Just started watching Lost season 2 - Boy, if you think things are complicated now, just wait till you see season 2 episode 3!

Dont worry I wont post any spoilers!

Pre-X05 excitement reaches melting point... Bungie promises 'awesome' announcement



A screenshot that purports to be the first ever image of Halo 3 is today causing rampant speculation as to whether Microsoft intends to unveil the game this week.

Microsoft's annual Xbox press extravaganza X05 kicks off this week in Amsterdam, where it has been rumoured that Halo's next-gen debut would be unveiled.

However, most credible sources suggest that the screenshot in question is a fake. It also seems that Halo 3 - due to be released at the same time as PlayStation 3 - being at X05 is little more than wishful thinking.

Indeed, Halo developer Bungie stated on Friday, "Keep your eyes peeled next week for a surprising, cool, awesome Bungie-related announcement. No, it is not Halo 3, nor is it the surprise revelation of our next project (whatever that may be) but it's sweet."

A digital virus spread by terrorists left bodies on the streets and cities quarantined by the government.

Fortunately, the epidemic was not real, but the aftermath of an inadvertent digital plague caused by a simple change to the massively multiplayer online roleplaying game, World of Warcraft.

The change? Giving a monster the ability to curse in-game avatars with a self-propagating, albeit temporary, disease. While the developers only intended the disease to affect the group of characters fighting the monster, the infectious malady quickly became a tool in the hands of malicious players known as griefers, who found ways to bring the digital virus into heavily inhabited areas of the world.

For a week, the efforts of malicious players left behind massive casualties, made cities nearly uninhabitable, and became a reminder of the uncontrollability of self-propagating code.

"There are three things you can do: infect people, die, and watch other people do the first two," said one person posting to the World of Warcraft community forum under the handle 'Modahan.' "There's no way to rush for a cure; there's no way to stop the plagued idiots from coming in, there's no quest, no change, no nothing."

While previous flaws in online multiplayer games have led to unintended consequences, this may be the first time that a disease has spread from character to character. While a developer-created digital virus killed off characters in the original Sims game, it only occurred if the player obtained a guinea pig and did not keep its virtual cage clean. Fan-created content for the sequel to that game, Sims 2, contained modifications that persisted and were inadvertently transferred from player to player creating string of virus-like effects.

The World of Warcraft's particular plague was caused by a curse known as 'Corrupted Blood' given to those in-game characters that battle a demon called Hakkar. The curse causes damage and can be passed onto other characters nearby. However, programmers at the game's developer, Blizzard Entertainment, failed to limit the area where the curse operates.

The complex epidemic that ensued after adding simple self-propagation to a feature of the game should come as no surprise, said Brian Martin, an independent security consultant who plays World of Warcraft.

"Giving it the ability to propagate at all beyond a limited environment definitely reminds us that self-propagating code is likely to bite us in the ass without careful consideration and planning," Martin said. "This also underscores the fact that adequate testing is a requirement for software, as this--and thousands of other bugs--would have easily been discovered and hopefully fixed had the testing been more thorough."

Last week, the game's developer Blizzard Entertainment rushed out a patch that limited the ability to infect others to only within the specific adventuring area known as a dungeon, a move which contained the disease to at most 20 characters. While the company would not comment on the epidemics, which happened on several of the game's servers, a spokesperson acknowledged the incidents and that the company had fixed the flaw.

The World of Warcraft has become the most popular online roleplaying game to date, with more than 4 million players worldwide, according to Blizzard.

The plagues started on September 13 after Blizzard updated the game to include, among other new content, a dungeon known as Zul'Gurub. In the heart of that dungeon sat Hakkar, an in-game demon, that cursed any characters who attacked it with Corrupted Blood, a damaging curse that spreads from player to player.

The disease would have not spread from the original dungeon but for the efforts of griefers. The online roleplaying game equivalent to terrorists, griefers would teleport their characters to inhabited areas or used their pets as plague carriers to spread the disease to the general population of a server, according to postings on various community sites.

Griefers have taken advantage of other loopholes in online games. In World of Warcraft and Everquest 2, for example, some malicious players have used time-delayed curses to turn their characters or pets into virtual bombs, teleporting to nearby inhabited areas just before the curse went off, affecting everyone in the area.

Reaction to the actual effects of the epidemic have been mixed. Some players have lauded the appearance of an epidemic as a cool in-game feature.

"Yes, there are a lot of upset people, but again, that's because this was unintentional and the effects go too far--some say," one player, using the handle 'Po,' said on the World of Warcraft forums. "However, there are a great number of folks who think this thing is spectacular."

Other players have taken exception to the fact that entire cities had become plague-ravaged and dangerous to all but very high-level characters. The player of a high-level mage complained that the game became unplayable until Blizzard fixed the problem last week.

