.NET Security Blog

Most people know about the delay signing feature of the CLR. (For those who don't check out MSDN's Delay Signing an Assembly for more details). Basically, delay signing allows a developer to add the public key token to an assembly, without having access...

One of the more common problems to creep up when people start using the various cryptographic algorithms in the System.Security.Cryptography namespace is that their app, which works fine on their WinXP dev box suddenly starts throwing CryptographicExceptions...

I've previously blogged about creating XML digital signatures using the .NET framework, but today I'd like to write about a more advanced technique using these signatures. My previous post signed an entire XML document, however, this is not always necessary...

Sometimes while working with a VS.Net project, you need to run a command line tool, either on the sources or output of the project. VS provides an easy way to add a menu item that will open a command prompt in the target directory of your application...

Today someone was curious why C#'s using statement won't throw a NullReferenceException. They had a using statement that opened a registry key, but even if that key didn't exist and the return value was null, they didn't have to worry about a NullReferenceException...

One of the guys I work with spent a good part of his day tracking down a tricky problem with some code he had written. The mistake he made is relatively common, so I thought I'd share it here. The application he had written was managed. He made a delegate...

Michel Gallant has posted a very nice article on MSDN about using PKCS#12 key with .NET. PKCS#12 are keys, generally exported from certificates, that tend to be stored in .pfx or .p12 files. Michel has provided some nice code for opening these files from...

There's been an interesting internal email thread going on this week about the use of a hash to uniquely identify some data. The two main sources of weakness in a hash algorithm are: Collisions - the chance that two unique inputs will produce the...

Yesterday I posted about detecting which CSP provided algorithms were available on your copy of Windows, and upgrading IE to get a newer CSP that supported more algorithms. Sebastien Pouliot provied some nice followup information on using pure managed...

Min Kwan Park's blog was making the rounds of the various Microsoft blogs yesterday, but I thought I'd also post a link for anyone who missed it (and also so I can find it again easily in the future). He's posted a helpful checklist of things to try if...

Fairly frequently, people will want to know how to get same site socket permissions, in the same way that they can get same site web permission today. Unfortunately, the answer is that with the security objects shipped with the framework, there is no...

O'Reilly's Windows DevCenter has an excerpt from their Security Warrior book, giving an overview of how Kerberos works in Win2k and Windows Server 2003. They also show that Kerberos by itself does not prevent offline dictionary attacks against weak passwords...

Joel Pobar has a nice post with Jan Kotas' explanation of how exceptions work in Rotor (and by extension, the CLR).

Well, the Windows team has finished Release Candidate 1 of Windows XP Service Pack 2, and made it available for public download . This download is not eligible for technical support, although Microsoft is going to setup some newsgroups (microsoft.private...

The new XML Developer Center on MSDN has a nice article about the new XML features in Whidbey . The top 10 list is: Performance XPathEditableNavigator, an Updatable Cursor The XPathDocument as a Better DOM Easier XPath Queries with Namespaces...

Kenny Kerr has an article up on MSDN showing how to use the Windows ACL security system on custom objects in your application. Although the article is a bit on the short side, and does deviate off topic in a few areas, it provides a nice overview of the...

There's a new security tool that keeps track of the ports used by applications on your machine available for download over at microsoft.com. The tool, Port Reporter, is documented in KB 837243 , keeps track of which ports are being used on your machine...

A friend of mine pointed out world66.com to me. They let you create a map of the states that you've visited in. Here's mine: Bet you can't tell which side of the country I grew up in? I decided not to count states that I'd only been in for airplane...

This month's MSDN magazine contained an article about security and the Visual Studio Tools for Office. Although Brian Randell and Ken Getz do a nice job of explaining the way CAS and Office interact, specifically pointing out that code groups with membership...

MSDN has the first installment of Thomas Rizzo's new column, where he talks about what WinFS really is. The article provides a very general overview of WinFS, so hopefully in future columns Thomas will drill into more details. From what I've seen of the...

So by now probably everyone's heard that we've released a technical preview of Whidbey to atendees of VS Live, alpha previewers, and MSDN subscribers. I'm pretty excited about this, since I'm now free to blog about the changes in the areas I own that...