posted
08/03/10
By Fredrik "DXter" Jonsson
A funny thought that I have had since I connected my girlfriends Wii to my wireless guest network, was that the Wii described my guest WLAN as a “Secure access point” (which is protected by WPA-PSK). How can the Wii present the networks security status by looking on what encryption that is enabled? Regardless of what encryption or authentication requirements you have for your WLAN, they won’t help you from ARP-spoofs for example (when you are connected) which is within the boundary of the networks security.
Furthermore, for me, it is impossible to make a access point secure using preshared keys. A “secure WLAN” requires PKI, at least for server verifications using PEAP-TLS, but preferably with client authentication using certificates by EAP-TLS (just like my “production” WLAN
).
Of course, I understand that a Wii console is made for home environments. But the main question is still very interesting and remains unanswered;
What is a secure access point?
// Fredrik “DXter” Jonsson
posted
08/03/10
By Fredrik Wall
I have tested Microsoft Live Labs Seadragon
for this blog.
You can find Seadragon at http://www.seadragon.com/
Technorati Tags:
Seadragon,
Microsoft
posted
08/03/10
By Fredrik Wall
I just installed Microsoft Live Labs Pivot
to see what It was.
Microsoft Live Labs Pivot imported my browser history
and made some graphical statistics.
Can maybe be useful for some documentation.
Download and more information can be found here
http://www.getpivot.com/
posted
07/03/10
By Fredrik "DXter" Jonsson
How many people out there knew that the command line tool signtool.exe in the .NET SDK actually had a built in GUI wizard? (yes, geeks/developers enjoys wizards sometimes too)
If you have the .NET Framework SDK 2.0 installed, you can launch the wizard by running: “%programfiles%\Microsoft.NET\SDK\v2.0 64bit\Bin\signtool.exe signwizard” (on a 64-bit installation)
I just had to try this one, so I started by creating a self signed code signing certificate in my certificate store with the command “makecert.exe -ss My -r -a sha1 -n "E=dxter@ghostzone.net,CN=Fredrik DXter Jonsson" -eku 1.3.6.1.5.5.7.3.3”. And after that, I added the certificate that was created to my trusted roots store. Now, lets go through the wizard!
The wizard starts.
I select a binary I have made.
I select a typical signing.
I choose to select a certificate from my certificate store.
I select my self signed code signing certificate. The wizard only display’s code signing certificates (with the EKU 1.3.6.1.5.5.7.3.3). For example, my personal S/MIME certificate is not displayed here.
I click next after I have selected my certificate.
I choose to add some descriptions to my cool application.
I prefer to timestamp my signature as well, so I let VeriSign take care of that.
And now we are done!
Yeah!
If we take a look at the properties of our signed file, we now see that we have a digital signature…
… that is valid and that has a countersignature from VeriSign!
I guess nobody can blame signing difficulties anymore as a reason not to sign. However, since I DON’T recommend to use self signed certificates in production, I believe that the price for a commercial code signing certificate is still a show stopper for small projects.
// Fredrik “DXter” Jonsson
posted
03/03/10
By Fredrik "DXter" Jonsson
If you are running a Windows Server 2008 web server for CRL publishing purposes, you should be aware of the fact that Windows Server 2008 (or IIS 7.0 to be more specific) does not allow URL’s with plus signs by default. Delta CRL’s are using a plus sign in the filename to indicate that they are a Delta CRL of the Base CRL with the same name but without a plus sign in the filename.
If you are hosting your CRL’s in the default website on a IIS 7.0 on Windows Server 2008, you should run the following command in an elevated cmd prompt to be able to allow IIS to make your Delta CRL’s accessible. If you are publishing them in another IIS site, customize the site name in the command to your site.
%windir%\system32\inetsrv\appcmd set config "Default Web Site" -section:system.webServer/security/requestFiltering -allowDoubleEscaping:true
UPDATE: Shay Levy was kind enough to provide the PS equivalent below. Thanks a lot!
Set-WebConfiguration -Filter system.webServer/security/requestFiltering -PSPath ‘IIS:\sites\Default Web Site’ -Value @{allowDoubleEscaping=$true}
// Fredrik “DXter” Jonsson
posted
02/03/10
By Fredrik Wall
Snart är det dax för TechDays i Örebro.
Jag kommer att vara där och representera Scandinavian Powershell User Group vid användargruppernas monter.
Alla som ska dit är välkommna att komma till montern och snacka med mig.
Är det något speciellt som ni skulle vilja att jag tog fram till TechDays som rör PoweShell så säg till.
Jag kommer att ha med mig PowerShell Guru kepsarna som vart en hit förra året. Har ett gäng kvar!
posted
02/03/10
By Fredrik Wall
I have just found My favorit iPhone app.
iPowershell fr.o.m. Sapien. It’s à powershell referenser library. Very nice!



posted
17/02/10
By Fredrik Wall
I currently working with clients in an environment
without any system that will update computers
Bios automatically.
So I have started to write a PowerShell script for this.
It uses Windows Forms for the output and WMI for
the information gathering.
This script is very similar to Dells VBScript for Bios Upgrades.
That script can be found here.
My script will check for current version on the computer and
then check in a file structure for the right bios upgrade version
and If It needs to be upgraded It will run the upgrade file.
My file structure is very simple and It’s located on a file share.
The bios upgrade files for Dell computers can be found
at ftp.dell.com/bios
The script is in a alpha or Beta phase, but If you are interested
in It you can mail me, DM me on Twitter or send me a message at
messenger.
Technorati Tags:
PowerShell,
GUI,
WMI,
Bios
posted
15/02/10
By Fredrik Wall
This is a function to determine if the current user
is a member of the local administrator group.
function LocalAdministrator {
$strComputer = "."
$computer = [ADSI]("WinNT://" + $strComputer + ",computer")
$Group = $computer.psbase.children.find("Administrators")
$members= $Group.psbase.invoke("Members") | %{$_.GetType()
.InvokeMember("Name", 'GetProperty', $null, $_, $null)}
$localAdmin = $false
ForEach($user in $members)
{
if ($user -match $env:USERNAME) {
$localAdmin = $true
}
}
}
Usage:
LocalAdministrator
if (!($localAdmin)) {
break
}
This will break the script if the user
don’t belong to the local administrators group.
posted
12/02/10
By Fredrik Wall
We added a special theme for iPhone tonight.
This will make the page load faster and
better in iPhone.
Next step will be to do a new theme for the whole site.
This will be later on.