (I wonder if there is a particular meaning behind the difference).

Consider you are driving on the freeway during rush hour stuck in bumper to bumper traffic, staring at the balls of the truck in front of you (just try and not look, it’s almost impossible). In the back seat of your car is your kids looking at the same thing you are looking at, asking... “Daddy, what’s that hanging from the bumper of that truck?”...

While writing this article I started wondering, how does one go out and buy a pair of balls for your rig? Who knows, perhaps one day I might need to show the world my very own balls... One particular website, BullsBalls, touting ‘We are Considered The Foremost Truck Balls Company in the World!’ This site provides endless choices of style, size, and color. One special feature is the little balls key ring nuts. Imagine how cool you would be with a matching set of balls for your keys and your truck...

Seriously now folks, is this really necessary? If the drivers of these vehicles really wanted to impress me they would snap a photo of their own balls and stick that on their tailgate.

A $72K ride up Palomar

chris — Mon, 29 Jun 2009 17:33:49 -1000

A couple of days ago I was at a motorcycle event that featured several motorcycle vendors along with several hundred privately owned motorcycles. While perusing the Ducati tent I performed a double-take when I noticed what appeared to be a Desmosedici motorcycle. I couldn’t believe my eyes that here, in this somewhat small event, was such a magnificent machine. This piece of art costs a mere $72,500 and there were only 500 out of 1500 produced shipped to the United States. Even with the sky high price tag and only 500 units available the entire lot sold out in only five hours. To see one of these beauties on the street should be statistically impossible.

What was almost as astonishing to me was that this bike had an interesting sticker on the front fender that said “Palomar Mafia”. If you are unfamiliar with the Palomar Mafia then you wouldn’t know that this particular reference is to a group of fast moving riders who ‘own’ Palomar Mountain’s south grade. While talking to Balz with Moto Forza in Escondido I casually mentioned to him how I found it strange to find such an expensive bike being used as a mountain racer. I specifically asked, “Why would someone use a $80K bike to ride up and down Palomar?”, to which he replied, “Why not?”...

Well my friends, I would have to answer his question with the statement... “Because it’s a $72k motorcycle, and because there are only 500 in the entire United States!”. Couldn’t the owner be happy riding a Ducati 1098r for $33k, or a Ducati 1098s for only $21k? I’m not saying that a Desmosedici shouldn’t be ridden, I just think it’s silly to risk crashing out a spectacular bike in an uncontrolled environment like this silly hill.

To this whole business of riding a $70k motorcycle on Palomar Mountain... I’ll just say that the owner of this bike has more dollars than sense...

Links for 2009-06-26 [del.icio.us]

Sat, 27 Jun 2009 00:00:00 PDT

PartsFish
Look up parts for your bike

Hiding SSH Traffic in HTTPS Traffic

chris — Thu, 25 Jun 2009 18:57:43 -1000

Looking over the previously posted article about how Iran is filtering internet access got me thinking about SSH. This little protocol provides an all in one package for circumventing corporate policies by allowing you to tunnel almost any traffic through SSH. By tunneling your traffic you can effectively hide your nefarious behavior from your company, or in this case an unfriendly government.

This must have been obvious to the Iranian government because included in the Arbor Networks post was a diagram that showed SSH to be the most blocked protocol, at a whopping 84.05%:

But then I started wondering how accurate the SSH traffic blocking was due to the ability to configure a SSH server to listen on virtually any port you choose. Perhaps they have a way to filter the outgoing traffic regardless of the port used, maybe some sort of signature that could be detected.

So then I wondered how I would go about hiding SSH traffic, if the need ever came up. It occurred to me that perhaps SSH could be hidden in plain sight by selecting a common port that is allowed in almost every corporate environment: TCP/443 used by HTTPS traffic.

I could configure a SSH server to listen on TCP/443 and then configure my SSH client to connect over that port. Most companies allow HTTPS traffic to travel out of their internal networks, either directly from the client or more commonly through a forward (CERN) proxy server.

Sounds good in theory but I have to see it work before I am convinced. So I built a lab that consisted of a SSH server listening on TCP port 443, a stand-alone proxy server configured to allow only HTTP and HTTPS traffic to the internet, and then configured my SSH client, WinSCP, to connect to my SSH server over TCP/443.

