More on Security and Running LUA

I have come upon some more references on this topic:

Aaron Margosis mentioned that running as a member of the Power Users group is just as dangerous as local admin. I didn't quite understand that, and have only recently found some more details on this issue:

Per Ostergaard discusses this in a "And I thought Power Users were a wise choice..." at his msgoodies blog.


Microsoft posted a KB article A member of the Power Users group may be able to gain administrator rights and permissions(October 2004) describing the nature and danger of putting users in the "Power User" group.


He found a reference at the "Hall of Shame" page at the threatcode.com site.


He also posts links to more details of the dangers of the "Power Users" group. There is an oldpost at Michael Howard's blog about kewl tools that has some good comments on the issue.

Margosis posts PrivBar Source Code

Aaron Margosis posted the long awaited source code for his PrivBar utility on Oct 13 and yesterday (10/27/05) has posted an update. I am about to try making the modifications I sought.

Audio Stream Capture

Here are some articles about capturing Audio Streams. This is something I have been trying to do since I found the great programming on BBC radio.



Wikipedia has quite a few good articles on digital audio encoding and decoding in different formats. Audio Data Compression is quite good, including a section on Lossless compression.


And it supplied some good references to other tools.

Swen's Weblog explains How to download Real Audio streams and convert Real Audio to MP3
He also writes about Lossless Compression with the Shorten (.SHN) format.
The eTree.org Wiki is also a good source on Lossless Encoding using Shorten or FLAC.

A Small SHN and MD5 FAQ by D & G Hamiltion is a widely referenced article (last update 2003). Sources he references have stopped updating and reference the Wikipedia article above.

Jeff Prosise on the ASP.NET Provider Model

Jeff has written a series of articles for Microsoft on the Provider Model in ASP.NET. He links to them at the Wintellect Wintellog. They are posted at MSDN. This is the parent article. They are quite helpful. I looked so far at the membership provider. He provides a simple, somewhat crippled (readonly) sample that uses an XML file datastore.

[UPDATE]
Dino Esposito has an excellent (as usual) article in the December MSDN Magazine on the new provider for the ASP.NET Membership and Profile API.

SECURITY - Cached data and Cookies

Brief article at CNET by a man from Checkpoint points out the danger of unencrypted files being cached on user's local PC. He also mentions data cached by search tools. Helpful warnings, but not much offered as a solution.