Macrocosmic Technologies

The October 2008 release of the TFS power tools is now available. If you’re more advanced that code monkey, you’ll want this. TFS is now integrated with the Windows shell. You can right click a file or directory, get latest, add to source, merge, and everything else you used to need to do through the Visual Studio IDE.

TFPT has also been updated to allow searching of check-ins based on server path, committed date range, committed user, check-in comments and check-in notes. PowerShell is supported as well, for basic operations.

Within the Team Explorer, there’s a new node called “Team Members”. Prepopulated with your project’s team members, you have the ability to view an individual’s check-ins, pending changes, and shelvesets. You can, of course, populate with AD users or TFS groups.

Proper vulnerability analysis is critical to delivering secure software. It is equally important if you find yourself in the middle of a major motion picture too. Consider the following:

• If you only had one single vulnerability, wouldn’t you commit pretty much any and all resources you had available toward ensuring that said vulnerability was impossible to exploit? Sauron let his top soldiers, the Nazgul, run all over Middle Earth, getting involved in what amounted to turf battles. A smarter strategy would have been to completely fortify Mount Doom, and THEN start worrying about taking over the rest of Middle Earth. Having a firewall is not sufficient. You need to record and monitor activities at both the perimeter of a network and close to its most-valuable assets.
• If you have an application that hosts valuable data from an attacker’s perspective, you need to ensure that all inputs are validated and appropriately sanitized. The most comprehensive physical security out there can be rendered irrelevant by failing to perform validation on even one input. You need look no further than “Snatch” and its diamond heist as proof of this. Criminals, posing as buyers, bypass the security by posing as expected input and are not screened completely.
• Sandboxes, whether for virtual servers or VM’s for code, need to be completely isolated from the host operating system. If someone can leave the sandbox and touch the underlying host, it is possible for the host to be compromised. In “The Matrix”, Neo broke out of the sandbox, rooted the host, and then corrupted the processes running in the sandbox.
• If you must have a trusted subsystem that is allowed to perform low-level actions against high-value assets in an unauthenticated manner, then you need to make sure that authentication and authorization to your trusted subsystem is extremely strong. Having an authorized process share its authorization token with a malicious process will allow the malicious process to access the assets. In “Brazil”, Minister Helpmann shares his password with Sam, who then uses it to access the master systems and “delete” all records of the existence of an individual.
• When mapping out the security roles in an application, always consider following the principle of least privilege. If a user doesn’t need access to an action or asset to perform their authorized duties, they shouldn’t be allowed access. If a system is improperly modeled, and a user can access low-level or administrative functionality, it can be used to exploit an application. In Star Trek’s “Best of Both Worlds”, Data issued the “Sleep” command to all members of the collective, forcing them to go to sleep. Clearly, this command should only have been made available to a small set of super-users or administrators.

While planning the redesign of an enterprise application at my employer, we’re using the Microsoft patterns & practices Application Architecture Guide as one of our design guides.

We started by baselining the current application against the guide, and found it deficient in every single outlined quality attribute. Specifically, the quality attributes outlined are availability, conceptual integrity, flexibility, interoperability, maintainability, manageability, performance, reliability, reusability, scalability, security, supportability, testability, and usability. Unfortunately, these deficiencies are what lead to the biggest pain points, both for the business and the technologists trying their level best to deliver the optimal solution to it.

Obviously, there are tradeoffs inherent in these quality attributes. One obvious tradeoff is security versus performance and usability. All three are important in nearly every application, but depending upon the threat profile of the application, security may take precedence over nearly every other attribute.

According to the document, during the design process, the following guidelines should be considered:

• Quality attributes are system properties that are separate from the functionality of the system.
• From a technical perspective, implementing quality attributes can differentiate a good system from a bad one.
• There are two types of quality attributes: those that are measured at run-time, and those that can only be estimated through inspection.
• Analyze the tradeoffs between quality attributes.

Some of the questions from the guide include:

• What are the key quality attributes required for your application? Identify them as part of the design process.
• What are the key requirements for addressing these attributes? Are they actually quantifiable?
• What are the acceptance criteria that will indicate you have met the requirements?

TFS gives you some powerful, but somewhat obscure, functionality for undoing users’ checkouts, deleting workspaces, and more. As a TFS admin, you run into cases where a user’s workspace has become irretrievable, whether due to the user no longer being available to the project or a loss of data on the part of the user. The command for this (covered in MSDN) is:

tf workspace /delete hisworkspace;DOMAIN\OtherUser

If you want something a little more granular, you can undo the lock on a checkout, but not lose the change. This command (also covered in MSDN) is:

tf lock /lock:none $/project/path/filetounlock.cs

If you truly want to undo a checkout, losing the change, you can use this command:

tf undo /workspace:OtherUserWorkspace;DOMAIN\OtherUser $/project/path/filetowhack.cs

If the developer has moved on, whether to another project, another company, or it was their gear that moved on and took their project with it, deleting the workspace will likely work best. You don’t have to worry about unlocking their files, and you don’t have to wander all over your source tree taking care of files individually.

In response to November 2007’s loss of some seven million individuals’ banking information, Top Gear host Jeremy Clarkson wrote

“Back in November, the Government lost two computer discs containing half the population’s bank details,” he said. “Everyone worked themselves into a right old lather about the mistake but I argued we should all calm down because the details in question are to be found on every cheque we hand out every day to every Tom, Dick and cash and carry.

Jeremy then proceeded to publish his banking details, as well as information about the car he drives and where to find his address. In a thoroughly unsurprising turn of events, he found himself the victim of identity theft, donating £500 through a non-signature debit to the British Diabetic Association.

Now, with the pain of identity theft having been personalized, he has changed his tune.

“Contrary to what I said at the time, we must go after the idiots who lost the discs and stick cocktail sticks in their eyes until they beg for mercy.”

I presented a few days ago at Cleveland’s Information Security Summit. My topic was originally to be about Threat Modeling, using a system-centric approach to analyzing the threats, assets, and vulnerabilities of an application. Because there was another session being presented on threat modeling, I wanted to offer something unique. To that end, I reworked the presentation to include a section about the Security Development Lifecycle and how threat modeling fits within it.

While the slide deck won’t give you all the information from the session, it will provide you with the highlights. The PDF version can be found here.