22 March 2010

As per the Rob Caron blog, Visual Studio 2010 and .NET Framework 4 will launch on Monday, 12 April 2010. The original launch date for Visual Studio 2010 and .NET Framework 4 was March 22.

09 March 2010

I was facing this issue since last few days and never realized that this is due to Skype program that I have recently installed. So looks like Skype try to use Port 80 on your machine and interfere with IIS server. Following are additional details on this issue:

IIS Manager Error: The process cannot access the file because it is being used by another process. (Exception from HRESULT: 0x80070020) - http://forums.iis.net/t/1086489.aspx

IIS: The process cannot access the file because it is being used by another process.

02 March 2010

Internet theft cases, spoofing, fishing are common these days. Most information security agencies like Computer Emergency Response Team (CERT), OWAPS SANS are taking action to stop these frauds. In order to secure the web application agencies have given idea to the bank and other financial corporations to use Secure Socket Layer (SSL) protocol, Transport Layer Security (TLS).
But if this is that much secure then why web applications are still having default protocol HTTP (port no. 80)?
This we can understand by this conversation:
Client: Hello!!
Client connects to TCP port 80 and wants this host
Here http tells webserver which host is requested with which configuration and what content shall be presented to the client
Webserver: Hi!! I have
Gives respective configuration and presents content at the client.
But in other hand SSH and other secure service like TLS behaves like they are possessed. They don’t even tell webserver which webserver is requested. SSH require any server IP address can have only on website hosted on it. It means when client connect to webserver through port number 443, it needs a signed certificates.
HTTP & HTTPS both are different in their behaviour. One wants to tell every things and other will tell when you will ask with some signed authorization i.e. certificate.

01 March 2010

Better to start with Information Security, we first know what is Information. Information is an asset that has value to the organization's business. In sort we can say asset which has some value to organization is called information. The information may be in any form of hard, soft or spoken in conversation. If an asset that has some value i.e. information, consequently needs some appropriate protection.
Security is a protection to any thing. So Information security is protection of organizational valuated assets from any kind of treats, to ensure low business risk, business continuity and maximum benefits from the investments.
Security may concern from outsiders (e.g. Hacker), or insiders (e.g. Disgruntled Employee).
Information Security can achieved by set of policy, procedures & process i.e. controls. The Information Security is covered under ISO-27001:5000.

Hrishikesh Dubey
Information Security Consultant
New Delhi, India.
Happy Holi to all blog redar Happy Holi