|
ok sorry.
So much complexity in software comes from trying to make one thing do two things.
Sibeesh
|
|
|
|
|
Is is possible to delete this thread?
So much complexity in software comes from trying to make one thing do two things.
Sibeesh
|
|
|
|
|
USBDeview[^]
USBDeview is a small utility that lists all USB devices that currently connected to your computer, as well as all USB devices that you previously used.
For each USB device, extended information is displayed: Device name/description, device type, serial number (for mass storage devices), the date/time that device was added, VendorID, ProductID, and more...
USBDeview also allows you to uninstall USB devices that you previously used, disconnect USB devices that are currently connected to your computer, as well as to disable and enable USB devices.
You can also use USBDeview on a remote computer, as long as you login to that computer with admin user.
New version: WinHeist Version 2.1.0 Beta
Have you ever just looked at someone and knew the wheel was turning but the hamster was dead?
Trying to understand the behavior of some people is like trying to smell the color 9.
I'm not crazy, my reality is just different than yours!
Not my circus not my monkey's!
|
|
|
|
|
|
If you are looking for a free .NET based, open-source bugtracking system then look no further than BugTracker.NET[^]
It is free, you get the full source-code, there is an active community that can help with your questions should you need help (including the author Corey Trager).
It has seamless integration with many version control systems inc. Mercurial and Subversion, giving you the ability to check the changes made against a defect.
The Subversion integration is a Python script. If you would rather use something written in .NET then I developed my own which I have uploaded onto Github[^]
It can also be themed and styled with your corporate branding. I use this and can highly recommend it
|
|
|
|
|
We used this for ages and as a simple tool is was a fine, if basic, tool.
cheers
Chris Maunder
|
|
|
|
|
|
Richard Deeming wrote: The mention of SQL Injection vulnerabilities in part 2 was enough to put me off.
Because you wanted to expose your bug tracking tool directly to the internet?
|
|
|
|
|
Would you implicitly trust all of your employees to have complete control of the bug database?
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
In terms of SQL injection attacks???
Then yes. In the last two companies I was the only one with enough SQL experience to do anything real in a SQL database. In the company before that there were probably between 2 and 10 developers with that sort of experience but I would not really expect them to spend their time figuring out how to attack the bug database (that company had very serious big money attack targets.)
|
|
|
|
|
But if the bug database is on the same server as your attack targets...
I'd generally try to avoid leaving any security vulnerability open to any target audience, no matter how unlikely they are to try to exploit it. After all, SQLi is so simple, even a 3 year old can exploit it[^].
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Richard Deeming wrote: But if the bug database is on the same server as your attack targets
You have big money targets which are on the same server and database as your bug database?
|
|
|
|
|
Did you not notice the word "if"?
You'll not only need to make sure your bug database is the only application and database on the server; you'll also need to make sure that the SQL service account is locked down, and that the server isn't part of your domain. Otherwise, a breach of that server would compromise your entire network.
You'll also need to keep detailed audit logs to track any unauthorised changes to the system. Unless, of course, you don't care about that, in which case you might as well not bother with any authentication or authorization, and just give the users direct admin access to the server.
All of which you wouldn't need to worry about if the front-end application was written properly in the first place.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Richard Deeming wrote: You'll not only need to make sure your bug database is the only application ...
Err...No I would (and have done so) make sure that the bug database and the production boxes had absolutely no commonality.
And I would do that regardless of how trustworthy/stable I thought the bug database was.
Richard Deeming wrote: All of which you wouldn't need to worry about if the front-end application was written properly in the first place.
If there is no commonality at all then I don't need to worry about if the front-end application was written properly in the first place. Which was in fact my point from the beginning.
|
|
|
|
|
Quote: I'd generally try to avoid leaving any security vulnerability open to any target audience, no matter how unlikely they are to try to exploit it
Such as using the Internet
|
|
|
|
|
|
|
|
|
|
So you want me to use that tool for you? :/
What actually does it do? -_-
Favourite line: Throw me to them wolves and close the gate up. I am afraid of what will happen to them wolves - Eminem
~! Firewall !~
|
|
|
|
|
Read its description for what it does. This page is for tools that people find useful. Use it if you need it.
|
|
|
|
|
Great tool! Thanks for the contribution!
What is does is to shorten your e-mails for instance you can set a certain paragraph to be inserted after a certain works for ex "salesprod" and as you writing the software will detect it and replace it.
It has an enormous number of customization features, you can filter certain programs to be intercepted and you can even customize with specific input (a box will appear asking for a piece of information that will end up in the replaced phrase).
Worth looking into!
|
|
|
|
|
A colleague of mine shared with the rest of us a very interesting link.
How to debug anything with Visual Studio and JetBrains
So no recompiling old dlls for pdb files?
This software is free and I think to give it a try. It looks promising.
I hope that this thread's place is in the Insider.
If not please excuse me
[Thread moved - Ed]
Microsoft ... the only place where VARIANT_TRUE != true
modified 17-Jul-14 9:25am.
|
|
|
|
|
You used to be able to do this in Reflector ages ago, back when it was free (you probably still can but it isn't free anymore)
Nice to see this functionality in dotpeek now, which is free
Free
|
|
|
|