Notes from a dark corner

Debugging ASP.NET, the CLR and anything that uses clock cycles.

Browse by Tags

Tagged Content List
  • Blog Post: InvalidCastException after applying MS14-009

    Note that in some situations after applying security bulletin MS14-009, your application that uses .NET and COM interop may experience an InvalidCastException. If so you could be running into the issue described here -   http://support.microsoft.com/kb/2934830 HTH Doug
  • Blog Post: Web browser fails to connect to some SSL/HTTPS web sites

    Following the publication of Microsoft Security Advisory (2661254) last week, clients that have applied the appropriate update may find they have trouble connecting to certain web sites that are using an HTTPS connection (SSL). This can happen if the server is using a certificate with an RSA key length...
  • Blog Post: Interesting article on the way malware rates vary by country and why

    This is a very interesting article on the way malware rates vary by country and why. Doug
  • Blog Post: Fascinating read about the battle against Rustock

    This Special Intelligence Report about the taking down of the Rustock Botnet makes for very interesting reading. Maybe they could make a film of it? Doug
  • Blog Post: Web server security and health tools

    A couple of interesting tools for examining and keeping track of server configuration, particularly from the point of view of security: Web Application Configuration Analyzer v2.0 (not just for security, 2003/2008/2008R2) Attach Surface Analyzer Beta (not just for web servers, Vista/2008 and above) HTH...
  • Blog Post: Good news for web security

    Having spent many hours trying to remove scare-ware products from the systems of various friends and family over the years I was very pleased to read that the FBI have broken at least one major crime ring responsible for it. If you are faced with dealing with a compromised machine, a couple of tools...
  • Blog Post: New word of the day (for me): Malvertising

    I’d not heard this before: Malvertising . I wonder how many new words with a longevity of 10 or more years get invented each day/month/year?
  • Blog Post: Install of Microsoft Security Essentials v2.0 may hang

    Microsoft recently released v2.0 of Microsoft Security Essentials   (MSE) which is a great, free anti-virus solution for Windows. I recommend it all the time to my friends and family. Unfortunately I ran into a little issue with it not installing correctly on one of my home machines running Windows...
  • Blog Post: Anti-malware software on Windows Servers

    From time to time in my support job I come across customers having problems, sometimes strange ones, that turns out in the end to be due to anti-malware software of some kind or another. By its nature anti-malware software has to be quite invasive if it is going to do things like checking resident files...
  • Blog Post: MS10-070 - Important ASP.NET security bulletin and update available

    On Tuesday we released a very important security bulletin and update for ASP.NET. If you are responsible for an ASP.NET web server please take the time to review the information and act accordingly. I’m not going to try and regurgitate the detail here but here are some key links: Bulletin MS10-070 http...
  • Blog Post: Security topics

    I am not a security expert but the following are some resource and links that I think are useful in this area. Thanks to anyone that has brought one of these things to my attention. Articles and documentation Hardening web services [in Windows Server 2008] Improving Web Application Security: Threats...
  • Blog Post: FTP server resets, WSAECONNABORTED (10053) and other nasty stuff on Windows Server 2003

    If you are seeing issues where your Windows Server 2003 based FTP server is unexpectedly resetting connection it may be a manifestation of this problem: Error code when you run a network program that uses a Winsock connection on a computer that is running Windows Server 2003: "WSAECONNABORTED (10053...
  • Blog Post: Useful document about .NET Framework 2.0 Security

    The US NSA have a free, unclassified, 300 page, very useful looking document about .NET Framework 2.0 Security: http://www.nsa.gov/snac/app/I731-008R-2006.pdf HTH Doug
  • Blog Post: Should I Authenticode sign my .NET assembly?

    This question arose out of a support case that my colleague Susanne and I handled recently for one of our customers. The situation was that the first request to an ASPX page was taking in excess of 15 seconds whereas subsequent requests were very fast - less than a second or so. The obvious possibilities...
  • Blog Post: Does DEP/NX affect web applications?

    A while a go when I posted about the .NET Framework 3.5 and 2.0 SP1 being available for download, Kima posed an interesting question in the comments. Kima asked whether the new enforcement of NX compatability by the C# compiler after the application of 2.0 SP1 would affect ASP.NET applications? Specifically...
  • Blog Post: Orcas, Longhorn and more

    [ update 20:43 27/4/7 - apologies to those reading via RSS if this is a duplicate, but I felt compelled to fix the typo pointed out by Mike as well as various other typos caused by writing a blog entry before the first coffee of the day!] I don't know. I turn my blogging back for 2 minutes and what...
Page 1 of 1 (16 items)