Lighthouse

Our daily work is focusing on Windows Store Apps, Windows Phone Apps, Windows Azure, BI solutions and other cutting-edge technologies.

Browse by Tags

Tagged Content List
  • Blog Post: Part II: How to protect your HTTPS communication from Man-In-the-Middle's decryption in Windows Store App–about which certificate should be included for “Exclusive Trust”

    Months ago we wrote a blog article about How to protect your HTTPS communication from Man-In-the-Middle's decryption in Windows Store App , which was also demoed during TechEd 2013 China last December. However, everything ran smoothly until last week… We reviewed the demo again but it failed with an...
  • Blog Post: 如何在Windows商店应用中防止HTTPS通讯被中间人攻击解密?

    背景 几个月前,我们这里接到一份消息,有个人评论一家业内著名的Windows Store开发者使用明文传递用户账号信息。这是一个很震惊的问题,我们无法想象这样一家著名的开发公司也会犯如此低级的错误。我们的生活早已离不开这家公司开发的软件,当然也离不开Windows 8。 在紧急的研究之后,我们发现,事实并非如此,实际上,这个App是使用加密的HTTPS信道去传输信息的。而评论这条消息的人正是使用了一种类似于 中间人攻击 的方法,在本地破解了HTTPS的传输,并读取到了内容。 而这个工具也是我们经常使用的用作HTTP分析的工具——Fiddler。不过,这个工具仅仅只能作为本地的代理去分析从本地或到达本地的流量...
  • Blog Post: How to protect your HTTPS communication from Man-In-the-Middle's decryption in Windows Store App

    [Update Feb.24 2014] There might be a mechanism change of the certification trust logic recently. Check out our second post for the topic http://blogs.msdn.com/b/lighthouse/archive/2014/02/24/part-ii-how-to-protect-your-https-communication-from-man-in-the-middle-s-decryption-in-windows-store-app-about...
  • Blog Post: 关于给WP推送通知启用HTTPS验证的细节

    关于整个推送机制, 如何建立推送通道,在服务端和客户端的代码实现,互联网以及MSDN已经有无数中英文资料和示例了。然而,如果希望启用HTTPS推送,相关的资料就很少了。在这篇文章中我们主要希望谈论一下关于Windows Phone中为推送通知Push Notification启用HTTPS验证的一些所需要注意到的细节。 在默认情况下,Windows 8 store app的所有推送都是启用了HTTPS验证的,但是对于WP来说,默认情况下所有推送通道都是基于安全性较低的非加密通道HTTP,所以出于信息安全的考虑,我们推荐���启为推送通知开启HTTPS。除此之外,启用推送HTTPS验证的好处在于,能够解除每个推送通道每天500条推送的上限...
Page 1 of 1 (4 items)