I need a support of the staff of the Microsoft.
Since the beginning of the year I am working in the CFLCL (Company of the
sector of energy with more than 15000 employees).
I am trying to convince the CFLCL to adopt the DotNet as tool of Web
development, but for this, I have that to obtain the approval of the
security staff.
The problem is that the security staff is fanatic with Linux and want that
the company adopts the J2EE. The great problem is that the faces are same
Hackers, for you to have idea, the Firewall was developed by it (all in
assembler), using the Linux to load the OS and later it all it takes off
Linux of air, assuming control of the operational system.
The argument that they use is that the DotNet delays very in loading the
process, besides using fixed addresses of memory.
With this, hacker can use the moment that the process of the AspNet is
loading and to generate a memory burst, obtaining to have access the
information to provoke great damages the CFLCL.
In accordance with them, the J2EE does not have this problem, therefore he
is fast to load and it does not use fixed addresses in the memory very,
making it difficult in the life of the Hackers.
But, so that the Hacker obtains to use this imperfection of the AspNet it
has that to make an attack in the hardware layer. It until showed to me as
if he makes, generating a failed in IRQ 115 (I find that the number is this)
that seems to be most serious, stopping all the processing of the machine
and allowing the action of the Hacker.
My argument is that to make this attack, hacker it has that to have access
the machine and that if the Firewall of it is good, we do not have with what
being worried, playing the responsibility on them.
But, I am trying to raise more arguments.
As this low-level question is not very my beach, I am looking support of
people can assist me in the subject.
Somebody can help me? Somebody know some publication on the subject that
can help me? He will be that you do not know somebody who can help me to
gain this "competition"?
5  1429 
Thiago:
Seems like you might need more help that what you'll get here.
You might want to try contacting a MS Regional Director in your area. I
found one in Peru: http://www.icuadrado.com/chrismenegay.htm
and one in Ecuador http://weblogs.asp.net/esanchez/contact.aspx
You can also try contacting the Microsoft Brazil Office: http://www.microsoft.com/worldwide/p...country=Brazil
(sorry, I got it in my head that you are from Brazil, hope I'm not wrong!)
Cheers,
Karl
--
MY ASP.Net tutorials http://www.openmymind.net/ - New and Improved (yes, the popup is annoying) http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Thiago Campos Pereira" <tp******@rtconsult.com.br> wrote in message
news:O5**************@tk2msftngp13.phx.gbl... I need a support of the staff of the Microsoft.
Since the beginning of the year I am working in the CFLCL (Company of the
sector of energy with more than 15000 employees).
I am trying to convince the CFLCL to adopt the DotNet as tool of Web
development, but for this, I have that to obtain the approval of the
security staff.
The problem is that the security staff is fanatic with Linux and want that
the company adopts the J2EE. The great problem is that the faces are same
Hackers, for you to have idea, the Firewall was developed by it (all in
assembler), using the Linux to load the OS and later it all it takes off
Linux of air, assuming control of the operational system.
The argument that they use is that the DotNet delays very in loading the
process, besides using fixed addresses of memory.
With this, hacker can use the moment that the process of the AspNet is
loading and to generate a memory burst, obtaining to have access the
information to provoke great damages the CFLCL.
In accordance with them, the J2EE does not have this problem, therefore he
is fast to load and it does not use fixed addresses in the memory very,
making it difficult in the life of the Hackers.
But, so that the Hacker obtains to use this imperfection of the AspNet it
has that to make an attack in the hardware layer. It until showed to me
as
if he makes, generating a failed in IRQ 115 (I find that the number is
this)
that seems to be most serious, stopping all the processing of the machine
and allowing the action of the Hacker.
My argument is that to make this attack, hacker it has that to have access
the machine and that if the Firewall of it is good, we do not have with
what
being worried, playing the responsibility on them.
But, I am trying to raise more arguments.
As this low-level question is not very my beach, I am looking support of
people can assist me in the subject.
Somebody can help me? Somebody know some publication on the subject that
can help me? He will be that you do not know somebody who can help me to
gain this "competition"?
Hi Karl,
I am in Brazil.