There is one more special ingredient that is required to make this all work: the SSH client must support sending the request through a proxy server. Turns out that WinSCP supports proxy servers (and I suspect almost all other SSH clients too) so I was all set.

After getting all of the pieces together I made a connection attempt while watching the proxy logs and the network monitor. Turns out my hunch was correct. The SSH client was able to make a connection to the SSH server through a typical HTTPS proxy server. Here is what it looked like to anyone looking at a network capture:

You can clearly see that WinSCP sends a legitimate HTTP CONNECT to the proxy server which is accepted by the proxy server as if it’s normal HTTPS traffic. Following the CONNECT there is the usual SSL negotiation between WinSCP and the SSH server that is simply passed through the proxy server. After that all of the traffic is encapsulated in what appears to the proxy server as HTTPS traffic. RFC 2817 defines the HTTP CONNECT method and discusses the security implications of this mechanism.

Imagine being a firewall administrator tasked with preventing unknown traffic passing from your internal organization to an outside network. Forget about it! Perhaps the admin could look for character signatures like WinSCP or strange (strange for HTTPS traffic) encryption offerings like blowfish but good luck with that ~~moving target~~ filter.

So what’s the harm, really? Someone can’t really do that much damage by tunneling their web traffic through SSH, right? Well, actually you can do almost anything you want with SSH tunnels. For example…

Suppose you want to map a network drive from your work to your home computer? No problem. What about browsing the internet without having to follow the corporate policies? No problem. Finally, let’s just cut to the chase and tunnel everything through the SSH tunnel.

So by now you’re asking yourself… what can we do about it? Turns out the answer is very little. One option is to use something like forward proxy inspection that will inspect outbound traffic. With forward proxy inspection you are able to see inside the SSL tunnel by performing what I will call Forward Proxy SSL Bridging. Essentially the outbound SSL traffic is terminated at the proxy server, inspected, and then requested by the proxy server on behalf of the client. Forward Proxy SSL Bridging, however, is still pretty new and not usually built into proxy servers.

Unfortunately ISA 2004/2006 doesn’t include Forward Proxy SSL Bridging and relies on third party vendors to fill the void. One particular company called Collective Software produces a product called Clear Tunnel. In addition to Clear Tunnel, the next version of ISA, now called Threat Management Gateway, will include Forward Proxy SSL Bridging:

HTTPS-encrypted sessions can be inspected for malware or exploits. Specific groups of sites—such as banking sites—can be excluded from inspection for privacy reasons. Users of the TMG Firewall Client can be notified of the inspection.

So with the absence of SSL tunnel inspection there really isn’t any way to prevent someone determined to punch a hole through your proxy server using SSH. So in the end I would guess the ability to accurately identify how much SSH traffic was being blocked by the Iranian government is seriously low.

Don’t run Live Sync as a Service

Chris — Wed, 24 Jun 2009 11:12:38 -1000

For some time now I have been a huge fan of Windows Live Sync, formerly known as Foldershare. So much in fact that I have posted several entries on my blog about using the product. The primary way to use Live Sync is to install it onto two computers, run the service in an interactive mode (launches when you login) and then configure a folder to synchronize between the two computers. Whenever a file is edited on the first computer it automatically synchronizes the updated files over to the second computer.

There is, of course, another way to use Live Sync that really stretches the intended purpose of the product: running Live Sync as a service. The goal here is to have the service always running on a computer, even if the user isn’t logged into an interactive session. This is especially helpful on those servers that are headless or that you just don’t log into regularly. I use this solution on my web server as a backup mechanism.

For example, every night I run a backup script on my web server that calls NTBackup.exe, creating a BKF file into a backup folder. Live Sync is configured to synchronize the backup folder with my home computer which is running Live Sync. Every day another program called Mozy Backup sends the backup files to an online backup store where it remains available for an emergency recovery if needed. I have been using this process for some time now without really any problems.

Unfortunately times have changed and now it seems that I will need to look for another solution. The problem is that Live Sync currently has a bug that periodically causes the users credentials to become lost, requiring the user to re-enter the account information. While not a critical issue when running Live Sync from an interactive session, it’s catastrophic when running Live Sync as a service. I ran this issue up to the product group and received some additional information about the problem:

Generally once you sign in with "remember my password" checked, Live Sync uses the cached credential to auto sign you in the next time Sync starts. However, if Live Sync failed to connect to passport server to validate your credential within given timeout, it would ask you to sign in again.

