This might be a helpful thread for Java Runtime Environment users and application developers. Some applications behave abnormally if you are not running the required and supportive version of JRE in your computer. CISCO ASDM is a good example. I had issues when I installed it in JRE Update 19. So you need to remove this version and install a compatible version of JRE Update 17.

All you need to do is uninstall the existing version and install a compatible version of Java Runtime Environment. Here comes JavaRa

Tiny utility JavaRa cleans up older or redundant versions of the Java Runtime Environment (JRE) that might be littering up your PC, and optionally updates to the latest version. It's a simple tool that just works.

Download JavaRa

If you have tried surfing Gmail in iPad, you may find it different than what you have used on your desktop. Yes Google has released new version of Gmail Interface ( Gmail for mobile HTML5 web app) specially for iPad (launched for launched for iPhone and Android devices as well). It is classic, see below. You would defintely love to have the same interface in your desktop or laptop computer.

The solution is very simple to do if you already have firefox browser or else download firefox. Here it is

1. Install the User Agent Switcher Firefox extension

2. Once installed, go to Tools -> Default User Agent -> Edit user agents.

3.Click New -> User agent, then copy and paste the iPad-spoofing user agent below in 'User Agent' text field.

Mozilla/5.0(iPad; U; CPU iPhone OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B314 Safari/531.21.10

4. Now that you've added the new user agent, select it as your active user agent. (Tools -> Default User Agent -> iPad)

5. Now navigate to and log into Gmail. When it loads the Gmail interface, you should see the tablet-friendly interface you see in the screenshot above.

Server Error in '/' Application.

---

Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Web.HttpException: Validation of viewstate MAC failed. If this application is hosted by a Web Farm or cluster, ensure that <machineKey> configuration specifies the same validationKey and validation algorithm. AutoGenerate cannot be used in a cluster.

-------------------------------------------------------------------------------------------------

Do you get above error in your website?

This means that Content Services Switch or Load Balancer is established in your application servers and thus causing this error.

The problem now is that most of the web applications require to maintain the client connection to same server till the client ends the connection. CSS by default connects the client request to which ever the server is free at that moment. If the first request of the client is handled by SERVER1(10.2.2.1), CSS may direct the same client request to SERVER2(10.2.2.2) if SERVER2 is comparatively free than SERVER1. Even if the same version and patches of web application is maintained at SERVER1 and SERVER2, Machine Key and session information will not be available on both the servers. So now, what you need to do is setting up of  'stickiness' in CSS content rule.

Before trying to resolve it, I explain you some technical terms related to this bug.

• Viewstate: Explained very well here http://www.dotnetjohn.com/articles.aspx?articleid=71.
  

• MAC (Viewstate MAC): ASP.NET runs a message authentication check(MAC) on the page's viewstate when the page is posted back from the client. This is to ensure that the same client sends the requests without data tampering in between transmission. Some peoples suggest to disable this check by setting enableEventValidation="false" (see bulletin 1 below), but please be aware of the consequences of security risk. Disabling this check skips the validation of postback and the attacker could spoof the postback data and corrupt your application or servers.
  

• Web Farm: Two or more server balancing the traffic of a web application. In a Web Farm, a front-end load balancer will handle the client requests and distribute it between the back end application servers.
  

• Content Services Switch (CSS):  CSS receives the client request for content and directs to a specific server, say for example, if you have setup CSS to balance the load between two servers, then it would send the client request to the servers which are free at that moment. To assist you in understanding see the setup diagram below,

Other suggested solutions that I do not prefer to do:

 1.             Try adding this string in <system.web> section of your web.config file :
                <pages validateRequest="false" enableEventValidation="false" viewStateEncryptionMode ="Never" />
                for fix "Validation of viewstate MAC failed" error.

Even your issue is resolved by adding this line, it is like removing the speakers from 'Fire Alarm System'. 

2.              Force every server in your farm to use the same key; generate a hex encoded 64-bit or 128-bit <machineKey> and put that in each server's machine.config.

<machineKey     validationKey='123123GDGAGASGAGDGGAGDAGAG712879812701NVKAHDA9817913134FF01F3FADFSA9'

decryptionKey='190283091UJHFA701820938JFKAJF8' validation='SHA1'/>

You can generate a key from http://www.eggheadcafe.com/articles/GenerateMachineKey/GenerateMachineKey.aspx

This solution is atleast better than the above one but again setting up of static machinekey is a security loop hole.

Proper Solution:

Include 'Stickiness' in CSS configuration

Stickiness will tell the CSS to maintain an association between client and same server connection (SERVER1 or SERVER2) till the connection ends.

 content rule-1
    protocol tcp
    vip address 172.20.20.20
    port 80
    add service webserver1
    add service webserver2
    advanced-balance sticky-srcip
    active

CISCO Advanced Configuration Guide of Sticky

What Security Administrators must know about Microsoft Patches?

What are Microsoft Security Advisories?

Microsoft Security Advisories, a supplement to the Microsoft Security Bulletins, address security changes that may not require a security bulletin but that may still affect customers' overall security. These advisories are a way for Microsoft to communicate security information to us (customers) about issues that may not be classified as vulnerabilities and may not require a security bulletin.

Did you find any vulnerability in Microsoft product? Do you want to know where to report it?