I contacted some MVPs here and nobody can help me. I has send I e-mail to
Mauro Santana ( MS Regional Director on Brazil) and I don't receive return,
yet.
The Brazilian MVPs suggests for me contact the Microsoft on USA.
I only want a simple support about this question.
Thank You.
"Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net>
wrote in message news:%2****************@TK2MSFTNGP10.phx.gbl... Thiago:
Seems like you might need more help that what you'll get here.
You might want to try contacting a MS Regional Director in your area. I
found one in Peru:
http://www.icuadrado.com/chrismenegay.htm
and one in Ecuador
http://weblogs.asp.net/esanchez/contact.aspx
You can also try contacting the Microsoft Brazil Office:
http://www.microsoft.com/worldwide/p...country=Brazil
(sorry, I got it in my head that you are from Brazil, hope I'm not wrong!)
Cheers,
Karl
--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Thiago Campos Pereira" <tp******@rtconsult.com.br> wrote in message
news:O5**************@tk2msftngp13.phx.gbl...I need a support of the staff of the Microsoft.
Since the beginning of the year I am working in the CFLCL (Company of the
sector of energy with more than 15000 employees).
I am trying to convince the CFLCL to adopt the DotNet as tool of Web
development, but for this, I have that to obtain the approval of the
security staff.
The problem is that the security staff is fanatic with Linux and want
that
the company adopts the J2EE. The great problem is that the faces are
same
Hackers, for you to have idea, the Firewall was developed by it (all in
assembler), using the Linux to load the OS and later it all it takes off
Linux of air, assuming control of the operational system.
The argument that they use is that the DotNet delays very in loading the
process, besides using fixed addresses of memory.
With this, hacker can use the moment that the process of the AspNet is
loading and to generate a memory burst, obtaining to have access the
information to provoke great damages the CFLCL.
In accordance with them, the J2EE does not have this problem, therefore
he
is fast to load and it does not use fixed addresses in the memory very,
making it difficult in the life of the Hackers.
But, so that the Hacker obtains to use this imperfection of the AspNet it
has that to make an attack in the hardware layer. It until showed to me
as
if he makes, generating a failed in IRQ 115 (I find that the number is
this)
that seems to be most serious, stopping all the processing of the machine
and allowing the action of the Hacker.
My argument is that to make this attack, hacker it has that to have
access
the machine and that if the Firewall of it is good, we do not have with
what
being worried, playing the responsibility on them.
But, I am trying to raise more arguments.
As this low-level question is not very my beach, I am looking support of
people can assist me in the subject.
Somebody can help me? Somebody know some publication on the subject that
can help me? He will be that you do not know somebody who can help me to
gain this "competition"?
Thiago:
The problem is that your question isn't very easy to answer. You are asking
a very detailed question about the inner-workings of IIS and windows...
I replied to your question because I'm afraid your question will go
unanswered....so i thought the least I could do was try and provide you with
some other venues to ask...
You might try some more security-focused newsgroups, such as:
microsoft.public.inetserver.iis.security
microsoft.public.dotnet.framework.aspnet.security
I'm inquiring further on your behalf, will let you know if I come up with
anything..
Karl
--
MY ASP.Net tutorials http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying) http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Thiago Campos Pereira" <tp******@rtconsult.com.br> wrote in message
news:Oi**************@tk2msftngp13.phx.gbl... Hi Karl,
I am in Brazil.
I contacted some MVPs here and nobody can help me. I has send I e-mail to
Mauro Santana ( MS Regional Director on Brazil) and I don't receive
return, yet.
The Brazilian MVPs suggests for me contact the Microsoft on USA.
I only want a simple support about this question.
Thank You.
"Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net>
wrote in message news:%2****************@TK2MSFTNGP10.phx.gbl... Thiago:
Seems like you might need more help that what you'll get here.
You might want to try contacting a MS Regional Director in your area. I
found one in Peru:
http://www.icuadrado.com/chrismenegay.htm
and one in Ecuador
http://weblogs.asp.net/esanchez/contact.aspx
You can also try contacting the Microsoft Brazil Office:
http://www.microsoft.com/worldwide/p...country=Brazil
(sorry, I got it in my head that you are from Brazil, hope I'm not
wrong!)
