Loadfest 2008 is a free event for IT Professionals, IT Directors, System Engineers and Microsoft Partners who are looking to connect with their peers whilst gaining valuable hands-on experience with some of the latest & greatest products from Microsoft.

To register, navigate to the following URL: https://www.clicktoattend.com/invitation.aspx?code=130019

Join leading Microsoft Partners and employees as they share their experiences with these new technologies! In addition having an opportunity to network with your peers, you'll be able to attend special breakout sessions, see some great demos, and have a chance to win prizes! Don't miss out on this awesome experience to gain an advantage on these Microsoft solutions! Join us at Loadfest 2008 on September 27th!

Notable Speakers and Presentations
Rodney Buike from Microsoft is making the trip out from Toronto to show IT Professionals in Calgary when is coming with relation to Microsoft technologies. Get the technical brief on Small Business Server 2008, especially now that it is been released. Also, Rodney will show us Hyper-V and Windows Server 2008. Get 3 hours of technical training on SBS and Windows Server. Play with these great products and ask technical questions to the people that can answer the questions you have.

Are you curious about Response Point? Come and see Microsoft's latest small business telephone system! Jeff Loucks is a Microsoft MVP with Response Point and he will be delivering a technical demonstration on Response Point during Loadfest 2008.

Lunch is being sponsored by us. We will having a technical lunch and learn and will show you the technical side of AuthAnvil and how to deploy a higher level of security for your networks and clients. I will also be available to address any questions and talk technical about AuthAnvil one on one if you need the time.

Popcorn Technologies will be giving a demo on MOSS (SharePoint Server) and how to fit MOSS into your environments.

Agenda
In addition to some hands-on experience, you'll also see some great presentations. Here's a quick list of some of the sessions that you'll see during the day:

8:30 AM - Meet & Greet
9:00 AM - Windows Small Business Server 2008 Technical Demo
10:40 AM - Microsoft Office SharePoint Server
12:00 PM - AuthAnvil Luncheon
1:00 PM - Windows 2008 Server and Hyper-V
2:40 PM - Response Point

Where?
Popcorn Technologies (6016 3rd Street SW, Calgary, AB)
Windows Live Maps: http://tinyurl.com/653zvv

When?
September 27th from 8:30 AM to 5 PM (Mountain)

Hope to see some of you there!!

As a result, Scorpion Software will be closed Monday, with staff celebrating the holiday with their families.

To those celebrating, we hope you have a safe and enjoyable holiday!

At Scorpion Software we work hard to streamline the efficiencies when it comes to our development and test processes. Recently we introduced a new automated build and testing process that fully tests a suite of conditions we look for on a regular basis for our upcoming releases. In the midst of these changes, we introduced a problem in how our source control system functions and ended up merging an old unfixed source file into our release code. The result was that the fixes in our March 3rd release were lost in the latest v1.6 build. The code itself wasn't actually lost and was properly secured in our source control vault; we simply had to remove the stale file and reapply the fix with the good file.

In discussion with some of my peers at other software companies serving the SMB space, most of them said I should simply release the fix quietly and move on. I don't think that is fair to our clients. I think you should know when we make a mistake like this. And more importantly, I think you should know what we have done about it. Here is a list of the outcomes from this experience:

• We have updated our stable build system to ensure it can no longer check out code except for its particular branch. Each major release will now include a complete file structure backup to match this to ensure we do not "break" old code.
  
• All critical bugs reported in the Defect Tracking System now must be accompanied with an automated functional test script. It is the responsibility of Customer Service to ensure that QA knows of the defect and that QA builds the appropriate test(s) for the developers before they are assigned the bug. If a test cannot be provided, a detailed manual test document must be included.
  
• No developer is allowed to check in code until it passes the automated test(s).
  
• Once the developer has checked in the code to fix a defect, the automated test will be merged into the automated test system that runs all daily tests, to ensure we do not reintroduce a bug. This in itself would have alerted us to our recent mistake, and prevented us from releasing it.
  
• Once a critical bug is fixed, it will be reviewed at the next team meeting to see if the class of bug may impact other parts of code. If so, the mandate at the company is to reduce those defects by following the above process over and over again until all code coverage is met.
  