When running Live Sync as a service you don’t see or get the chance to enter those credentials again and the server never re-connects to the Live Sync controllers. The service still runs but nothing is being synchronized and won’t until you log into the server, launch the Live Sync application and re-enter the credentials.

As of now there doesn’t seem to be any patch scheduled for release to correct this bug, meaning the product has become dysfunctional for my purposes. I would suspect many other people are in the same boat as I am and have been forced to look for alternative solutions.

In Microsoft’s defense, Live Sync wasn’t designed, and isn’t supported, to run as a service. So it’s not surprising that this issue doesn’t really register to the Live product group. Even so, it’s really frustrating to know the potential of a product and not be able to use it. In fact, I am confused why the product group wouldn’t want to design the product to run as a service. Seems logical to include this capability since there seems to be a significant number of people want to use it this way.

So if you are wanting to run a service based synchronization product perhaps you shouldn't be using Live Sync as a service and instead look for some other product that will fit your needs. For me, well I guess the hunt is on for folder synchronization via a service. If I find one and it works good I will be sure to share it with everyone.

Interesting look at Iran’s Network Filtering

chris — Tue, 23 Jun 2009 07:37:34 -1000

Arbor Networks has recently posted a couple of entries that illustrate the results of Iran’s ability to filter internet traffic. Without trying to get political I wanted to share some interesting graphs that tell their own story. Click on the graphs to go to the source articles that explain the details…

The first graph illustrates the network traffic stream before and after the Iranian election:

The state owned Data communication Company of Iran (or DCI) acts as the gateway for all Internet traffic entering or leaving the country. In normal times, DCI carries roughly 5 Gbps of traffic through 6 upstream regional and global Internet providers.
Arbor Networks – Iranian Traffic Engineering

Notice how the traffic stopped on June 13th?

The next graph shows normal web traffic (port 80) before and after the election:

…the next graph shows streaming video traffic (Adobe Flash) going into and out of Iran. Note the significant increase of video traffic immediately preceding the election (presumably reflecting high levels of Iranian interest in outside news sources). All video traffic immediately stops on the Saturday following the election and unlike the web, never returns to pre-election levels.
Arbor Networks – A Deeper Look at The Iranian Firewall

The information provided by Arbor Networks shines a bright light onto web traffic patterns that would have otherwise gone unnoticed. The question that keeps popping up in my head is… Why would Iran care to block internet traffic if the elections were truly legitimate.

Are your tires cupped?

chris — Mon, 22 Jun 2009 20:37:08 -1000

While on a ride this last weekend I commented to another rider how his front tires had started cupping. It was fairly obvious to see if you just looked at the tread. I was familiar with this issue as it’s happened several times to me in the past. The main problem with cupped tires is your handling starts to deteriorate and the traction starts to lessen.

I looked for some reference information on the web and came across the most amazing explanation of tire cupping. In Duane Ausherman’s web post, BMW Motorcycle tire cupping (scalloping) and wear, he fully explains what cupping is, what causes it, and even throws in some suggestions for preventing it in the future.

After sending the link to my friend I decided to re-print this information on my blog for redundancy and to help anyone looking for this information.

NOTE: This is not an attempt to rip off someone else’s work, as all credit goes to the original source.

BMW Motorcycle tire cupping (scalloping) and wear

Tire cupping, or scalloping, is usually considered a sign of some problem. The most blamed item is out of balance. Tire irregularities, loose steering head bearings, dings in the rim, and fork or frame alignment are also blamed. None of that is true by itself. This page applies to the front tire on solo bikes. Sidecar tires exhibit wear patterns, but nothing about a sidecar is symmetrical to start with and tread is harder for me to read.

This page is not about why the left side wears more in a country where we drive on the right hand side. You may real all about that aspect on this website.

Tire cupping is a sign of normal tire wear. Chris (Native) just up and did these fine drawings and emailed them to me. This is not the first time that he has fixed my poor art work. My thanks to Chris.This is supposed to be a side view of a typical front motorcycle tire under braking stresses. See how the breaks in the tread get bent back from the traction? The trailing edge at B collapses into the empty area that is between treads. That edge wears little because it isn't touching the road. Later on it shows up as a high spot.