Cheers,
Karl
--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Thiago Campos Pereira" <tp******@rtconsult.com.br> wrote in message
news:O5**************@tk2msftngp13.phx.gbl...I need a support of the staff of the Microsoft.
Since the beginning of the year I am working in the CFLCL (Company of
the
sector of energy with more than 15000 employees).
I am trying to convince the CFLCL to adopt the DotNet as tool of Web
development, but for this, I have that to obtain the approval of the
security staff.
The problem is that the security staff is fanatic with Linux and want
that
the company adopts the J2EE. The great problem is that the faces are
same
Hackers, for you to have idea, the Firewall was developed by it (all in
assembler), using the Linux to load the OS and later it all it takes off
Linux of air, assuming control of the operational system.
The argument that they use is that the DotNet delays very in loading the
process, besides using fixed addresses of memory.
With this, hacker can use the moment that the process of the AspNet is
loading and to generate a memory burst, obtaining to have access the
information to provoke great damages the CFLCL.
In accordance with them, the J2EE does not have this problem, therefore
he
is fast to load and it does not use fixed addresses in the memory very,
making it difficult in the life of the Hackers.
But, so that the Hacker obtains to use this imperfection of the AspNet
it
has that to make an attack in the hardware layer. It until showed to me
as
if he makes, generating a failed in IRQ 115 (I find that the number is
this)
that seems to be most serious, stopping all the processing of the
machine
and allowing the action of the Hacker.
My argument is that to make this attack, hacker it has that to have
access
the machine and that if the Firewall of it is good, we do not have with
what
being worried, playing the responsibility on them.
But, I am trying to raise more arguments.
As this low-level question is not very my beach, I am looking support of
people can assist me in the subject.
Somebody can help me? Somebody know some publication on the subject
that
can help me? He will be that you do not know somebody who can help me
to
gain this "competition"?
Thanks Karl,
I will try this newsgroup.
"Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net>
wrote in message news:Oe**************@TK2MSFTNGP09.phx.gbl... Thiago:
The problem is that your question isn't very easy to answer. You are
asking a very detailed question about the inner-workings of IIS and
windows...
I replied to your question because I'm afraid your question will go
unanswered....so i thought the least I could do was try and provide you
with some other venues to ask...
You might try some more security-focused newsgroups, such as:
microsoft.public.inetserver.iis.security
microsoft.public.dotnet.framework.aspnet.security
I'm inquiring further on your behalf, will let you know if I come up with
anything..
Karl
--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Thiago Campos Pereira" <tp******@rtconsult.com.br> wrote in message
news:Oi**************@tk2msftngp13.phx.gbl... Hi Karl,
I am in Brazil.
I contacted some MVPs here and nobody can help me. I has send I e-mail to
Mauro Santana ( MS Regional Director on Brazil) and I don't receive
return, yet.
The Brazilian MVPs suggests for me contact the Microsoft on USA.
I only want a simple support about this question.
Thank You.
"Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net>
wrote in message news:%2****************@TK2MSFTNGP10.phx.gbl... Thiago:
Seems like you might need more help that what you'll get here.
You might want to try contacting a MS Regional Director in your area. I
found one in Peru:
http://www.icuadrado.com/chrismenegay.htm
and one in Ecuador
http://weblogs.asp.net/esanchez/contact.aspx
You can also try contacting the Microsoft Brazil Office:
http://www.microsoft.com/worldwide/p...country=Brazil
(sorry, I got it in my head that you are from Brazil, hope I'm not
wrong!)
Cheers,
Karl
--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Thiago Campos Pereira" <tp******@rtconsult.com.br> wrote in message
news:O5**************@tk2msftngp13.phx.gbl...
I need a support of the staff of the Microsoft.
Since the beginning of the year I am working in the CFLCL (Company of
the
sector of energy with more than 15000 employees).
I am trying to convince the CFLCL to adopt the DotNet as tool of Web
development, but for this, I have that to obtain the approval of the
security staff.