I'd like to thank our clients who have been patient with us as we investigated what happened here. The fix was actually done last week, but we have not released the fix until today so we could have time to completely understand how it occured, and ensure we properly addressed it.

You can download the latest version of the agent from our Upgrade and Update Center or through our Zero Media Install website.

Ok - this is one bad ass piece of malware on this computer. The issue here is that I don't truly know what the malware on this computer will do now. It could contain a keylogger which is capturing every keystroke I type. Hmm - this is a risk now as anything I do it may be logged. The malware was also obviously preventing me from getting to the known sites to get the things I needed to fix this problem. So I thought I'll connect back to my SBS server which is fully protected and I guessed that the malware would not know about my URLs etc. The risk though was that the keylogger might capture my passwords! Again this did not bother me as my servers are protected with two factor authentication by AuthAnvil. I have a cool key token which generates one time password that means even if the keylogger captures my password it is totally useless.

Wayne brings up a good point. When working at servers and workstations that you cannot trust, you have to expect that your keystrokes may be monitored. Have you considered just how many places that may be in any given day? Think about it... how many times have you logged onto a trusted system from an untrusted host? How are you defending against this threat?

Wayne mentioned one part which I think is a great testimonial for AuthAnvil...

AuthAnvil made it easy today for me to ensure that my password was protected while I was dealing with a spyware infected system.

Thanks for the testimonial Wayne! If you meant it or not... we really appreciate it.

As a result, Scorpion Software will be closed Monday, with staff celebrating the holiday with their families.

To those celebrating, we hope you have a safe and enjoyable holiday!

• Provides for the ability to provide your own brand on the logon dialog for our AuthAnvil Certified Partners
  
• Allows for silent mode install for batch/remote installation
  
• Allows for Active Directory Software Deployment policies of the agent (via MSI) for our AuthAnvil Certified Partners
  
• Allows for configuration to require a password to uninstall the agent
  
• No longer requires the AuthAnvil DCOM Bridge!!
  

The last item is the big one for us. The elimination of the AuthAnvil DCOM Bridge will prevent the most common support case we get at Scorpion Software, which is people inadvertantly installing the agent BEFORE installing the DCOM Bridge, even though the documentation is very clear on the proper order of things. By no longer needing the DCOM Bridge, we can also now more easily deploy the agent in an automated way for those clients who wish to do so.

You can download the latest version of the agent from our Upgrade and Update Center or through our Zero Media Install website.

You can get the latest version of the AuthAnvil Windows Logon Agent Implementation Guide (which has a new Appendix describing the silent mode options now supported) here.

This is an exciting opportunity for the SMB, as you can now get a resilient two-factor authentication solution pre-installed and running in a dedicated data farm anywhere in the world, for less than $20/month per user. No signup fees. No need to pay for tokens in advance. No need to setup and configure a server to run our software. It just "works", out of the box. From one user to thousands, you can now get the on-demand authentication you deserve.

With Own Web Now having multiple data centers in the US, and two new ones in London UK and Sydney Australia, you can expect to get the intercontinental redundancy you would expect from such a service. From the experts who know how to build such powerful cloud infrastructure. Using software built by the experts in strong authentication for small business.

And the greatest thing is, this new two-factor authentication system is being built in to all their services. So now you can have the option to get two-factor authentication in Outlook Web Access 2007 for Exchange, in Sharepoint 2007 and in their CRM and service management platforms. And there are new services we are currently building with them that we expect to release later this year that will extend that even further in the cloud.

Vlad invited me on his company's podcast where we discuss this new opportunity for the SMB. As Vlad pointed out on the company blog:

We are extremely excited to offer this solution at just $20/user/month because it breaks the pricing barrier that kept this type of an offering from becoming mainstream in SMB. With more mobility, more cloud services, more people involved in IT systems management, two factor authentication is something to discuss with your prospects, clients, staff and bosses. Tune in and listen to us address many security pain points and how we believe this announcement solves them.

Click here to download the podcast, runtime 50 minutes.

Download our latest white paper to learn why passwords alone may be a large risk to your business, and show how two-factor authentication and identity assurance can help to protect your business against attacks to weak, shared or stolen passwords.

You can download it here.

As a result, Scorpion Software will be closed Tuesday, with staff celebrating the holiday with their families.

