Tech Blog

Security Alerts - Dyre Malware

Posted by Linda Johnson

Dec 10, 2014 11:34:38 PM

In September 2014, Salesforce issued a security alert in Knowledge Article Number: 000199724:

[https://help.salesforce.com/apex/HTViewSolution?urlname=Security-Alert-Dyre-Malware]

This notified customers that one of its security partners identified the Dyre malware as potentially targeting some Salesforce users. According to Salesforce, this is not a vulnerability within Salesforce, but malware that resides on infected computer systems and is designed to steal user log-in credentials.

Recently, I received an email from Salesforce Security that had identified an issue on a computer of one of our customers. So - What is Dyre Malware, how do you avoid Malware and what are the steps you should take should this happen to one of your users?

Read More

Topics: salesforce

Everything You Need to Know About Azure Service Bus Brokered Messaging (Part 1)

Posted by Max McCarty

Dec 9, 2014 10:38:00 PM

Read More

Topics: .Net, cloud, Microsoft Azure, Azure Service Bus

User Account Security Using Password-Based KDF’s

Posted by Max McCarty

Dec 5, 2014 2:05:37 PM

There are different ways to implement security in a system based on many different factors.  When implementing security for your user accounts, we give lots of thought to security in relation to a non-compromised system, where attackers are still trying to penetrate and gain access to account data.

Read More

Topics: cryptography, security, password hashing

Control Data Access in Azure Storage Services with Shared Access Signatures...

Posted by Max McCarty

Nov 25, 2014 10:42:19 AM

You’re utilizing Microsoft Azure Storage services to host your data only to realize you need to control data access.  Data access is not always a black or white scenario where data is completely publicly available or completely unavailable. So, what can we do about controlling consumer access of our data resources? This is where Shared Access Signatures come in.

In the video at the following link, we’ll cover how to utilize Shared Access Signatures for controlling access to data resources in Azure’s Storage Services.

Read More

Topics: security, azure, Microsoft Azure

An Introduction to Gulp Task Runner

Posted by Sanjar Giyaziddinov

Nov 24, 2014 10:42:00 PM

There's a lot of buzz around the JavaScript community lately.  There are many tools, frameworks, and libraries sprouting up everyday.  One such tool you may have heard of is Gulp.  If not, following is a high-level explanation that may help.

So what is Gulp? The short answer - Gulp is a JavaScript task runner. If you’re not familiar with JavaScript task runners, you might be asking what they are and wondering why we need them?

Imagine this scenario: You’re developing a simple JavaScript front end application with AngularJS. During the development cycle you’ll probably create dozens of JavaScript files with your AngularJS modules, controllers, services, directives etc. As you are developing, there are a number of tasks you'll need to complete as secondary tasks to actually writing code:

  • You have to make sure that there are no syntax errors in your files, so most likely you'll validate them using a static analysis tool.
  • It is a lot faster if the browser makes fewer request to the server to get your JavaScript and CSS code instead of making a separate requests for each file. Concatenating JS and CSS files is yet another task that would be beneficial.
  • To reduce the size of the files transmitted to browser, you should also minify them.

It doesn’t sound so bad if you had to do this once or twice, but in reality you’ll probably need to do all those steps, well, almost on each file change.

Read More

Are You Prepared for the Coming Salesforce Instance Splits?

Posted by Adam Menzies

Nov 19, 2014 10:19:00 PM

Recently, Salesforce announced that it will be splitting a number of its North American customer instances. This can be an event that goes by without notice, or one that causes custom functionality to break and leaves you scrambling to put out fires without proper preparation. Below are answers to key questions and steps for how to plan for the coming instance splits. 

Read More

Topics: Salesforce.com, Org Splits

How to Mitigate SSL 3.0 Being Disabled: Salesforce and Cast Iron

Posted by Don Ayres

Nov 10, 2014 12:04:12 PM

Salesforce recently announced in Knowledge Article Number: 000206013 that it will be disabling SSL 3.0 connections to address the POODLE security vulnerability in the coming months. The change is not expected to impact browser-based users, but may impact Salesforce customers who are using certain versions of data integration products, such as IBM Cast Iron.
Read More

How I was struck by Lightning at Dreamforce 2014

Posted by Sean Genung

Nov 5, 2014 9:43:00 AM

 

Read More

Topics: Salesforce.com, Dreamforce 2014, Salesforce Lightning

JavaScript: The New Assembly

Posted by Steve Ayers

Oct 27, 2014 10:11:00 AM

I don’t like CoffeeScript.

I’m sorry, I know I just offended half of the JavaScript community, but I have to get that off my chest.  I feel like it adds an unnecessary abstraction and needless syntactic sugar over top of a language that is already pretty expressive and easy to understand.  To me, it smacks of laziness and a sense of entitlement.  ‘Ugh, I just can’t be bothered to write semicolons and curly brackets.  Who has the time?'

Read More

Topics: Angular, Javascript, ClojureScript, AtScript, Dart

OWASP Top 10 Risks #2: Broken Authentication and Session Management

Posted by Max McCarty

Oct 22, 2014 2:54:55 PM

In 2013 over 34 million Americans reported some form of identity theft.  Three quarters through 2014 there is already a reported 568 data breaches with over 75 million records compromised and hundreds of millions of users affected.  This is up from the 439 breaches in 2013.  Identity theft isn’t a possibility, it’s a reality that is happening all the time and identity theft is at the core of the 2nd of OWASP’s top 10 most critical web security risks of 2013; Broken Authentication and Session Management.

Here we'll examine the overall theme of just what broken authentication and session management looks like and also look at how to properly implement some common website features correctly.

Read More

Topics: authentication, security, OWASP

Subscribe to Email Updates