Ben Hall's Blog

Great opporunity for some free .NET 3.0 training via Microsoft eLearning.  Lots of material for you to work with and its free for a limited time (until RTM).

This collection of 3 2-hour premium clinics teaches about the new capabilities provided by the .NET Framework 3.0. These clinics are for experienced Developers and Software Architects who are looking to adopt Microsoft’s next generation technology within their solutions.
Topics covered within the collection include:

• Windows Presentation Foundation
• Windows Workflow Foundation
• Windows Communication Foundation

Link: https://www.microsoftelearning.com/eLearning/offerDetail.aspx?offerPriceId=109340

BBC news have just reported that Google have purchased £883m ($1.65bn) worth of shares in YouTube, however Google have said the two companies will operate independently.

This is going to be a very interesting deal.  Two of the major plays in the video sector joining partnerships, and with Google’s CEO, Eric Schmidt, joining the Apple board of directors this could mean we are about to enter another huge media revolution. 

Now YouTube, Google, and Apple all in partnership together and with iTV just around the corner this could be great news for all us geeks. 

But where does this leave Microsoft?

Read more here:
http://news.bbc.co.uk/1/hi/business/6034577.stm

More on the Google and Apple partnership:
http://www.webpronews.com/insiderreports/marketinginsider/wpn-50-20060918IsGooglePolishingAnAppleAdDeal.html

The NxtGenUG have just posted information regarding a 2 day training course entitled “Advanced ASP.NET Exploits and Countermeasures” run by Dinis Cruz.  Dinis was one of the presenters on the Ed Gibson roadshow, and he has ran this training course at various conferences such as at Black Hat.  The course will be run in both London and Birmingham.

Dinis is a great presenter and I have heard great things about the course.

More information on the course itself can be found over on the Black Hat website however I am not sure if the content will be 100% the same.

More information on the NxtGenUG training course can be found on their website.

Personally, I would love to attend.

NxtGenUG

NxtGenUg was been created by 3 evangelists of Microsoft technology and hold regular meetings in Coventry, Birmingham and now Oxford every month with excellent speakers on a wide range of topics, together with some food and chat it makes for a great evening. 

If you have never been to a user group meeting before I strongly recommend you attend a local one.  The guys at NxtGen are great and I have really enjoyed the meetings I have attended (just a shame they haven’t got a meeting in Hertfordshire yet) – well worth the monthly subscription and the group seems to be getting bigger and better every month.

For more information visit www.NxtGenUG.net

This just got slashdotted.  Article on how you can still get IE7 injected with toolbars just like IE6 (assumes that the end-user clicks ‘yes/apply/accept/next’ to just about anything – which of course they are going to do).  One of the nice things about it was that the reset built into IE7 worked.

http://www.windows-noob.com/review/ie7/

Good to read if you have nothing better to do on a Sunday afternoon.

This is one for all you UK students out there.

Samsung are running a competition to allow “Dirty Pretty Things” to play on your campus for free! I saw them live in Coventry just before their album was released – they where amazing!!

Hertfordshire are fifth at the moment – I’ve placed my vote, help your uni by placing yours…

Visit http://www.bandonyourcampus.com/ to vote.

Microsoft have just announced that the Microsoft Certification Exam 70-540 will be in Beta form again starting October 23 until November 10 2006.

If you are in the area of mobile development then maybe you should look into taking this exam. If I remember correctly, these beta exams are free – so why not give it a go?

The Preparation Guide is available for the Exam at: http://www.microsoft.com/learning/exams/70-540.mspx

Visit http://blogs.msdn.com/jasonlan/ for information on how to sign up.

Voting for the agenda has now opened on the DDD4 website.  If you are unsure how the voting works, you pick 10 talks you think you would like to attend, then then this gets to decide the day’s lineup. You are allowed to change your choices up until the voting ends, which will be around mid October (or so the website says)

Nice to see they have taken my advice (and others I guess) and put the Level of the talk next to it.

Vote here:
http://www.developerday.co.uk/ddd/votesessions.asp

Ones i’m interested in, sure they will get my vote are:
Next Generation Data Access   (Style: Presentation – Level: 300)
Can Erten

The Use and Abuse of Reflection   (Style: Presentation – Level: 300)
Joanna Carter

How To Give Great Presentations   (Style: Presentation – Level: 100)
Guy Smith-Ferrier

TechED Highlights   (Style: Presentation – Level: 200)
Richard Costall & Dave McMahon

An Introduction to Microsoft Robotics Studio   (Style: Presentation – Level: 200)
Steve Tudor

How your web site gets owned   (Style: Presentation – Level: 300)
Barry Dorrans

Securing applications and communications in ASP.NET   (Style: Presentation – Level: 300)
Barry Dorrans

Yesterday afternoon was the first of five events of the Ed Gibson on the road tour, the event was held in Birmingham with Dinis Cruz, Barry Dorrans there to give a helping hand…

First up was Ed Gibson who gave another great talk on the dangers of organized crime on the Internet and some of the realities which we face – very thought provoking, if not a little bit scary.

Dinis Cruz then gave another great presentation on hacking applications, didn’t do his Rooting the CLR presentation however he did demostrate Metasploit which was great to see (only heard of it, never used it before).  Also did his HacMeBank demo which was great, as this time I was looking at it from the view of my final year project and a pen tester more than a developer…

Quick break, and then the panel discussion about what is security. There where some interesting points come up from the guys and was a good active dicussion.

Overall, a very good afternoon/evening. Presentations where excellent, and the organisation by nxtgen was really good (or at least it appeared to be…).  Looking forward to more events like this is.

For more information on the remaining four events visit http://www.nxtgenug.net/EdGibson/ . I would strongly recommend going if are interested in the area of security, or just because you can get out the office for an afternoon.

Buy

Book’s Website

The evolution of the web is changing faster than most normal people can keep up with.  New website applications are popping up online daily, most of which contain some important, and sometimes financial information which the company wants to display or sell.  Most applications also contain information only ‘certain’ users can see in a secure area where you might have to pay to access, and only you are allowed to see.

This book describes many different ways in which the application can be used as a weapon against the company, allowing the ‘hacker’ to access restricted data, corrupt databases or bring down the server hosting the site.

Over the 13 chapters, this book describes all the common ways of attacking a website, from profiling the application to find out what OS and webserver it is running, or launching a full DDoS attack on the server.

After reading the book cover-to-cover, I am now aware of the dangers online and as a developer what my application must be able to withstand and block against. It also has information about the not-so common attacks, and various ways hackers attempt to break into websites – such as encoding the XSS attack to get around blacklists.  The book also covers almost all languages and platforms, allowing everyone to have a good understanding.  The  code samples included are an excellent way to seeing for yourself the potential harm, and if you can’t see it – have it explain to you in the next paragraph of the book.

At the end of every chapter there is a “references and further reading” section, contains all the links to items discussed within the chapter.  This ranges from Microsoft’s security alerts to PoC (Proof of Concept) applications and recommended applications to provide excellent additional reading.

At the very end of the book, there is a checklist to make sure your application is up-to scratch and secure.

I highly recommend this book to anyone who wants a good understanding of all the different ways in which web apps can be attacked.  If you are currently developing applications (both internally and externally) I strongly recommend you having a read of this book – you never know, it might just save your application and confidential database from hackers.