To those celebrating, we hope you have a safe and enjoyable holiday!

Why didn't I know about you years ago... AuthAnvil is awesome.

or

What a simple and elegant solution!

You don't normally think of security solutions like two-factor authentication as simple and elegant. But our clients say time and time again about how easy it is to deploy and use. I just love this sort of feedback!

If there is one criticism I think I can make about Scorpion Software, it is the fact we haven't been doing a good job leveraging this. We do most of our business through word of mouth, but we haven't put the right effort to make sure OTHER people know about what is going on.

So we are going to do something about that. This summer you will see a shift as we start talking more with our customers and getting THEM to talk about their experience. How? We aren't entirely sure yet. It is a great experiment. We are going to try everything from blogs and case studies to customer testimonals and video interviews.

The first thing we are going to do is see how social networking applies to business. So starting today, I am announcing the AuthAnvil Fan Page on Facebook. In sync with our efforts with the Visa Business Network for Small Business on Facebook, it is a place for the AuthAnvil community to gather and share their experiences with our product. With the capacity to post videos, write notes and share pictures, I am hoping you will join us in letting the world at large know what AuthAnvil is about. How it helps you. And why you're a fan.

So are you a fan? If so, become a fan of AuthAnvil on Facebook!

With this release, the AuthAnvil RADIUS Server (AARS) now includes Active Directory integration that allows you to:

• Limit RADIUS access to a specific Active Directory Security Group.
  
• Offers the ability to fail over to try a Windows authentication if the user is not a member of the RADIUS group.
  
• Respect if a Windows account is disabled. If it is, it won't allow a user to log on. In this way, even if an administrator forgets to disable the user's token in AuthAnvil, but does delete or disable his account in AD... the user won't get in.
  
• Check the "Remote Access Permission" dial-in privilege and respect it if it's set in the user's account.
  

By making this addition, it is now possible to scale the deployment of AuthAnvil in RADIUS environments and focus on subsets of users who may be at higher risk when remotely connecting to the office, and whom should require two-factor authentication. We have also added the ability to support RADIUS Proxy-State, which means you can further control this in conjunction with other RADIUS servers such as Microsoft's IAS server to provide realm or domain level proxying to the AARS.

This new engineering change also delivers an added benefit. For many entry level firewalls that support RADIUS but not LDAP, it is now possible to provide Active Directory awareness to the device through AARS. This makes it much more cost effective to add the AD awareness without having to reinvest in new network hardware.

Many thanks to Derek Kuhr from Heartland Technology Solutions for the investment of his time to listen to our design decisions and give us feedback on the architectural changes. His input was vital in helping us to determine the most effective way to provide AD integration and support common Sonicwall and Cisco VPN concentrators and firewalls that are used in the SMB market.

You can download the latest version of the agent from our Upgrade and Update Center or through our Zero Media Install website.

• You no longer have to remove the domain name in Connection Manager when connecting to SBS servers.
  
• You no longer receive an async UDP socket error if you send multiple login requests at the same time from the same IP.
  
• You can now use periods, underscores and underlines in the username.
  
• The aaradiustest tool exception handling has been refactored to handle more general usage.
  
• There have been performance improvements in the initial handshaking.
  

You can download the latest version of the agent from our Upgrade and Update Center or through our Zero Menu Install website.

My favorite quote from the community comes from Kerry Brown, who after hearing about RWWProtect sent an email to me that simply said:

Thank you Dana! I have a couple of servers that are being hammered on RWW very early every morning for a couple of hours. Every morning I have to figure out where it's coming from and block the IP. Now I don't have to wade through firewall logs to find the IP and I can block admin access. Thank you, thank you.

So if you want to prevent administrators from logging into your network via RWW, then feel free to download your own copy today. It is absolutely free. Of course, if you also want to add 2FA, you might want to check out our AuthAnvil product at www.authanvil.com. (In case you aren't a customer already :-) )

You can check out AuthAnvil RWWProtect here.

This is going to be an interesting interview. On top of talking about remote access risk and how to reduce it with solutions like AuthAnvil, we are going to be making a special announcement that we believe many in the SMB community will really appreciate. You have to be tuned in to find out what it is :-)