2015… The year of appreciation and privacy

Over the years I’ve worked a lot with our Ukrainian office and they have the very friendly habit to formally describe what their wishes for you on many occasions. The occurrence for doing this, ranges from Birthdays to Promotions to New Year.
At first I thought that this was way to formal, but I’ve recently really started to appreciate this. There’s no nicer gesture for an adult than putting your kindest wishes to words. Therefore, here are my formal wishes to you, slightly Ukrainian style:

Dear readers, fellow Sitecore community peep, colleague, friend or family member:
2014 was a fantastic year with lots of success and also those ineluctable (tiny) tears. We’ve been through it together and we’ve been standing strong to reach 2015 all together.
With this in mind, mat 2015 become the year where you achieve strong business success,  where you experience lots of love, in good health for you and your family and I sincerely hope that it becomes a year where you’ll be proud of. One you’ll tell about to your grandchildren when you’re old :-).

Happy new year!

Having the above in mind, I’d also make all of you aware where (in my eyes) 2015 is all about. Given that everyone is these days pretty much interconnected with his phone, his tablet, notebook, desktop, internet connected TV or even coffee machine… It’s time to start taking care of ourselves.

The world is quickly evolving in an internet first world and this basically means that when everything is connected to everything. The most horrible scenario we all can imagine is the Terminator vLast scenario where machines take over the data driven world. So we have to start taking care of ourselves. Especially Facebook is changing it’s policy again without really informing its users and given the significant increase in data hacks in the last 12 months. There are also positive signals, by the way.

The audience of this blogs is a technical audience who is mainly responsible for data driven websites. Sites where we gather (potential) customer information or information about our citizens. With this hunger for data, big responsibility is pushed on the shoulders of you, the engineer or architect. Since that you don’t want to phone number to be publically available to everyone… Please ensure your customers don’t experience the same issue.

And yes, dear architect or engineer, this is your job… You can’t push this shared away by hiring a security manager. It is the job of everyone in your team(from designer, to project manager, to manager, to….), we all should care about our shared security and privacy.

In the upcoming period, I’m going to spend more time on this topic and will try to inform you about what’s ongoing. For now, I leave you with the following 2 links for inspiration. I believe you can spend your first work hours in 2015 in a very smart way, by reading them.

Windows Update for ASP.NET Vulnerability 2416728: Sitecore implications *Update*

As you could have been reading in my previous post, Sitecore’s major product Sitecore .NET Web Content Management System is affected by the ASP.NET Vulnerability 2416728. Today, Microsoft has released an update to all the Windows Update Services(WSUS and WU). You can find all the details in Scott Guthrie’s post.

What could potentially happen to your Sitecore installation when applying this patch?

  1. A couple of users get logged out. That’s only really notable for the user who use the check box ‘Remember me’. Just login again. That’s the deal. According to my checks on 6.2, this does not happen.
  2. Potentially you could get an exception for people who have a open session while updating Sitecore. According to my checks, this doesn’t happen.

So it seems that you can install this patch without any unexpected side effect. I’ve checked it on my machines and tested it there(so this is an unofficial Sitecore  statement). If we come across issue, we will let you know. If you come across issues, please let our support team know.

Update: Sometimes an ‘HttpException: Unable to validate data’ happens when people are already authenticated. I couldn’t reproduce this. But it seems to be there. In that case, please review this solution on SDN.

ASP.NET Vulnerability 2416728 and Sitecore

Sitecore’s major product Sitecore ASP.NET Web CMS is affected by the ASP.NET Vulnerability 2416728. Scott Guthrie describes all the nifty details about this threat in this post. Our Support-team has been working intensively with our Product team to get a well tested solution out. It’s available now. 

For more information, please review this article on SDN.