The leading edge at A gets pulled back and wears off. This part of the tread block becomes a low spot.This view is supposed to be a straight on view of a front motorcycle tire under stress from hard cornering. The spot A, the outside of the tread block, collapses into the empty space and doesn't wear down. The part at B takes most of the wear and shows up as "rounded off" later on.

This wear is normal for braking and leaning. If you do little of either then the wear will be far less. The softer the tire compound the greater is the distortion from wear of this nature. Racing tires that are really soft and sticky get worn out in a few hundred miles. Super hard road touring tires, gently ridden, can last 15 k miles. A heavier bike ridden exactly the same as a light one will "cup" more. More tire pressure will allow a bit less cupping.

If two identical bikes were ridden by two different riders, they probably would have a different tire wear pattern. The one with more cupping would indicate that the rider actually rides the bike. That means that he/she rides harder.A poor example of front tire wear. Sorry, but I haven't seen a better example when I had my camera in hand.

Reading motorcycle front tire tread wear

With this knowledge one can "read" a tire. More accurately, one can learn how the rider brakes and corners. Leaning over will leave a high spot on the outside (away from the center line of the tire) of the tread. Braking will leave a high spot at the rear of the tread, viewed as it touches the ground. If one corners and brakes at the same time, the outside rear will have the high spot.

From examining the wear pattern one can learn that the rider likes to lean one way more than the other. The rider will also brake harder while leaning one way more than the other. Compare the right side and left side wear. The more worn, the more that the rider is comfortable in that lean. Look at the rear of the tread block and see which side is more worn. That is the side that the rider is more comfortable using the brakes. Almost no rider is symmetrical in riding habits. It is common to find braking wear on one side and cornering wear on the other side. The rider brakes before going into a right hand turn and then goes through. On left hand turns the rider is willing to apply brakes while in the turn. Many combinations are possible.

This cupping wear pattern description applies to every tread block on the tire. Sometimes one will find significant cupping and every third or forth block is worn far more than the others. This is evidence of a wheel that is out of balance. Irregularly worn blocks are typical of an out of balance wheel. Really loose wheel bearings could also add to this odd wear.

Next time that you are around some motorcycles, try "reading" the tire wear. Tell the rider which side is what and watch the surprised look at your pronouncement.

The rear tire wear

The rear tire has quite different stresses on it and they are always more subtle and therefore harder to read. The rear has both braking and acceleration stresses. The wear from leaning is far less. Since the front tire is on the same bike as the rear tire, I use the front for my "readings" of rider habits.

What can be done about it?

A tire with a harder rubber compound will allow the tread to stay more rigid. That will not permit as much cupping wear.
Consider a tread pattern that is more angular and not as straight or square.
Keep the inflation pressure up in the range that is specified by the manufacturer, or higher.
Don't corner as hard.
Don't brake as hard.

All of this is mostly useless, but fun at parties and such.

Electric motorcycles at the Isle of Man TT 2009

chris — Thu, 18 Jun 2009 12:08:05 -1000

This year there were thirteen electric motorcycles competing in the Isle of Man TT. An amazing video has been posted on YouTube that highlights these bikes.

At around 2:14 seconds you can hear the cool sound that is produced when an electric motorcycle flies past at 100+ miles an hour.

Beware of the KB910721 spam email

chris — Wed, 17 Jun 2009 05:45:50 -1000

This morning I received some spam in my inbox that was especially disturbing. It wasn’t your usual type of spam that helps increase or decrease things (wink wink)… This particular spam appeared to come from Microsoft and was quite convincing. Have a look:

What I find disturbing is how real this email appears. I would guess that an average person would look at this email and think that it actually came from Microsoft. Someone might be so inclined to search the internet to see if there really is an update for Outlook using the article ID KB910721 (there is such an article but it’s for Exchange and not Outlook).

How do I know it didn’t come from Microsoft? Well a couple of reasons… First, Microsoft never sends out attachments, rather they direct you to the Microsoft Updates for all patches. Second, if you look at the header of the email you can see evidence that it either originated or was forwarded through a mail server named turboconrad.planet-school.de:

I am pretty confident that Microsoft doesn’t relay their email through turboconrad.

