I must have missed the memo on this, but it seems the first service pack for Visual Studio 2005 has been released (release notes). This release should add a lot of stability to the IDE and resolve of number of issues (such as the frequent VB compiler crashes). It’s a rather large download, approximately 450 MB, and is rather slow to install, but it promises to be well worth it.
The one real downside, is that you shouldn’t plan on doing much while it’s installing; the almost 400 MB of RAM consumed during parts of the installation may slow your system to a crawl. So, make plans to do something else while it’s working, because you won’t be.
Update: Visual Studio 2005 SP1 Known Issues
When I buy something, I expect support. When I buy something expensive, I expect really good support. That may be asking too much, but that’s just how I think. Now, when I contact the vendor for support, I expect to talk to somebody that understands the product. When I bring up an issue that gets me on a conference call with a Vice President and a Project Manager, I expect them to give me accurate data.
It’s been some time since I last wrote about YAWAST on here, it was actually back in April when I posted the last update – that was for the release of YAWAST v0.7.0. Currently, it’s at version 0.11.0 and a lot has changed. It’s been rewritten from scratch, more people have become involved, it has moved to a (fairly) regular release cycle, and has expanded a fair bit in terms of functionality.
Recently Vice published a story about a lawsuit against the makers of the ‘secure’ messaging application Confide. This isn’t just a lawsuit, it’s a class-action lawsuit and brought by Edelson PC – an amazingly successful (and sometimes hated1) law firm – this isn’t a simple case. The complaint includes a very important point:
Specifically, Confide fails to deliver on two of the three requirements that it espouses as necessary for confidential communications: ephemerality and screenshot protection.
The information security industry, and more significantly, the hacking community are prolific producers of incredibly valuable research; yet much of it is lost to most of those that need to see it. Unlike academic research which is typically published in journals (with varying degrees of openness), most research conducted within the community is presented at a conference – and occasionally with an accompanying blog post. There is no journal, no central source that this knowledge goes to; if you aren’t at the right conference, or follow the right people on Twitter, there’s a great chance you’ll never know it happened.
While looking into PL/SQL Developer – a very popular tool for working with Oracle databases, to see how it encrypts passwords I noticed something interesting. When testing Windows applications, I make it a habit to have Fiddler running, to see if there is any interesting traffic – and in this case, there certainly was.
PL/SQL Developer has an update mechanism which retrieves a file containing information about available updates to PL/SQL Developer and other components; this file is retrieved via HTTP, meaning that an attacker in a privileged network position could modify this file.
