One of our clients integrates with a financial services company which provides an API to access data. Obviously this needs to be secure. Their QA environment is secured via SSL but is exposed only by IP address. A .NET client will by default throw a security exception when you try to create a SSL connection by IP because the certificate has been issued to a name. This code will get you past that…
ServicePointManager.ServerCertificateValidationCallback += ((sender, certificate, chain, sslPolicyErrors) => true);
If you use a loopback address (127.0.0.1) or hosts files on your Windows Server to reference a local IIS web application with Windows Authentication it will probably fail with a 401 error due to a new security constraint. This is often the case if you use a public url for your Sharepoint of TFS server. To resolve this you need to add a registry key…
- Open regedit
- Open the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
- Create a new DWORD under Lsa named DisableLoopbackCheck
- Set its value to 1
- Restart the server for good measure
Related Links
http://support.microsoft.com/kb/896861
http://ppalakollu.blogspot.com/2009/04/ie-8-ntlm-authentication-on-windows.html
Cloud computing has started to change the way we think about building and hosting applications. The access to large computing resources on demand has allowed applications to rapidly handle their scaling needs. But it also has other uses… like breaking (oh, I mean testing) your (someone else’s) wireless network. WPA Cracker is a cloud solution to crack WPA-PSK wireless networks. It does this by leveraging a 400 CPU cluster and a 135 million word dictionary. You just need to upload your network traffic capture to their server and after a bit of crunching it spits out they key. They claim it takes about 20 minutes to break, which will cost you all of $17. I think this is great. I’m pretty sure professional hacking groups had access to these types of resources in the past; so it’s really nothing new. Hopefully now that it has become a bit more public people will take the proper security steps to protect their networks, servers and data.