It’s interesting to note that Outlook automatically stripped the attachment from the email, preventing me from opening the attached ’update’ even if I was fooled enough to believe the email. But what about the many other mail programs that don’t filter attachments? I wonder just how many people will be fooled by this email.

UPDATE: I uploaded the attached file to VirusTotal to confirm my suspicions that the attachment is a Trojan or Virus. As expected the report came back with several confirmed traces of Trojans. Needless to say, you do not want to be running this executable on your computer!

Links for 2009-06-16 [del.icio.us]

Wed, 17 Jun 2009 00:00:00 PDT

Speed Bleeders® to Change the Brake and Clutch Fluid
Good walk through on using Speed Bleeders to change fluids.

Links for 2009-06-15 [del.icio.us]

Tue, 16 Jun 2009 00:00:00 PDT

CSC - Custom Sportbike Concepts
RC51 aftermarket rims at a reasonable price
Harris Racing
Carbon Fiber Front Fenders Huggers

Following StackOverflow, ServerFault Is Released

chris — Mon, 15 Jun 2009 12:53:49 -1000

I have been an avid follower of Stack Overflow, which is a programming Q & A site that has a wealth of developer knowledge. This particular website has an exceptional interface that makes navigating and searching extremely easy and effective. Some members have said that once you start looking at Stack Overflow you are unable to quit. I would agree and find myself checking this site several times a day for anything interesting.

Now not being a developer I don’t have a particularly high reputation, but that’s okay because writing code is mostly a hobby for me. Here is a quick view of the interface:

I was ecstatic to find out that the creators of Stack Overflow have seen fit to start another Q & A site dedicated to IT Professionals and System Administrators. The name of the new site is Server Fault and looks like the following:

The beauty of this site is that all of the features found in Stack Overflow can be found in Server Fault. In fact, if you already have an account in Stack Overflow and sign up with Server Fault the system will recognize the existing account and migrate the account information over for you. So far I have just started looking at the 4000+ questions posted in Server Fault and have found several to be of interesting subjects.

Why not give both sites a look and see if you can get any benefit from the many thousands of registered users posting questions and answers about topics that you are probably working with today?

Limit what gets logged in IIS 7

chris — Thu, 11 Jun 2009 11:36:18 -1000

Back in February I wrote an article about limiting what gets logged in your IIS logs. The previous post was focused on IIS 6.0 and was primarily about editing the IIS metabase using the adsutil.exe command. Recently I upgraded to Windows 2008 and IIS 7.0 and quickly realized that the IIS 6.0 Metabase no longer existed. In fact, IIS 7.0 uses an XML file to store all configuration details. You can read more about the IIS 7.0 configuration on The Official Microsoft IIS Site, which is full of documents, articles, and training videos.

So I started looking around for the steps to perform the same level of configuration within IIS 7.0. I spent some considerable amount of time looking but couldn’t locate anything that really talked about limiting what gets logged. Finally I found an entry in the IIS forums where someone else asked about limiting logging.

It turns out that it’s pretty simple to add this command into a location tag within the %windir%\system32\inetsrv\config\applicationHost.config file. As an example I could stop logging calls to the image.axd file by including the following tags in the config file:

<location path="www.dscoduc.com/image.axd">
  <system.webServer>
    <httpLogging dontLog="true" />
  </system.webServer>
</location>

I could also stop logging javascript files by adding a location tag to the javascript folder where the javascript files are located:

<location path="www.dscoduc.com/js">
  <system.webServer>
    <httpLogging dontLog="true" />
  </system.webServer>
</location>

The end result is exactly as you would expect; specified locations would no longer appear as entries in the IIS log files. Up till now these changes were made in the applicationHost.config file and not in the web.config file for the respective web site. This sort of bothers me as I would prefer to keep each web site configuration settings in their respective web.config file for easier backup and restore. Doing so would help when copying a web site from one server to another.

So I placed the location tags in the web site web.config and checked to see if the behavior was the same; it wasn’t. I triple checked my work but nothing I could do would produce the expected results. Frustrated I contacted someone in the IIS product group and was given the explanation that made the confusion fade away: By default, the dontLog feature is locked in the applicationHost.config file.

