Search This Blog

Friday, September 27, 2013

Microsoft: Financial Services: A Survey of the State of Secure Application Development Processes

The financial services industry is one of the world’s largest industries by monetary value, and an industry which has a direct impact on the lives of billions of people around the world. Organizations in the financial services industry handle trillions of transactions each year involving sensitive information about individuals,companies, and other third parties. To help protect this sensitive information it is important that financial services organizations are developing, procuring, and using software applications that have been developed with security in mind.
Microsoft commissioned an independent research and consultancy firm, The Edison Group, to examine the current state of application development in the financial services sector from a security perspective. Their report – Microsoft Security Development Lifecycle Adoption: Why and How – is available today.
The paper was developed following in-depth interviews with Chief Security Officers and senior executives representing some of the leading banks and financial services companies in the United States. Some highlights from the paper:
  • The Edison Group examined the usage of the Microsoft Security Development Lifecycle (SDL) and how it has been integrated into the software design life cycles of financial services companies.
  • The study describes the business benefits of using the SDL, along with adoption approaches and integration methods.
  • The adoption maturity of the Security Development Lifecycle (SDL) in participating organizations ranged from highly refined through years of implementation, to a brand new adopter about to begin integrating the SDL into the development processes.
  • The paper also includes two case studies, one illustrating the use if the SDL in a Microsoft Windows based environment, and one illustrating the adoption of the SDL in an open source development environment.
In addition to these highlights, the Edison Group found that using a software development process, such as the SDL, to help developers build more secure software can also help address security compliance requirements. For example, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) recognized the need for standards around security development processes and developed ISO/IEC 27034-1. This international standard is the first of its kind to focus on the processes and frameworks needed to build a comprehensive software security program. Earlier this year, Microsoft announced through its Declaration of Conformity that Microsoft’s SDL conforms to ISO 27034-1. Organizations using the Microsoft SDL to develop more secure software may already be conformant to the standard.
In the United States financial services sector, many of the largest companies came together in 1996 to form BITS, a division of the Financial Services Roundtable. BITS is an organization that addresses threats and opportunities relevant to the financial services sector, particularly those related to cyber-security. In 2012, the BITS Software Assurance Framework was created to document the importance of secure development practices and to provide guidelines that financial services organizations can use to implement these practices more fully.  The Software Assurance Framework was developed to help financial institutions better follow secure development practices and avoid the risks outlined above.
The Framework is rooted in education, integration of security in design using standards and threat modeling, best practices for coding, focused and comprehensive testing and followed with important implementation and response practices.  The Framework was developed in collaboration with Microsoft, and integrates the Microsoft Security Development Lifecycle at the foundation.
According to Paul Smocer, BITS president, “Building safe software is a necessity, a priority and a complex process for financial institutions.  The BITS Framework offers a practical approach to software security through strong design, implementation and testing processes.”
If you are responsible for the development or procurement of software for companies operating in the financial sector, then I strongly encourage you to check out this new whitepaper and the many free security development resources available at www.microsoft.com/sdl.

Monday, September 23, 2013

A Bright Spot in Tech’s Gender Gap


The technology world is still run by men. They have more than 80 percent of the software developer jobs, according to the U.S.  Bureau of Labor Statistics. And they hold most of the leadership positions.
But there’s good news for the Marissa Mayers of the world. The rare woman who does manage to hack her way to a top technology job is paid the same on average as a man in that position, as long as they have the same experience, according to a report by Dice, which tracks corporate compensation. That’s been true since at least 2007, Dice found as part of historical research for Bloomberg.com.
The study, which examined information-technology jobs in various industries, found that while there’s equality for men and women in comparable positions, women tend to end up in less lucrative jobs. Women in those jobs make an average salary of $87,527, while men make $95,929, according to Dice. If only there were more ladies leading teams.
“It’s obviously very encouraging that women in the same position are making the same amount, but why do they end up in different positions?” Shelley Correll, a Stanford University professor who specializes in gender research, said in an interview.
Sheryl Sandberg, Facebook’s chief operating officer and “Lean In” author who is on a whirlwind media tour to promote her book about female business leadership, has said the gap is a result of a combination of factors. Many women leave the workforce before they have to, decide not to take on larger projects, or lack the confidence in their qualifications to apply for promotions, according to Sandberg. So she’s been advocating for women to be more assertive at the office.
Besides equal pay for men and women in the same jobs, there is another commonality between the genders: Dice found that nearly half of all male and female business professionals were not satisfied with how much money they made.

