Sunday, July 18, 2010

virtual-win-lab-mgmt is now open-source

virtual-win-lab-mgmt permits an easy virtual lab deployment and management in a minimalist Hyper-V environment: even without an Active Directory domain or without tools such as SCVMM.

Initially developped within 3 days, virtual-win-lab-mgmt already was 900+ PowerShell SLOC long. This tool was widely used for preparing and managing the virtual labs of the Microsoft TechDays 2010, Paris, France.

This project is hosting on the Google Code repository.
Link: https://code.google.com/p/virtual-win-lab-mgmt/



Saturday, July 17, 2010

Secure and easy ucarp ip-failover using ucarp-multi

ucarp-multi is an extension to the ucarp package, providing an easy way to set-up ipv4 failover within several hosts, and for several sub-interfaces.

This package is hosted on https://code.google.com/p/ucarp-multi/

Thursday, July 1, 2010

Voyage-Sncf: security design flaw

Voyages-sncf.com, the trip reservation website of the main french rail company, is one the most important websites on the french IT market. Each day seven thousands of train tickets are bought on that precise website.

How crazy is it that my browser was telling me "This is a non-secure form".. blabla (see the screenshot above)?
Since I already was on an https webpage, I figured the form was sent unencrypted...


It would be too much unbelievable to be true. Maybe is-it a Safari bug?
However, after having a quick look at the source code, - by the way please double check the highlighted URL - where the form is submitted:

This is just crazy! The form is sent to an uncrypted webpage (the URL does start with http:// and not https://) After some recent privacy issues with a lot of names released cause of a lack of security issue, I just find it unbelievable such lack of rigor in the way programmers did build this application.