Report your identified vulnerabilities

Microsoft Security Response Center investigates all reports of security vulnerabilities affecting Microsoft products and services. If you are a security researcher and believe you have found a Microsoft security vulnerability, you can report on the above link and Microsoft is ready to investigate it with you.!

Search by Product/Technology and Service Pack of all Microsoft Patches

The Clipboard hack is done by the following Source Code:

Messenger Blocker is a free blocker, the light version of our parental control software Application Blocker. The main idea for creating this application was to provide a free blocker available for every parent concerned about his child online activity. Although Application Blocker has more functionalities than Messenger Blocker, the last one is easy to use and its main functionality is to block messenger.

Download Messenger Blocker

More features available for the free Messenger Blocker are:

  Block chat. Beside the fact that it is a yahoo free blocker and msn messenger blocker, the parental control software will stop all chat applications launched, before they take place. You don’t have to worry anymore that your child might talk with strangers while you are away. 

  Choose user to block. If there is more then one account on the computer you can choose a specific user whose chat conversations to be blocked.

  View and manage reports. By accessing the user interface, you will be able to view reports related to the web usage, application usage and with the breaking rules attempts. You can further choose to delete the logs manually or to set the automatically deleting.

  Notify user when blocked with customized warning message. The free blocker allows you to notify users when are blocked and more than that, you can write customized messages. 

  Updates. Periodically, you can hit the Updates button, and if there is a new version of Messenger Blocker available on the market, it will be instantly installed.

K9 Web Protection is a free Internet filtering and control solution for the home. K9 puts YOU in control of the Internet so you can protect your kids. More details about K9 Web Protections is discribed here

Download link: K9 Web Protection

We have discussed on seperate threads on how to configure and set up this web protection

• Link to How to block and unblock URLs

• Link to How to Configure Categories

• Link to How to Set Time Restrictions

Remote Access VPN enables a remote user to access a corporate network through a secure connection over Internet.

Follow this step by step procedure to configure Remote Access VPN in CISCO ASA Firewall:

> Telnet and login to firewall
> enable
#configure t
(config)#

• Creating ISAKMP (Internet Security Association Key Management Protocol) Policy

Step 1: (config)# isakmp policy 1 authentication pre-share     

>>  Authenticity. To verify the identity of the remote peer

Step 2: (config)# isakmp policy 1 encryption 3des                 

>> Confidentiality. Privacy.

Step 3: (config)# isakmp policy 1 hash sha                          

>> Integrity. To ensure the data is not modified during transit

Step 4: (config)# isakmp policy 1 group 2                            

>> Diffie-Hellman Group to set the size of encryption key

Step 5: (config)# isakmp policy 1 lifetime 43200                    

>> 12 hours life time for encryption key

Step 6: (config)# isakmp enable outside                              

>> Enable ISAKMP on the outside interface (name of interface connected to Internet)

• Creating Address Pool and user

Step 7: (config)# ip local pool rvpn_pool 192.168.100.1-192.168.101.5      

>> To differentiate during traffic monitoring, provide different segment other than LAN

Step 8: (config)# username rvpn_user1 password *********                 

>> Username and Password to establish a remote access VPN

• Creating Tunnel Group
  

Step 9: (config)# tunnel-group rvpn type remote-access               

>> Setting up tunnel group as remote acess

Step 10: (config)# tunnel-group rvpn general-attributes                

>> Associate Address Pool to this tunnel group

Step 11: (config-general)# address-pool rvpn_pool

Step 12: (config-general)# exit

Step 13: (config)# tunnel-group rvpn ipsec-attributes                   

>> Associate Pre-shared key with this tunnel group

Step 14: (config-ipsec)# pre-shared-key ******

• Creating a Transform Set

Step 15: (config)# crypto ipsec transform set rvpn_set esp-3des esp-md5-hmac

• Creating Dynamic Crypto Map
  

Step 16: (config)# crypto dynamic-map dyn1 1 set transform-set rvpn_set
Step 17: (config)# crypto dynamic-map dyn1 1 set reverse-route
Step 18: (config)# crypto map qmap 1 ipsec-isakmp dynamic dyn1
Step 19: (config)# crypto map qmap interface outside
Step 20: (config)# wr mem

I was put in a situation to bring Juniper Firewall to factory default settings.

Firewall Model: Juniper ISG 1000

Note: By default settings of Juniper Firewall, recovery settings are enabled. Some admins might have disabled it by unset admin device-reset

Step 1: Execute "set admin device-reset" command

Step 2: Execure "reset" command

Say "Yes" to confirm saving the configuration and restarting

Step 3: After the image is loaded in the firewall, at login prompt, type the serial number as user name. At password prompt, type the serial number again. The following message appears

!!! Lost Password Reset !!! You have initiated a command to reset the device to factory defaults, clearing all current configuration and settings. Would you like to continue? y/[n]

Press Y in the screen

!! Reconfirm Lost Password Reset !! If you continue, the entire configuration of the device will be erased. In addition, a permanent counter will be incremented to signify that this device has been reset. This is your last chance to cancel this command. If you proceed, the device will return to factory default configuration, which is: System IP: 192.168.1.1; username: netscreen; password: netscreen. Would you like to continue? y/[n]

Press Y in the screen to reset the device to factory default settings

Note: Connect to Management Port (Set your IP in 192.168.1.0 segment) and access 192.168.1.1. Use netscreen/netscreen as default password.