The problem is that the security staff is fanatic with Linux and want
that
the company adopts the J2EE. The great problem is that the faces are
same
Hackers, for you to have idea, the Firewall was developed by it (all in
assembler), using the Linux to load the OS and later it all it takes
off
Linux of air, assuming control of the operational system.
The argument that they use is that the DotNet delays very in loading
the
process, besides using fixed addresses of memory.
With this, hacker can use the moment that the process of the AspNet is
loading and to generate a memory burst, obtaining to have access the
information to provoke great damages the CFLCL.
In accordance with them, the J2EE does not have this problem, therefore
he
is fast to load and it does not use fixed addresses in the memory very,
making it difficult in the life of the Hackers.
But, so that the Hacker obtains to use this imperfection of the AspNet
it
has that to make an attack in the hardware layer. It until showed to
me as
if he makes, generating a failed in IRQ 115 (I find that the number is
this)
that seems to be most serious, stopping all the processing of the
machine
and allowing the action of the Hacker.
My argument is that to make this attack, hacker it has that to have
access
the machine and that if the Firewall of it is good, we do not have with
what
being worried, playing the responsibility on them.
But, I am trying to raise more arguments.
As this low-level question is not very my beach, I am looking support
of
people can assist me in the subject.
Somebody can help me? Somebody know some publication on the subject
that
can help me? He will be that you do not know somebody who can help me
to
gain this "competition"?
It sounds like your security team seem to have got it in their heads that
j2ee and asp.net use different http protocols - thre is only one http
protocol and a request through any firewall to any web server, be it apache
or iis for example only returns http traffic - the security risk therefore
are pretty much the same. asp, php and jsp are not that different when it
comes down to this level and a decision on whether to use one or another
technology should be based on what exactly the benefits are - not if its
appropriate for your old firewall.
J2ee web traffic is not only delivered through Lunix - just as patching and
security are not about asp.net or j2ee. A good firewall and security
strategy in place, with correctly managed firewalls and protocols makes any
system as secure as it can be. If your security team are more concerned
about running IIS on Windows and can't get their heads around the security
policies for windows servers and especially hardware security then you could
still develop asp.net in visual studio or the SDK and deploy it to Linux
using Mono. Personally I would worry more that they dont actually
understand the concepts of web security if they are worried about potential
local hardware vulnerabilities for servers that should be in secure
computing rooms anyway.
--
Regards
John Timney
ASP.NET MVP
Microsoft Regional Director
"Thiago Campos Pereira" <tp******@rtconsult.com.br> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl... Thanks Karl,
I will try this newsgroup.
"Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net>
wrote in message news:Oe**************@TK2MSFTNGP09.phx.gbl... Thiago:
The problem is that your question isn't very easy to answer. You are
asking a very detailed question about the inner-workings of IIS and
windows...
I replied to your question because I'm afraid your question will go
unanswered....so i thought the least I could do was try and provide you
with some other venues to ask...
You might try some more security-focused newsgroups, such as:
microsoft.public.inetserver.iis.security
microsoft.public.dotnet.framework.aspnet.security
I'm inquiring further on your behalf, will let you know if I come up with
anything..
Karl
--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Thiago Campos Pereira" <tp******@rtconsult.com.br> wrote in message
news:Oi**************@tk2msftngp13.phx.gbl... Hi Karl,
I am in Brazil.
I contacted some MVPs here and nobody can help me. I has send I e-mail
to Mauro Santana ( MS Regional Director on Brazil) and I don't receive
return, yet.
The Brazilian MVPs suggests for me contact the Microsoft on USA.
I only want a simple support about this question.
Thank You.
"Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net>
wrote in message news:%2****************@TK2MSFTNGP10.phx.gbl...
Thiago:
Seems like you might need more help that what you'll get here.
You might want to try contacting a MS Regional Director in your area.
I found one in Peru:
http://www.icuadrado.com/chrismenegay.htm
and one in Ecuador
http://weblogs.asp.net/esanchez/contact.aspx
You can also try contacting the Microsoft Brazil Office:
http://www.microsoft.com/worldwide/p...country=Brazil
(sorry, I got it in my head that you are from Brazil, hope I'm not
wrong!)
