A little something about everything

internet marketing and website development made simple..

Using a SSL Certificate for RDP

Create and install a certificate using IIS or import a pfx file, the cert can be SHA256 or whatever you want.

Open your Cert Manager,

  • Run/open "MMC"
  • File, Add/Remove Snap-in, Certificates, OK
  • Expand the folder with your cert (generally Personal, Certificates)
  • Right Click the Certificate, Open
  • Details tab, near the bottom choose thumbprint and select the HASH VALUE
  • remove the spaces from the HASHVALUE
  • open a Command Prompt with elevated privileges
  • run the following command using your SSL cert's thumbprint hash value in place of "HASHVALUE" remove the quotes.
    • wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="HASHVALUE"
  • It should say "Updating property(s) of ...
  • then it should say .. update successful

That's it, you're done.

How to see if a sender is being spoofed in outlook: helping to prevent fraud and malware

Many times you may receive emails in Outlook that are pretending to be someone they are not, even sometimes they may appear to be coming from yourself.

Simple and effective way to see who the sender of each email really is,

  1. Click on the window where you view incoming emails, then click "view", "add columns"
  2. Now click "New Column" and name it something like "Sender"
  3. Change the Type to "Formula", click "edit" and enter the following: 
    right(([SearchFromEmail],[SearchFromEmail]),InStr(1,[SearchFromEmail],"@"))
    or right([SearchFromEmail],len([SearchFromEmail])-InStr(1,[SearchFromEmail],"@")) to show just the domain.

How to globally redirect all requests from http to https using asp.net

The most effective method will be to use the global.asax file, here is a basic example:

<script language="C#" runat="server">
protected void Application_BeginRequest(Object sender, EventArgs e)	{
if (HttpContext.Current.Request.Url.ToString().ToLower().Contains("http://"))
{
    HttpContext.Current.Response.Status = "301 Moved Permanently"; 
    HttpContext.Current.Response.AddHeader("Location", Request.Url.ToString().ToLower().Replace("http://","https://")); 
}
}
</script>

In some cases you may already have an application using the global.asax file, you can in many cases add the _BeginRequest function or adapt it if it already exists. For example add this after the <script runat="server"> tag but before any other code.

protected void Application_BeginRequest(object sender, EventArgs e)	{
	if (HttpContext.Current.Request.Url.ToString().ToLower().Contains("http://"))	{
	HttpContext.Current.Response.Status = "301 Moved Permanently"; 
	HttpContext.Current.Response.AddHeader("Location", Request.Url.ToString().ToLower().Replace("http://","https://")); 
	}

In some cases this will throw and error, before sure to check the rest of the global.asax file for any other begin requests that may be conflicting. In some cases you may need to adapt the code to work in parallel with exiting code.

How to stay secure online: Passwords, security and compromised sites, Oh my!

Best things to remember for password and email security,

  • Passwords, Have a secure password with a minimum of 8 characters including small and capital letters, 1 or more symbols, as well and at least 1 number.
    • Don't use easy to guess passwords that contain pets, kids, parents and/or sibling names or birth dates.
    • Make your password something you would never share with anyone, many people use a favorite color, food, etc.. which they also post to social media sites like facebook.
    • Separate your passwords, never use the same password for everything, if a website that you use is compromised(updated: recent example linkedin database compromised) then all of the stuff you use could become compromised. Generally its a good idea to use three or more passwords with variations of those passwords that you can change around for example H3l!0WoR!D, Hell0w0r!d, HelloW0rlD. This allows you to use basically the same password in many places but if one place is compromised it will minimize the impact since you are using a variations of the passwords in each place.
    • Try to avoid needing password security questions and hints, don't give real answers that a potential hacker can find with little effort.
  • Public terminals, Don't use public terminals to check your email or bank information as they can contain key-loggers which will compromise your account to hackers including government agencies.
  • Free WiFi, Don't use public unencrypted free WiFi to send and receive email unless you are browsing and checking email with SSL only. (https:// for sites and webmail or SSL in your email configuration)

This may seem like a lot of work but having identity theft or compromised personal information will be a lot worse.