RamsThoughts

June 9, 2011 11:22 pm

Rollback Strategy…

Filed under: Software Quality,Software Security,Software Testing — ramsblog @ 11:22 pm
Tags:

Rollback testing is one of the hot topics in the software application deployment where you push the updates into production frequently or even if once in a while bug talking about number of applications and number of patches into production.

What is your Rollback Strategy?

How would you plan for one?

what is your understanding of application Rollback at deployment?

January 24, 2011 11:31 pm

Remotely Change password on Windows Server 2008

Filed under: Software Security,UX - User Experience — ramsblog @ 11:31 pm
Tags:

Interesting to see the lack of consistency between Windows desktop and windows server OS in terms of changing the account password. I remember I have done it before when Remote into a windows server 2008, it has been a long time and completely forgotten to get around and locate again.

i went around several options including Start—>Lock computer; Security wizard etc. Server being located at remote location obviously can’t take chances to shut it down and not being able to restart again. 

To change the user password on a windows 2008 server while logged in as a Remote Desktop:

> Remote desktop login to the windows server machine
> start –> Windows Security
> click Change password
> to change password of different accounts other than the one logged in with, click Other Credentials
> enter user name domain\user
> give Old Password
> Enter New password and repeat followed by Arrow to submit.
> changes the password and brings the control back to

imageimage

 

some Intuitiveness can be further improved as part of this progress. for instance the 4th bullet (other credentials) takes additional clicks to figure out or get to the other user password change window; it could have reduced few clicks apparently.

hope the above steps help some of you…

December 16, 2009 11:19 pm

Website Authenticity … How to identify?

Filed under: General,Safety,Software Security — ramsblog @ 11:19 pm
Tags: ,

There has always been a concern about Phishing sites. We get those URLs via emails, through other sites, hyperlinks everywhere. Those hyperlink targets may or may not go to the sites indicated on the text – of course, depends on how trustworthy the link is.

This has been a concern when the URLs were readable and judge the authenticity based on best of your knowledge. But still, most of us have been victims to unsafe site target at least once irrespective of recent browser versions alerting the users about how genuine the site is via their phishing identification tools / features.

Add on to that, these days, is the concern about shortened URLs. Yes, shortened URLs came into existence ever since the SMS texting, Twitter, or so called 140 characters limit texts – microblogging era started in recent years.

> How do you trust those short URLs?
> On what assumptions would you dare click that link?
> How can you mitigate the risk of not ending up where you didn’t want to end up with?
> How would you make sure you don’t fall victim for identity thefts?

One simple and straight forward answer could be – Do not click those links. well, does it always happen that way?

i recently came across http://www.googlegooglegooglegoogle.com –> it is pretty neat. It presents you 4 frames with google home page and you can provide 4 different search on the same browser instance. Its very handy.

googlegooglegooglegoogle (Small)

well talking about this googlegooglegooglegoogle site or its authenticity is not the intent of this post. but just thought about other misleading URLs.

Well, if you bing for phishing sites or URL authenticity or “how to trust URLs” etc, you may find umpteen number of resources, Checklists, ToDo’s, guidelines, tons of resources….

Well…. this post did not answer the question “How to identify” because that still remains my question for now.. Please comment your resources and pointers here… and this title seems really misleading here… :)

March 31, 2009 9:25 am

Login with an additional security layer…

Filed under: Software Security,UX - User Experience — ramsblog @ 9:25 am

I have recently come across a security layer implementation on several websites, specially where you may have your PII (personally identifiable information) stored. I am curious to understand how it is going to help the hackers. The way the instructions were given to

image setup this information are as follows:

1. setup a user id and password
2. answer one or three questions – a way to remember and recognize you as you.
3. provide an image or a text that you know and possibly an information that you provide the website to recognize you or for you to recognize you are logging into the right site.
4. when you login the next time you would enter the username and the password (provide your credentials) and proceed further. At this time you would be prompted with the key (either text or an image) that you had picked during setup process, and you proceed further saying you recognize it.

 

well, unless otherwise I missed reading the instructions right, this might help for an end user to trust the site so possibly avoid phishing situation to an extent, but this may not help for a website to know if it is a genuine user logging in. Applications provides the clear text key or an image, and the user can proceed further.

Do you have any insights as whey this kind of authentication is used?

May 21, 2008 7:14 pm

Software Quality…

280Group writes an article about “why Software still stinks here“. In this article the author says the product management is the key reason for why software fails. I like the way this article starts and pointing one of the key impediments as “being open for critical feedback and ideas“. I liked the way it was put across in one phrase as “this industry still so amused by its own opportunities” as an improvement factor.

I believe there are other factors to be accounted as well.

a. Strategy: Good strategy to drive the project management

b. being able to coach the teams and being transparent of what product management thinks of the end product and the teams knowing the exact same thing.

c. being open for feedback from the team – this has already been addressed in this article. additionally, most times the managements are firm on what they want and not really listen to the team though the management change the course (shift) when market changes. Why not the management listen to the internal team for what they have to say.

d. when it comes to “about buggy, inflexible and incomplete applications” –> irrespective of how the product management is, only the team can certify the quality gates and the entire team has to come up with the measures to comply with that. It is the team work and not just one product manager, I think.

I have been in the application development projects where the customers did not really know what they really really wanted, and I agree, it is our responsibility to help customers to define the features they really really want and omit the obsolete requirements. Agreed, product management plays a key role here, at the same time, I think, the entire engineering team should put themselves in customer shoes while designing the solution early on and not really blame the customers for not providing the requirements.

note: I am probably sounding a bit biased or defending here, but I am trying to see from a cursory look and from my own experience being in the industry.

 

March 4, 2008 12:02 am

Internet Security: IE seems to stay ahead

Filed under: Internet,Software Security,Tech — ramsblog @ 12:02 am

Just came across an article on Wired magazine that says Internet Explorer browser is most trustworthy for secured transactions compared to Safari and other browsers. Although, it says Firefox is closer and the rest are vulnerable to online security according to PayPal’s study. 2 main reasons cited are (a) URL Phishing check (b) support for Extended Validation Certificates

source: for more information go to Wired magazine article [link]

 

Technorati Tags:

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 55 other followers