Sunday, April 28, 2013

Laptop taking too much time to Shutdown

Laptop taking too much time to shutdown?

We have observed that some of the laptops takes more than 5 minutes to close all the applications and shutdown. To reduce this process time follow the instructions below:

1. Click on Start button, select Run, type Regedit and press Enter.
2. Expand: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
3. Edit the value data of Wait to kill service timeout to 1500

This will improve the performance of Shutdown!!


Thursday, April 25, 2013

Resetting Windows Password using Hiren Boot CD


Tested on: NT 3.51, NT 4 (all versions and SPs), Windows 2000 (all versions & SPs), Windows XP (all versions, also SP2 and SP3), Windows Server 2003 (all SPs), Windows Vista 32 and 64 bit (SP1 also), Window 7 (all variants). Some also say that it works on Windows Server 2008 too.
If used on users that have EFS encrypted files, and the system is XP or Vista, all encrypted files for that user will be UNREADABLE! and cannot be recovered unless you remember the old password again. If you don’t know if you have encrypted files or not, you most likely don’t have them (except maybe on corporate systems).
Boot your computer with Hiren’s BootCD and follow the steps below for resetting your password:

1. Enter “Offline NT/2000/XP/Vista/7 Password Changer”

With Up & Down keys select Offline ‘NT/2000/XP/Vista/7 Password Changer’ and press Enter.



2. Wait for “Offline NT Password & Registry Editor” to Load

On the screen below, you’ll see is several lines of text that quickly run down the screen. You don’t need to do anything here. Wait for “Offline NT Password & Registry Editor” to load.



3. Choose the Correct Hard Drive Partition

This step in the Offline NT Password & Registry Editor process is to select the partition that contains the Windows installation that you want to delete a password from.
Many computers have a single operating system installed on a single partition on a single hard drive, making this a very easy choice.
If that’s the case for you, just press ENTER to accept the default partition. Otherwise, type the number corresponding to the correct partition from the Candidate Windows partitions found list and then press ENTER.
If more than one partition is listed and you’re not sure which one to pick, chances are the larger partition is the one with Windows installed.
Every Windows 7 PC will have more than one partition listed.


4. Confirm the Windows Registry Path

Offline NT Password & Registry Editor now needs to know the exact location of the Windows Registry. Except in the rarest of occasions, the default location will be the correct one.
Just Press ENTER to accept the default Windows Registry path without writing anything else.


5. Choose the Password Reset Option

Offline NT Password & Registry Editor is now asking which part of the registry it should load.
Press ENTER to accept the default choice of Password reset.
The Offline NT Password & Registry Editor tool can perform various functions aside from resetting passwords but since that’s the focus of this particular walkthrough, that’s all we’ll discuss.


6. Choose the Edit User Data and Passwords Option

Now that the registry is loaded and available to the program, Offline NT Password & Registry Editor needs to know exactly what you want to do.
Press ENTER to accept the default choice of Edit user data and passwords.
This will load the necessary options for the actual password reset.



7. Enter the Username to Edit

Offline NT Password & Registry Editor now needs to know which user’s password you’d like to delete (erase, clear, blank, remove, call it what you like).
A default user is listed between the brackets at the prompt. In the above example, you can see that it’s the Administrator user.
If the default user is the user you’d like to remove the password from, simply press ENTER. Otherwise, enter the username and then press ENTER.



8. Type 1 to Clear (blank) user password and then press ENTER

At the bottom of the screen you’ll see the User Edit Menu with several options to choose from.
Type 1 for Clear (blank) user password and then press ENTER.
Offline NT Password & Registry Editor shows some interesting information about the username you entered in the last step – the full name, what groups the user belongs to, how many failed login attempts have taken place, how many total logins have been completed, and more.
If you see a check in the “Passwd not req.” box, this means that a password is not a requirement for this particular user. It does not mean that a password is not required to access the account in Windows. In other words, it’s saying that it is possible to erase this user’s password.


