Archive | June 30, 2005

Don’t click on that attachment!

And another from InfoWorld: Top News: Fake Microsoft security alert includes Trojan patch. “A new wave of spam that disguises itself as a Microsoftæ security bulletin contains a link to malicious software that gives attackers complete access to the infected machine, security researchers are reporting.” Just a reminder folks: Never, EVER, run code from an untrusted source. There are no trusted sources.

IE bug can crash the browser; might allow malicious code to run

InfoWorld: Top News reports IE bug can crash browser. “Security researchers have discovered a bug in Microsoft’s Internet Explorer (IE) browser that can cause the software to crash, and which could possibly be used to let an attacker run unauthorized software on the IE user’s machine.” Translation: slow news day before American and Canadian holiday weekend. Nothing to see here, folks, move along…

Generate SourceSafe weekly activity reports using Visual FoxPro

Building on the work covered in Essential SourceSafe, here’s some code that will generate two text files of the activity that your SourceSafe database has recorded in the past week. This can be a handy way to keep track with what’s going on in a busy project.

(Changing the text output into an RSS feed is an exercise left to the reader. Cool idea, eh?)

I used Visual FoxPro to generate the commands for SourceSafe, as I couldn’t figure out a way to generate a date less seven days in a DOS command shell. In my next post, you’ll see a slick way to generate the current date, but that didn’t help me here.

Save this program into a Visual FoxPro project, and optionally add a CONFIG.FPW with RESOURCE=OFF, SCREEN=OFF and build it into an EXE. Place the WeekHist.exe in the root of your SourceSafe install (or change the paths in the code below to match) and you can run the exe manually or set the .exe to run on a weekly scheduler using the OS’ scheduler tools.


*==============================================================================
* Program.............:	WEEKHIST.PRG
* Purpose.............:	Generate a weekly history file from SourceSafe
* Author..............: Ted Roche
* Copyright...........: 2000-2005 by Ted Roche, licensed under the Creative
* ....................: Commons Attribution Share-Alike License,
* ....................: http://creativecommons.org/licenses/by-sa/1.0/
* ....................: Please fix and pass along - Ted 
* Last revision.......:	2005-June-30
* Parameters..........:	None
* Returns.............:	Nothing, outputs History.txt, .lst or .err
* Environment in......:	Must run in root of VSS install, ASSuMEs that the 
* ....................: data directory and win32 directories are below
* Environment out.....: History.txt is brief, History.Lst is verbose
*==============================================================================
* Format is:
* win32\ss history $/ -R -vd07/02/05~06/26/05 -O@History.lst

* Try...Catch would be nice, but this supports any VFP runtimes
#DEFINE CRLF CHR(13)+CHR(10)
ON ERROR do errhand with ERROR(), MESSAGE(), MESSAGE(1), LINENO()

lcCommand = "win32\ss history $/ -R -vd" + ;
            DTOC(DATE()) + "~" + ;
            DTOC(DATE()-7) + ;
            " -B -O@History.txt"
            
RUN &lcCommand
            
lcCommand = "win32\ss history $/ -R -vd" + ;
            DTOC(DATE()) + "~" + ;
            DTOC(DATE()-7) + ;
            " -O@History.lst"
            
RUN &lcCommand

RETURN

PROCEDURE errhand(tnError, tcMessage, tcMessage1, tnLineno)
STRTOFILE(TTOC(DATETIME()) + " Error " + TRANSFORM(tnError) + CRLF + ;
          " Message " + tcMessage + CRLF + ;
          " Message1 " + tcMessage1 + CRLF + ;
          " Line " + TRANSFORM(tnLineNo)+ CRLF , "History.err", .t.)
ENDPROC && errhand

[UPDATED]: See newer posts for updates: here and here.

Microsoft Watch: Will RSS expose Longhorn to exploit?

Microsoft Watch from Mary Jo Foley notes The Downside of Embedding RSS in Longhorn. “Microsoft watchers are thinking through the security implications of Microsoft’s plan to embed RSS in Longhorn.”

The upside is that Microsoft bundling a feature in with their OS means that developers can count on the feature being available (although uptake of recent versions of windows may mean that’s only 20% of all Windows users). The downside is that it means malicious developers can count on it being available. While Microsoft is getting better at shipping software less exposed to exploit, it still enlarged the exposed surface for exploit.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.