colin dellow's bln

Consider this a diary (but it's not daily), so perhaps a journal (but it's not regular), so maybe a record (but it's not permanent), so a palimpsest containing the thoughts and experiences of me, Colin Dellow.
Out-of-date notice 1: For summer 2008, check Nerds in Europe.
Out-of-date notice 2: For 2009 onwards, Jenn and I now blog at Nerds in Seattle.

Sunday, March 25, 2007

Cohen on Howard: Chapter 16

Chapter 16 covers securing RPC, ActiveX and DCOM code.
Cohen:

Chapter 16 tells us 50 variables to set to specific values in RPC and Kerberos code (why they don't set these by default I don't know, but expecting Microsoft to do what the authors advise is expecting too much)

It's unclear what Kerberos code Cohen is referring to -- perhaps the flag which specifies using Kerberos as the authentication method for RPC?

The chapter presents a number of useful flags when programming RPC code and details the trade-offs of each choice.

As well, the chapter presents information on disabling previously-released ActiveX code with security flaws.

// posted by Colin! @ 9:22 AM

ARCHIVES

• May 2004
• June 2004
• July 2004
• August 2004
• September 2004
• October 2004
• February 2005
• March 2005
• April 2005
• May 2005
• June 2005
• July 2005
• August 2005
• September 2005
• October 2005
• November 2005
• January 2006
• February 2006
• March 2006
• April 2006
• May 2006
• June 2006
• July 2006
• August 2006
• September 2006
• November 2006
• December 2006
• January 2007
• March 2007
• April 2007
• May 2007
• June 2007
• July 2007
• August 2007
• September 2007
• October 2007
• November 2007
• December 2007
• January 2008
• April 2008
• June 2008