Essentially this means that in able to add the dontLog feature in web.config files you have to first unlock the feature from the applicationHost.config file. Simple task really, by using the following command line syntax:

%windir%/system32/inetsrv/appcmd unlock config –section:system.webServer/httpLogging

Once the syntax has been executed you can now add the location tags in the web.config and see the expected results. One catch to worry about though is the path to the folders. The following paths are relevant when configuring the dontLog flag in the web.config file:

web.config = [application name/]folder

The path is resolved against the folder where the web.config file reside. We can’t use the ~ operator in this element. So in my previous examples the syntax would be a little different in the web.config file:

<location path="js">
  <system.webServer>
    <httpLogging dontLog="true" />
  </system.webServer>
</location>

Additionally, you can install the IIS 7.0 Administration Pack and then you will be able to use the IIS Configuration Editor for configuring locations. One last note is the IIS configuration system used the exact same concept as ASP.NET does, so you can refer to the ASP.NET Settings Schema of the location Element.

Leave the dog at home…

chris — Thu, 11 Jun 2009 05:49:55 -1000

I can’t say it often enough, dogs don’t belong in cars. Especially not in the front seat.

Seriously, driving with a cell phone will land you a ticket but having your dog in your lap while driving is okay? Apparently I don’t have a soul for feeling this way (according this this particular blog headline) but I’m pretty sure I will be just fine.

Now things are getting a little but more crazy when I see a dog on a motorcycle… Seriously, does anyone else think this is a hazard? Perhaps I am being a little harsh on the concept of operating a vehicle with a completely unpredictable animal between you and the steering wheel/handlebars…

Links for 2009-06-10 [del.icio.us]

Thu, 11 Jun 2009 00:00:00 PDT

1904 Photography
Palomar Mountain motorcycle pictures

Electric Motorcycles Are Coming

chris — Tue, 09 Jun 2009 09:24:34 -1000

Words cannot express how excited I am to see the advancement of electric motorcycles. I can’t wait to ride without hearing the engine, just smooth quiet bliss as you carve through the turns… Here is an illustrative design of what one might look like…

There is an excellent article on MotorcycleUSA.com that talks about the current state of electric motorcycles if you are interested…

The New ‘Dog ate my homework’ Excuse

chris — Tue, 09 Jun 2009 06:05:05 -1000

Reading Schneier on Security this morning directed me to a funny/interesting/disturbing website: Corrupted-Files.com. Looks like there is a new twist on the old excuse ‘The dog ate my homework’… Instead of trying to convince your teacher that you have completed the assignment but your dog ate the papers, you can simply download a corrupted document and send it on to your teacher… From the site:

We offer a wide array of corrupted Word files that are guaranteed not to open on a Mac or PC. A corrupted file is a file that contains scrambled and unrecoverable data due to hardware or software failure. Files may become corrupted when something goes wrong while a file is being saved e.g. the program saving the file might crash. Files may also become corrupted when being sent via email. The perfect excuse to buy you that extra time!

What will they think of next?

Links for 2009-06-08 [del.icio.us]

Tue, 09 Jun 2009 00:00:00 PDT

Blind Search
Compare search results from Yahoo, Google, and Bing
RC51 Motorcycle Forums
Forum dedicated to Honda RC51 bikes

ADFS and FIPS Security: No somos amigos

chris — Mon, 08 Jun 2009 12:01:35 -1000

While working on the ADFS solution described in my previous post today we came across an interesting situation. Our servers require the security configuration “Use FIPS compliant algorithms for encryption” which actually downgrades the security modules used from SHA1 to 3DES.

Once you have configured your server with this setting you will find that the ADFS SingleSignOn.dll will choke. This behavior is documented on Microsoft’s Technet Article 935449. Basically, the problem is the original ADFS DLL file which did not include support for 3DES encryption. This issue would manifest in the wonderful error message:

This implementation is not part of the Windows
Platform FIPS validated cryptographic algorithms.

I guess Microsoft doesn’t believe this issue will effect many users, as you are required to open a support case in order to request the updated DLL files that support 3DES. Fortunately I was able to request the hotfix for my customer and we were able to quickly move past this problem.

In any case, if you are in an environment that requires FIPS security and you want to configure ADFS then hopefully this article will help your troubleshooting efforts.