"Basically I tried to enjoy the new game content but got griefed by my own faction," the player, who used the handle 'Starcinder,' said in a posting to the World of Warcraft forum. "Good plan Blizzard. This 'content' was visionary ... considering the maturity of the player base."

While short-lived, the incident should be a reminder that adding the ability to spread to simple features can bring complex consequences, said security consultant Martin.

"Not only does it present an in-game dynamic that was not expected by players or Blizzard developers, it reminds us that even in seemingly controlled online atmospheres unexpected consequences can occur," Martin said. "While not as serious as a classic computer virus, it reminds us that computer code can impact us and we're not always safe, regardless of what precautions we take."

By default, Microsoft Internet Information Services (IIS) 6.0 on Windows Server 2003 runs ASP.NET applications in application pools that use the NT AUTHORITY\Network Service account identity. This account is a least privileged machine account with limited permissions. An application that runs using this account has restricted access to the event log, registry, and file system. The account does have network credentials, which means you can use it to access network resources and remote databases by using Windows authentication. The network resources must be in the same domain as your Web server or in a trusted domain.

In some scenarios, using a custom domain service account is a better approach than using the Network Service account. You should use a custom domain service account if:

• You want to isolate multiple applications on a single server from one another.
• You need different access controls for each application on local and remote resources. For example, other applications cannot access your application's databases if access is restricted to your application's account.
• You want to use Windows auditing to track the activity of each application separately.
• You want to prevent any accidental or deliberate changes to the access controls or permissions associated with the general purpose Network Service account from affecting your application.

SQL Server

ASP.NET applications should use Windows authentication while connecting to a database. By using Windows authentication, you avoid storing database credentials in connection strings and you avoid passing passwords over the network to the database server.

With Windows authentication, your application's process account is used by default for authentication. To be able to access a database, your account requires:

• A SQL Server login on the database server.
• Permissions to the required objects (for example, stored procedures, views, or tables) in the required database.

Granting Access to a Local SQL Server

When the SQL Server is on the Web server, you must create a database login for the NT AUTHORITY\Network Service account.

To access a local SQL Server database using Network Service

1. Start SQL Server Enterprise Manager.
2. Expand the folders in the left panel and locate the Security folder for your local SQL Server.
3. Right-click Logins in the Security folder, and then click New Login.
4. In the SQL Server Login Properties - New Login dialog box, in the Name box, enter NT AUTHORITY\NETWORK SERVICE. Accept the defaults for the other settings, and then click OK.
5. Expand the Databases folders, and then expand the Pubs (or equivalent) database.
6. Right-click Users, and then click New Database User.
7. In the Database User Properties - New User dialog box, select the NT AUTHORITY\NETWORK SERVICE account.
8. In the Permit in Database Role list, select the db_datareader check box.
9. Click OK, and then close the SQL Server Enterprise Manager.

The Network Service account now has permission to read the data in the tables of the designated database.

In practice, your application's requirements may be more complex. For example, you might want to allow read access to certain tables and allow update access to others. The recommended approach to help mitigate the risk posed by SQL injection is to grant execute permissions to the Network Service account on a selected set of stored procedures and provide no direct table access.

Granting Access to a Remote SQL Server

If you are accessing a database on another server in the same domain (or in a trusted domain), the Network Service account's network credentials are used to authenticate to the database. The Network Service account's credentials are of the form DomainName\AspNetServer$, where DomainName is the domain of the ASP.NET server and AspNetServer is your Web server name.

For example, if your ASP.NET application runs on a server named SVR1 in the domain CONTOSO, the SQL Server sees a database access request from CONTOSO\SVR1$.

To access a remote SQL Server using Network Service

To grant access to a remote database server in the same domain or a trusted domain, follow the steps described earlier for a local database, except in step 4, use the DomainName\AspNetServer$ account to create the database login.

Note   In production environments, you should place the network service account into a Windows group and create a SQL Server login for the Windows group.

 

from MSDN

DasBlog patched. Added base64 support

Liverpool 1 - Chelsea 4

Nuff said...

On our way back. Did i mention how much i hate flying? I mean who trusts engineers Work Monday. Sigh...

Made the obligatory trip to the waterpark to throw myself down some ridiculously steep slides.

Nearly finished all my books & suduko puzzles. Perfecting blogging technique floating on lilo! TTFN

Now's your turn to enjoy some of Tenerife. What sweets do u want me to bring back? Leave your comments.

Just check my mail and realised some of you were a bit puzzled my some of my previous posts! Ez even tried to decrypt it! FYI it was simply base64 text - this is how you email travels the world - very simple to decypher - but probably asking a bit much for the lazy reader!!

Just noticed that some of my posts from Tenerife (ones without attachments) have not been dispaying correctly - they look base64 encoded. I´ve found an internet cafe and fixed the posts manually. Will fix the bugs with dasBlog when I return. Also noticed some of the translations on the site arent all in place - half my site is in spanish! BTW using a spanish keyboard is a nightmare!!!!