Cheers,
Karl
--
MY ASP.Net tutorials
http://www.openmymind.net/ - New and Improved (yes, the popup is
annoying)
http://www.openmymind.net/faq.aspx - unofficial newsgroup FAQ (more to
come!)
"Thiago Campos Pereira" <tp******@rtconsult.com.br> wrote in message
news:O5**************@tk2msftngp13.phx.gbl...
>I need a support of the staff of the Microsoft.
>
> Since the beginning of the year I am working in the CFLCL (Company of
> the
> sector of energy with more than 15000 employees).
>
> I am trying to convince the CFLCL to adopt the DotNet as tool of Web
> development, but for this, I have that to obtain the approval of the
> security staff.
>
> The problem is that the security staff is fanatic with Linux and want
> that
> the company adopts the J2EE. The great problem is that the faces are
> same
> Hackers, for you to have idea, the Firewall was developed by it (all
> in
> assembler), using the Linux to load the OS and later it all it takes
> off
> Linux of air, assuming control of the operational system.
>
> The argument that they use is that the DotNet delays very in loading
> the
> process, besides using fixed addresses of memory.
>
> With this, hacker can use the moment that the process of the AspNet is
> loading and to generate a memory burst, obtaining to have access the
> information to provoke great damages the CFLCL.
>
> In accordance with them, the J2EE does not have this problem,
> therefore he
> is fast to load and it does not use fixed addresses in the memory
> very,
> making it difficult in the life of the Hackers.
>
> But, so that the Hacker obtains to use this imperfection of the AspNet
> it
> has that to make an attack in the hardware layer. It until showed to
> me as
> if he makes, generating a failed in IRQ 115 (I find that the number is
> this)
> that seems to be most serious, stopping all the processing of the
> machine
> and allowing the action of the Hacker.
>
> My argument is that to make this attack, hacker it has that to have
> access
> the machine and that if the Firewall of it is good, we do not have
> with what
> being worried, playing the responsibility on them.
>
> But, I am trying to raise more arguments.
>
> As this low-level question is not very my beach, I am looking support
> of
> people can assist me in the subject.
>
> Somebody can help me? Somebody know some publication on the subject
> that
> can help me? He will be that you do not know somebody who can help me
> to
> gain this "competition"?
>
>
>
>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: prabhat |
last post by:
Hi,
I am teaching myself J2EE. I have couple of books but how can I get
practical experience?
I installed trial version of IBM-websphere but it seems too complex
for a beginner in J2EE. I...
|
by: Herman |
last post by:
Hi everyone, I'm currently studying for my Master's in Computer
Science, and I will be working on my thesis this summer. I've been
thinking about constructing a web services application for my...
|
by: Lou Arnold |
last post by:
Is J2EE free or not?? I'm confused by Sun's web site.
I've been to the sun web site and found downloads pages for J2SE and
J2EE, but the J2EE page only shows updates. Does this mean that J2EE...
|
by: Al |
last post by:
I would like to add SIP stack to J2EE application server. I know that JCA
1.5 allows doing such thing. But JCA 1.5 is part of J2EE 1.4. Currently the
most J2EE vendors support J2EE 1.3. Can anybody...
|
by: Jim Collins |
last post by:
This position requires that you be a U.S. citizen and hold an active SSBI
clearance. This position offers highly competitive compensation with
excellent benefits in a highly professional work...
|
by: Silvana Di Martino |
last post by:
My group recently received its first request for the the development of a
really large and complex enterprise-level application, the kind of app that
would require the use of tools like Enterprise...
|
by: 43 |
last post by:
how come m$Office isn't written in .net?
how come Open Office isn't written in j2ee?
how come dbms systems aren't written in either?
how come browsers aren't written in either?
how come...
|
by: Luca |
last post by:
I am not a programmer but I do work in the ICT sector.
I read somewhere that J2EE would be "dying" and that PHP would be
taking its place soon...
Is this complete crap or does it have some real...
|
by: dmjpro |
last post by:
plz send me a good link which can clearify me how the J2EE framework works
i want the details information .... plz help
thanx
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
