Bart is discussing some security tips and tricks he has learned and evangelized as an MVP this year. He commonly reffers to them as his Personal Security Push (PSP). Nice initiative and good reading Bart!

  • PSP Episode 1 - Please run as
    It doesn't matter what you're doing on your machine, always run under the context of a low privileged account. Thus, the user "Administrator" and the group "Administrators" are evil things for day-to-day usage, just as "Power Users" are. Instead, run as a simple user (member of the Users group). That sounds great, but what about development-related things that need elevated privileges (see a further episode about "Debugging is a privilege") or installation-related tasks? The answer is the "Secondary logon service". 
  • PSP Episode 2 - Debugging is a privilege (sometimes)
    Still a bunch of people run as Administrator (see first episode for countermeasures) because of one reason: "I need to debug applications". However, this argument doesn't make sense at all. 
  • PSP Episode 3 - Everyone = "including the bad guys"
    Everyone should know the Everyone group in Windows. There's a problem however related to this group.
  • PSP Episode 4 - Role-based secury unleashed
    Every .NET developer should (at least) have heard about role-based security. In this fourth episode of my "Personal Security Push" I'll talk about what role-based security is all about, how it works and how to empower it in your applications
  • PSP Episode 5 - How to store passwords?
    A pretty well-known scenario: you're implementing a great website with forms authentication and you need to store the users' passwords somehow. But how? In this post I'll show you common techniques to do this in a secure way.