9. Type ! to quit the User Edit Tool

Assuming there weren’t any problems, you should see a Password cleared! message after entering 1 in the previous step.
Type ! to quit editing user and then press ENTER.
You must confirm these changes in a later step before they are actually complete. If you quit Offline NT Password & Registry Editor now then the password reset will not take place!


10. Type q to Quit Offline NT Password & Registry Editor

Enter q and then press ENTER to quit the Offline NT Password & Registry Editor registry editing tool.
Important: You’re still not done! You need to confirm your password reset change in the next step before it will take effect.

11. Type y and then press ENTER to confirm Password Reset Changes

At the Step FOUR: Writing back changes menu, Offline NT Password & Registry Editor asks if you want to write file(s) back.
Type y and then press ENTER.
You should see an EDIT COMPLETE message appear on screen. If you do, it means that Offline NT Password & Registry Editor has written the password changes to your computer!


12. Confirm That You’re Finished Using Offline NT Password & Registry Editor

Offline NT Password & Registry Editor gives you an option here to rerun the program. If you’ve been following along with this guide and everything seems to have worked properly then there’s little reason to repeat anything.
Press ENTER to confirm the default option of not rerunning the password reset.



13. Remove Hiren’s BootCD and Restart the Computer

That’s it! You’ve just completed the entire Offline NT Password & Registry Editor password removal process.

Remove Hiren’s BootCD from your CD/DVD drive and then manually reset your computer.Note: If you receive a “job control turned off” or a “can’t access tty” error, don’t worry. As long as the EDIT COMPLETE confirmation message was posted to the screen after you confirmed the password reset changes then your password was successfully reset. You should still be able to see the confirmation on the screen at this point.
In the next step, you’ll finally get to logon to Windows without entering a password!
Now that your password has been removed using Offline NT Password & Registry Editor, no password is required to log on to Windows.
If you are the only user on your computer, Windows will boot all the way to the desktop on the next reboot and will skip the logon screen altogether.
If you’re on a multi-user computer (as many families are), the logon screen will still appear after starting Windows but when you click on the user that had the password removed, you will not be prompted for a password and will instead enter Windows automatically.
Having a secure password is important so please don’t continue to use Windows without one. As soon as you’ve gained access to your computer again, configure a new password – one you can remember a little easier!

There is a video link to help you:




How To Disable AutoRun / AutoPlay In Windows 7 & Windows 8


Disable AutoRun / AutoPlay Using Local Group Policy Editor
Step 1: Pull up the Run dialog box (Win + R) and type gpedit.msc. Hit Enter to launch the Local Group Policy Editor.
Step 2: Within Group Policy Editor, navigate to this location:
Computer Configuration > Administrative Templates > Windows Components > AutoPlay Policies
AutoRun
Step 3: Double-click the Turn off Autoplay option to edit its settings, select Enabled, and then select All drives in the options panel below. Hit Apply when done.
Disable-AutoRun
Step 4: Restart your computer.
That’s it; the AutoRun feature has been completely disabled for all users, and for all drives that connect to your machine.
Disable AutoRun / AutoPlay Using Registry Editor
Should you have a version of Windows that doesn’t ship with Local Group Policy Editor, follow these instructions.
Step 1: In the Run dialog, type regedit to launch the Registry Editor.
Step 2: Depending on whether you want to disable AutoRun for all users or just for the current one, navigate to either of these registry keys (the first one is for all users):
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\
Step 3: Within this subkey, locate the setting labeled “NoDriveTypeAutoRun”. If it doesn’t exist, create a new 32-bit DWORD with this name and assign it the hexadecimal value 000000FF(Decimal 255).
RegEdit-Disable-AutoRun
The DWORD defined above will disable AutoRun for all drives and devices, and will have the same effect that you would’ve gotten through Local Group Policy Editor.
Should you want to restore AutoPlay ever again, just reverse the changes that you made in these steps, and you should be good to go.

I am sharing this tech update from :