Brett Hill


Brett Hill is technical product manager at Microsoft in charge of technical readiness for Microsoft Partners with Microsoft Business Productivity Online Suite. He operates and maintains a blog at

Get Started with Microsoft’s Online Services 2
Get a taste of cloud computing by trying out Microsoft's Business Productivity Online Suite. Follow easy steps to set up Exchange Online and SharePoint Online and get some useful pointers for deployment and management of the online services.
Maxthon 2.1 Released 1

Maxthon, a tabbed brower built of IE has released version 2.1. Liked by some geeks because it maximizes the size of the browser window, you can find out more at

A Guide to Windows Certification and Public Keys
This eBook provides a starting point for understanding the Public Key Infrastructure (PKI) and certificate services available in Windows Server 2003. The eBook will cover topics such as trust relationships, trust management, validating digital certificates, certificate autoenrollment, certificate revocation, and key archival and recovery, as well as the limitations of PKI and certificate services in Windows.
IIS 7.0 Paves the Way to Webgeek Nirvana 1
Take a tour through the exciting features and improvements in IIS 7.0
IIS Application Isolation
Enabling application isolation on an IIS server involves controlling the application's process identity and the user identity, along with expert use of NTFS permissions.
McDonalds China IIS 5 Server defaced

A McDonalds IIS server was defaced by a Chinese hacker angry that Taiwan was listed as a separate country on their server. They were lucky that is all they did. The server reports it is a Windows 2000 server running IIS 5 so I'd be curious as to what the administrators missed that this defacement was possible. is the domain.

Other browser "not up top par" with IE 3

Referenencing the firefox thread that was going on earlier, I ran across this article:

that concludes " It appears that the overall quality of code, and more importantly, the
  amount of QA, on various browsers touted as "secure", is not up to par
  with MSIE; the type of a test I performed requires no human interaction
  and involves nearly no effort. Only MSIE appears to be able to
  consistently handle \[*\] malformed input well, suggesting this is the

Smart phone device target of Trojan

Toward the issue of using mobile devices as a way into corporate networks, this article about a new trojan targeted for Symbian smart phones is exactly the kind of thing I'm talking about. The trojan is named MetalGear and disables anti virus software when run. While this particular piece of malware does not seem focused on gathering privledged information, it is the kind of thing that could.,aid,119035,00.asp

Center for Internet Security Scanning tool

I am frequently asked how people can cost effectively scan and analyze security setups on their servers. Nessus is one way to go for sure, but others are available including the Center for Internet Security scanning tools at The scanner currently does not scan XP SP2 or W2K3 Server but does Windows 2000. The tool should be updated shortly to bring the most current Microsoft OS's into view.

-brett hill

Apache more secure? 4

In response to the comment about apache on unix being "much more secure", I don't buy it. As far as I'm concerned, it's simply one of those persistant myths that IIS is any less secure than any other web server including Apache. An uniformed adminsitrator is just as likely to deploy an insecure apache server as they are an IIS server.

Oh, BTW, you might enjoy checking out the the 44 security flaws found by graduate students recently.

Google exposes information from insecure sites 2
Tips for new IIS admins to secure sites and stay out of problems.
CyberTerroism Threats

Protecting your systems from attack is a key task of course, but I've got serious doubts about the effectiveness of any of the CyberTerror studies etc sponsored by the Federal govt. I can't think of anything that has come out of the boatloads of money spent other than very vauge and broad guidelines that are "suggestions".

The outgoing cyberterror czar had some intresting comments the other day on his way out. "cyberterrorism could be the most devastating weapon of mass destruction yet.

Google Site defaced

A website run by google ( was defaced using a known exploit of phpbb2.
You can find some info on this at

For me, this highlights that vulnerabilites are more focused on applications these days than anything else.


Hacking PDA's: Trend Micro Free PDA virus scanner 5

Yes, hacking servers is big news, but gazing into the digital crystal ball, PDA's are sitting ducks for hackers to penetrate corporate networks. Of course, this goes hand in hand with wireless traffic vulnerabilites, which is another topic. I mean, we've got XP pro SP2 with ICF and now Windows Server 2003 with ICF (via SP1) and a very ambitious security wizard that attempts to lockdown a server based on it's installed roles. But a Windows Pocket PC's have nothing at all in terms of security except for the optional up front entry of a pin.

Intelligence Gather Techniques

There is a decent chapter on techniques used by those intrested in gathering information about your systems at It's from a New Riders book called NEtwork Intrusion Detection: An Analyst's Handbook by Stephen Northcutt. He is a SANS speaker and author, and team leader for the Dept of Defense Shadow Intrusion and Detection team. Sound very stealth, but I have no idea wht that really means.

Microsoft Stack Master Class

Master-Level Microsoft Stack Class with John Savill
Online Class: Thursdays Oct. 12th-Dec. 21st
30 Hours of Training for $995!

Understand the complete Microsoft solution stack, how the products work together, and how to implement and maintain for a total datacenter and desktop solution. This course covers the latest technology updates including Windows Server 2016 and Windows 10 and will enable the new capabilities to be leveraged in your organization.


Join the Conversation

Sponsored Introduction Continue on to (or wait seconds) ×